From d19292e6ab3d7d58489ed35e00a99f705ab4a06f Mon Sep 17 00:00:00 2001
From: pexcn <i@pexcn.me>
Date: Sun, 11 Dec 2022 23:44:46 +0800
Subject: [PATCH] docker: iptables wait xtables lock

---
 docker/phantun.sh | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/docker/phantun.sh b/docker/phantun.sh
index 46f4300..8a3dd49 100755
--- a/docker/phantun.sh
+++ b/docker/phantun.sh
@@ -90,7 +90,7 @@ _revoke_iptables() {
   local tun=$(_get_tun_from_args "$@")
   local port=$(_get_port_from_args "$@")
   local comment="phantun_${tun}_${port}"
-  iptables-save | grep -v "${comment}" | iptables-restore
+  iptables-save | grep -v "${comment}" | iptables-restore -w 10
   info "remove iptables rule: [${comment}]"
 }
 
@@ -99,7 +99,7 @@ _revoke_ip6tables() {
   local tun=$(_get_tun_from_args "$@")
   local port=$(_get_port_from_args "$@")
   local comment="phantun_${tun}_${port}"
-  ip6tables-save | grep -v "${comment}" | ip6tables-restore
+  ip6tables-save | grep -v "${comment}" | ip6tables-restore -w 10
   info "remove ip6tables rule: [${comment}]"
 }
 
@@ -120,15 +120,15 @@ apply_iptables() {
   if _check_rule_by_comment "${comment}"; then
     warn "iptables rule already exist, maybe needs to check."
   else
-    iptables -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}"
-    iptables -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}"
+    iptables -w 10 -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}"
+    iptables -w 10 -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}"
     if _is_server_mode "$1"; then
       info "add iptables DNAT rule: [${comment}]: ${interface} -> ${tun}, ${address} -> ${peer}"
-      iptables -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \
+      iptables -w 10 -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \
         -m comment --comment "${comment}" || error "iptables DNAT rule add failed."
     else
       info "add iptables SNAT rule: [${comment}]: ${tun} -> ${interface}, ${peer} -> ${address}"
-      iptables -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \
+      iptables -w 10 -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \
         -m comment --comment "${comment}" || error "iptables SNAT rule add failed."
     fi
   fi
@@ -147,15 +147,15 @@ apply_ip6tables() {
   if _check_rule6_by_comment "${comment}"; then
     warn "ip6tables rule already exist, maybe needs to check."
   else
-    ip6tables -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}"
-    ip6tables -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}"
+    ip6tables -w 10 -A FORWARD -i $tun -j ACCEPT -m comment --comment "${comment}"
+    ip6tables -w 10 -A FORWARD -o $tun -j ACCEPT -m comment --comment "${comment}"
     if _is_server_mode "$1"; then
       info "add ip6tables DNAT rule: [${comment}]: ${interface} -> ${tun}, ${address} -> ${peer}"
-      ip6tables -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \
+      ip6tables -w 10 -t nat -A PREROUTING -p tcp -i $interface --dport $port -j DNAT --to-destination $peer \
         -m comment --comment "${comment}" || error "ip6tables DNAT rule add failed."
     else
       info "add ip6tables SNAT rule: [${comment}]: ${tun} -> ${interface}, ${peer} -> ${address}"
-      ip6tables -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \
+      ip6tables -w 10 -t nat -A POSTROUTING -s $peer -o $interface -j SNAT --to-source $address \
         -m comment --comment "${comment}" || error "ip6tables SNAT rule add failed."
     fi
   fi