summaryrefslogtreecommitdiffstats
path: root/iptables/iptables-restore.8.in
Commit message (Collapse)AuthorAgeFilesLines
* xshared: Implement xtables lock timeout using signalsJethro Beekman2022-02-151-7/+0
| | | | | | | | | | | | | | | | | | | | | | | Previously, if a lock timeout is specified using `-wN `, flock() is called using LOCK_NB in a loop with a sleep. This results in two issues. The first issue is that the process may wait longer than necessary when the lock becomes available. For this the `-W` option was added, but this requires fine-tuning. The second issue is that if lock contention is high, invocations using `-w` (without a timeout) will always win lock acquisition from invocations that use `-w N`. This is because invocations using `-w` are actively waiting on the lock whereas those using `-w N` only check from time to time whether the lock is free, which will never be the case. This patch removes the sleep loop and deprecates the `-W` option (making it non-functional). Instead, flock() is always called in a blocking fashion, but the alarm() function is used with a non-SA_RESTART signal handler to cancel the system call. Signed-off-by: Jethro Beekman <jethro@fortanix.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables-restore: Support for extra debug outputPhil Sutter2022-02-041-0/+1
| | | | | | | | | | | | | | Treat --verbose just like iptables itself, increasing debug level with number of invocations. To propagate the level into do_command() callback, insert virtual '-v' flags into rule lines. The only downside of this is that simple verbose output is changed and now also prints the rules as they are added - which would be useful if the lines contained the chain they apply to. Signed-off-by: Phil Sutter <phil@nwl.cc>
* iptables: mention iptables-apply(8) in manpagesLaurence J. Lane2019-12-051-1/+1
| | | | | | | | | | | | Add iptables-apply(8) to the SEE ALSO section of *-save(8) and *-restore(8). Arturo says: This patch is forwarded from the iptables Debian package, where it has been around for many years now. Signed-off-by: Laurence J. Lane <ljlane@debian.org> Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-restore.8: document -w/-W optionsDan Williams2017-04-141-4/+21
| | | | | | Fixes: 999eaa241212 ("iptables-restore: support acquiring the lock.") Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-restore/ip6tables-restore: add --version/-V argumentDan Williams2017-04-141-2/+5
| | | | | | | Prints program version just like iptables/ip6tables. Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-restore.8: file to read from can be specified as argumentJiri Popelka2014-03-141-4/+5
| | | | | | | original bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1022228 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-restore.8: missing -T in synopsisJiri Popelka2014-03-141-0/+1
| | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: add software version to manpage first line at configure stagePablo Neira Ayuso2013-08-221-0/+72
This patch adds the software version to the first line of the following manpages: iptables-save.8 iptables-restore.8 iptables-apply.8 iptables-xml.1 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>