From 8f6bd245bde7981c9df39440884ebecbee673aa7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 24 May 2018 04:23:51 +0200
Subject: [PATCH] network: use iptables-restore --wait if available

Avoid bailing out early if multiple instances of iptables-restore are
called simultaneously.

Fixes QubesOS/qubes-issues#3665
---
 network/qubes-iptables | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/network/qubes-iptables b/network/qubes-iptables
index 5688bff..55b355d 100755
--- a/network/qubes-iptables
+++ b/network/qubes-iptables
@@ -42,9 +42,14 @@ start() {
     # Do not start if there is no config file.
     [ ! -f "$IPTABLES_DATA" ] && return 6
 
+    CMD_ARGS=
+    if "$CMD-restore" --help 2>&1 | grep -q wait=; then
+        CMD_ARGS=--wait
+    fi
+
     echo -n $"${CMD}: Applying firewall rules: "
 
-    "$CMD-restore" "$IPTABLES_DATA"
+    "$CMD-restore" $CMD_ARGS "$IPTABLES_DATA"
     ret="$?"
     if [ "$ret" -eq 0 ]; then
         echo OK