From 65801d02a482befd2745c792d6596ec75d434934 Mon Sep 17 00:00:00 2001 From: Dan Williams Date: Mon, 10 Apr 2017 12:35:18 -0500 Subject: iptables-restore.8: document -w/-W options Fixes: 999eaa241212 ("iptables-restore: support acquiring the lock.") Signed-off-by: Dan Williams Signed-off-by: Pablo Neira Ayuso --- iptables/iptables-restore.8.in | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'iptables') diff --git a/iptables/iptables-restore.8.in b/iptables/iptables-restore.8.in index bba505d8..f751492d 100644 --- a/iptables/iptables-restore.8.in +++ b/iptables/iptables-restore.8.in @@ -23,11 +23,13 @@ iptables-restore \(em Restore IP Tables .P ip6tables-restore \(em Restore IPv6 Tables .SH SYNOPSIS -\fBiptables\-restore\fP [\fB\-chntvV\fP] [\fB\-M\fP \fImodprobe\fP] -[\fB\-T\fP \fIname\fP] [\fBfile\fP] +\fBiptables\-restore\fP [\fB\-chntvV\fP] [\fB\-w\fP \fIsecs\fP] +[\fB\-W\fP \fIusecs\fP] [\fB\-M\fP \fImodprobe\fP] [\fB\-T\fP \fIname\fP] +[\fBfile\fP] .P -\fBip6tables\-restore\fP [\fB\-chntvV\fP] [\fB\-M\fP \fImodprobe\fP] -[\fB\-T\fP \fIname\fP] [\fBfile\fP] +\fBip6tables\-restore\fP [\fB\-chntvV\fP] [\fB\-w\fP \fIsecs\fP] +[\fB\-W\fP \fIusecs\fP] [\fB\-M\fP \fImodprobe\fP] [\fB\-T\fP \fIname\fP] +[\fBfile\fP] .SH DESCRIPTION .PP .B iptables-restore @@ -56,6 +58,21 @@ Print additional debug info during ruleset processing. \fB\-V\fP, \fB\-\-version\fP Print the program version number. .TP +\fB\-w\fP, \fB\-\-wait\fP [\fIseconds\fP] +Wait for the xtables lock. +To prevent multiple instances of the program from running concurrently, +an attempt will be made to obtain an exclusive lock at launch. By default, +the program will exit if the lock cannot be obtained. This option will +make the program wait (indefinitely or for optional \fIseconds\fP) until +the exclusive lock can be obtained. +.TP +\fB\-W\fP, \fB\-\-wait-interval\fP \fImicroseconds\fP +Interval to wait per each iteration. +When running latency sensitive applications, waiting for the xtables lock +for extended durations may not be acceptable. This option will make each +iteration take the amount of time specified. The default interval is +1 second. This option only works with \fB\-w\fP. +.TP \fB\-M\fP, \fB\-\-modprobe\fP \fImodprobe_program\fP Specify the path to the modprobe program. By default, iptables-restore will inspect /proc/sys/kernel/modprobe to determine the executable's path. -- cgit v1.2.3