From 2e27704a1df818a918c2597679eb4711c9daed3a Mon Sep 17 00:00:00 2001 From: Kristian Feldsam Date: Fri, 23 Jun 2023 22:26:07 +0200 Subject: [PATCH] M #-: Fix iptables commands on versions < 1.6.1 and > 1.8.7 From version 1.8 iptbles front-end uses the nf_tables API to talk to the kernel. One of the benefits is that is no longer needed to "wait", from the man page: "Because the xtables-nft tools use the nf_tables kernel API, rule additions and deletions are always atomic. Unlike iptables-legacy, iptables-nft -A .. will NOT need to retrieve the current ruleset from the kernel, change it, and re-load the altered ruleset. Instead, iptables-nft will tell the kernel to add one rule. For this reason, the iptables-legacy --wait option is a no-op in iptables-nft." This commit do no generate the --wait option from versions > 1.8.7 Signed-off-by: Kristian Feldsam (cherry picked from commit 91ca9841a96433ad09bd833e2835067fa4a2d342) --- src/vnm_mad/remotes/lib/command.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/vnm_mad/remotes/lib/command.rb b/src/vnm_mad/remotes/lib/command.rb index c8b1ee3947..3ef77d8017 100644 --- a/src/vnm_mad/remotes/lib/command.rb +++ b/src/vnm_mad/remotes/lib/command.rb @@ -45,7 +45,7 @@ module VNMMAD iptables_version = Gem::Version.new(stdout.match(regex)[:version]) - if Gem::Version.new('1.6.1') > iptables_version + if Gem::Version.new('1.6.1') > iptables_version || iptables_version > Gem::Version.new('1.8.7') COMMANDS[:iptables] = 'sudo -n iptables -w 3' COMMANDS[:ip6tables] = 'sudo -n ip6tables -w 3' end