M #-: Fix iptables commands on versions < 1.6.1 and > 1.8.7

From version 1.8 iptbles front-end uses the nf_tables API to talk to the kernel. One of the benefits is that is no longer needed to "wait", from the man page: "Because the xtables-nft tools use the nf_tables kernel API, rule additions and deletions are always atomic. Unlike iptables-legacy, iptables-nft -A .. will NOT need to retrieve the current ruleset from the kernel, change it, and re-load the altered ruleset. Instead, iptables-nft will tell the kernel to add one rule. For this reason, the iptables-legacy --wait option is a no-op in iptables-nft." This commit do no generate the --wait option from versions > 1.8.7 Signed-off-by: Kristian Feldsam <feldsam@gmail.com> (cherry picked from commit 91ca9841a96433ad09bd833e2835067fa4a2d342)
2025-03-20 10:50:08 +03:00 · 2023-06-23 22:26:07 +02:00 · 2023-06-23 22:26:07 +02:00 · 2e27704a1d
commit 2e27704a1d
parent c48498965b
1 changed files with 1 additions and 1 deletions
--- a/src/vnm_mad/remotes/lib/command.rb
+++ b/src/vnm_mad/remotes/lib/command.rb
@ -45,7 +45,7 @@ module VNMMAD

            iptables_version = Gem::Version.new(stdout.match(regex)[:version])

-            if Gem::Version.new('1.6.1') > iptables_version
+            if Gem::Version.new('1.6.1') > iptables_version || iptables_version > Gem::Version.new('1.8.7')
                COMMANDS[:iptables]  = 'sudo -n iptables -w 3'
                COMMANDS[:ip6tables] = 'sudo -n ip6tables -w 3'
            end