You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

52 lines
2.3 KiB

Adapted version of
commit 65801d02a482befd2745c792d6596ec75d434934
Author: Dan Williams <dcbw@redhat.com>
Date: Mon Apr 10 12:35:18 2017 -0500
iptables-restore.8: document -w/-W options
Fixes: 999eaa241212 ("iptables-restore: support acquiring the lock.")
Signed-off-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff -up iptables-1.4.21/iptables/iptables-restore.8.in.restore_wait_man iptables-1.4.21/iptables/iptables-restore.8.in
--- iptables-1.4.21/iptables/iptables-restore.8.in.restore_wait_man 2017-04-20 17:33:23.386401192 +0200
+++ iptables-1.4.21/iptables/iptables-restore.8.in 2017-04-20 17:35:13.562713997 +0200
@@ -23,9 +23,11 @@ iptables-restore \(em Restore IP Tables
.P
ip6tables-restore \(em Restore IPv6 Tables
.SH SYNOPSIS
-\fBiptables\-restore\fP [\fB\-chntvV\fP] [\fB\-M\fP \fImodprobe\fP]
+\fBiptables\-restore\fP [\fB\-chntvV\fP] [\fB\-w\fP \fIsecs\fP]
++[\fB\-W\fP \fIusecs\fP] [\fB\-M\fP \fImodprobe\fP]
.P
-\fBip6tables\-restore\fP [\fB\-chntvV\fP] [\fB\-M\fP \fImodprobe\fP]
+\fBip6tables\-restore\fP [\fB\-chntvV\fP] [\fB\-w\fP \fIsecs\fP]
++[\fB\-W\fP \fIusecs\fP] [\fB\-M\fP \fImodprobe\fP]
[\fB\-T\fP \fIname\fP]
.SH DESCRIPTION
.PP
@@ -54,6 +56,21 @@ Print additional debug info during rules
\fB\-V\fP, \fB\-\-version\fP
Print the program version number.
.TP
+\fB\-w\fP, \fB\-\-wait\fP [\fIseconds\fP]
+Wait for the xtables lock.
+To prevent multiple instances of the program from running concurrently,
+an attempt will be made to obtain an exclusive lock at launch. By default,
+the program will exit if the lock cannot be obtained. This option will
+make the program wait (indefinitely or for optional \fIseconds\fP) until
+the exclusive lock can be obtained.
+.TP
+\fB\-W\fP, \fB\-\-wait-interval\fP \fImicroseconds\fP
+Interval to wait per each iteration.
+When running latency sensitive applications, waiting for the xtables lock
+for extended durations may not be acceptable. This option will make each
+iteration take the amount of time specified. The default interval is
+1 second. This option only works with \fB\-w\fP.
+.TP
\fB\-M\fP, \fB\-\-modprobe\fP \fImodprobe_program\fP
Specify the path to the modprobe program. By default, iptables-restore will
inspect /proc/sys/kernel/modprobe to determine the executable's path.