From 2bfc6edddc4ad0826ee0a7b96476c2980c547bb8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Sat, 27 Jun 2015 04:55:56 +0200
Subject: [PATCH] network: use iptables-restore instead of iptables --wait

The later one is present only in latest iptables version - especially
debian does not have it. But we need to handle "Device or resources
busy" problem somehow.
---
 network/vif-route-qubes | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/network/vif-route-qubes b/network/vif-route-qubes
index c84b324..8d3251a 100755
--- a/network/vif-route-qubes
+++ b/network/vif-route-qubes
@@ -47,17 +47,14 @@ domid=${domid/.*/}
 #  32752 is max XID aka domid
 metric=$[ 32752 - $domid ]
 
-if iptables --help |grep -q -- --wait; then
-    wait=--wait
-fi
-
 if [ "${ip}" ] ; then
 	# If we've been given a list of IP addresses, then add routes from dom0 to
 	# the guest using those addresses.
 	for addr in ${ip} ; do
 		${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric
 	done
-	${cmdprefix} iptables $wait -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP
+	echo -e "*raw\n$iptables_cmd -i ${vif} ! -s ${ip} -j DROP\nCOMMIT" | \
+		${cmdprefix} iptables-restore --noflush
 	back_ip=`qubesdb-read /qubes-netvm-gateway`
 	${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif}
 fi