From c08286273bc719317f116a31eca0a6daa740247a Mon Sep 17 00:00:00 2001
From: Julien Vaubourg <julien@vaubourg.com>
Date: Sat, 7 May 2016 23:28:34 +0200
Subject: [PATCH] Add xlock waiting to iptables commands

---
 conf/hook_post-iptable-rules | 72 ++++++++++++++++++------------------
 conf/ynh-vpnclient           |  4 +-
 2 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/conf/hook_post-iptable-rules b/conf/hook_post-iptable-rules
index c465a4e..33e3a6e 100644
--- a/conf/hook_post-iptable-rules
+++ b/conf/hook_post-iptable-rules
@@ -5,68 +5,68 @@ host4=$(dig A +short <TPL:SERVER_NAME> | tail -n1)
 
 # IPv6
 
-sudo ip6tables -N vpnclient_in
-sudo ip6tables -N vpnclient_out
-sudo ip6tables -N vpnclient_fwd
+sudo ip6tables -w -N vpnclient_in
+sudo ip6tables -w -N vpnclient_out
+sudo ip6tables -w -N vpnclient_fwd
 
-sudo ip6tables -A vpnclient_in -p icmpv6 -j ACCEPT
-sudo ip6tables -A vpnclient_in -s fd00::/8,fe80::/10 -j ACCEPT
-sudo ip6tables -A vpnclient_in -p tcp --dport 22 -j ACCEPT
-sudo ip6tables -A vpnclient_in -p tcp --dport 443 -j ACCEPT
-sudo ip6tables -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo ip6tables -A vpnclient_in -j DROP
+sudo ip6tables -w -A vpnclient_in -p icmpv6 -j ACCEPT
+sudo ip6tables -w -A vpnclient_in -s fd00::/8,fe80::/10 -j ACCEPT
+sudo ip6tables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
+sudo ip6tables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
+sudo ip6tables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+sudo ip6tables -w -A vpnclient_in -j DROP
 
 if [ ! -z "${host6}" ]; then
-  sudo ip6tables -A vpnclient_out -d ${host6} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
+  sudo ip6tables -w -A vpnclient_out -d ${host6} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
 fi
 
 for i in <TPL:DNS0> <TPL:DNS1>; do
   if [[ "${i}" =~ : ]]; then
-    sudo ip6tables -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
+    sudo ip6tables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
   fi
 done
 
-sudo ip6tables -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
-sudo ip6tables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo ip6tables -A vpnclient_out -j DROP
+sudo ip6tables -w -A vpnclient_out -d fd00::/8,fe80::/10 -j ACCEPT
+sudo ip6tables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+sudo ip6tables -w -A vpnclient_out -j DROP
 
-sudo ip6tables -A vpnclient_fwd -j DROP
+sudo ip6tables -w -A vpnclient_fwd -j DROP
 
-sudo ip6tables -I INPUT 1 -i <TPL:WIRED_DEVICE> -j vpnclient_in
-sudo ip6tables -I OUTPUT 1 -o <TPL:WIRED_DEVICE> -j vpnclient_out
-sudo ip6tables -I FORWARD 1 -o <TPL:WIRED_DEVICE> -j vpnclient_fwd
+sudo ip6tables -w -I INPUT 1 -i <TPL:WIRED_DEVICE> -j vpnclient_in
+sudo ip6tables -w -I OUTPUT 1 -o <TPL:WIRED_DEVICE> -j vpnclient_out
+sudo ip6tables -w -I FORWARD 1 -o <TPL:WIRED_DEVICE> -j vpnclient_fwd
 
 # IPv4
 
-sudo iptables -N vpnclient_in
-sudo iptables -N vpnclient_out
-sudo iptables -N vpnclient_fwd
+sudo iptables -w -N vpnclient_in
+sudo iptables -w -N vpnclient_out
+sudo iptables -w -N vpnclient_fwd
 
-sudo iptables -A vpnclient_in -p icmp -j ACCEPT
-sudo iptables -A vpnclient_in -s 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
-sudo iptables -A vpnclient_in -p tcp --dport 22 -j ACCEPT
-sudo iptables -A vpnclient_in -p tcp --dport 443 -j ACCEPT
-sudo iptables -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo iptables -A vpnclient_in -j DROP
+sudo iptables -w -A vpnclient_in -p icmp -j ACCEPT
+sudo iptables -w -A vpnclient_in -s 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
+sudo iptables -w -A vpnclient_in -p tcp --dport 22 -j ACCEPT
+sudo iptables -w -A vpnclient_in -p tcp --dport 443 -j ACCEPT
+sudo iptables -w -A vpnclient_in -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+sudo iptables -w -A vpnclient_in -j DROP
 
 if [ ! -z "${host4}" ]; then
-  sudo iptables -A vpnclient_out -d ${host4} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
+  sudo iptables -w -A vpnclient_out -d ${host4} -p <TPL:PROTO> --dport <TPL:SERVER_PORT> -j ACCEPT
 fi
 
 for i in <TPL:DNS0> <TPL:DNS1>; do
   if [[ "${i}" =~ \. ]]; then
-    sudo iptables -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
+    sudo iptables -w -A vpnclient_out -p udp -d "${i}" --dport 53 -j ACCEPT
   fi
 done
 
-sudo iptables -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
-sudo iptables -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-sudo iptables -A vpnclient_out -j DROP
+sudo iptables -w -A vpnclient_out -d 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16 -j ACCEPT
+sudo iptables -w -A vpnclient_out -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+sudo iptables -w -A vpnclient_out -j DROP
 
-sudo iptables -A vpnclient_fwd -j DROP
+sudo iptables -w -A vpnclient_fwd -j DROP
 
-sudo iptables -I INPUT 1 -i <TPL:WIRED_DEVICE> -j vpnclient_in
-sudo iptables -I OUTPUT 1 -o <TPL:WIRED_DEVICE> -j vpnclient_out
-sudo iptables -I FORWARD 1 -o  <TPL:WIRED_DEVICE> -j vpnclient_fwd
+sudo iptables -w -I INPUT 1 -i <TPL:WIRED_DEVICE> -j vpnclient_in
+sudo iptables -w -I OUTPUT 1 -o <TPL:WIRED_DEVICE> -j vpnclient_out
+sudo iptables -w -I FORWARD 1 -o  <TPL:WIRED_DEVICE> -j vpnclient_fwd
 
 exit 0
diff --git a/conf/ynh-vpnclient b/conf/ynh-vpnclient
index 7abef8e..99a2df3 100644
--- a/conf/ynh-vpnclient
+++ b/conf/ynh-vpnclient
@@ -41,8 +41,8 @@ is_hotspot_knowme() {
 is_firewall_set() {
   wired_device=${1}
 
-  ip6tables -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"\
-  && iptables -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"
+  ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"\
+  && iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}"
 }
 
 is_ip6addr_set() {