From: Michael Tremer Date: Thu, 7 May 2015 19:06:44 +0000 (+0200) Subject: ipsecctrl: Use --wait switch for all iptables commands X-Git-Tag: v2.17-core91~62 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=a9600358d86b78d144376fffc8c3b91da6c29e26 ipsecctrl: Use --wait switch for all iptables commands --- diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c index 00a38c7aa3..e99202d9fa 100644 --- a/src/misc-progs/ipsecctrl.c +++ b/src/misc-progs/ipsecctrl.c @@ -59,25 +59,25 @@ void open_physical (char *interface, int nat_traversal_port) { char str[STRING_SIZE]; // IKE - sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface); + sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT >/dev/null 2>&1", interface); safe_system(str); - sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface); + sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport 500 -j ACCEPT", interface); safe_system(str); if (! nat_traversal_port) return; - sprintf(str, "/sbin/iptables -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port); + sprintf(str, "/sbin/iptables --wait -D IPSECINPUT -p udp -i %s --dport %i -j ACCEPT >/dev/null 2>&1", interface, nat_traversal_port); safe_system(str); - sprintf(str, "/sbin/iptables -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port); + sprintf(str, "/sbin/iptables --wait -A IPSECINPUT -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port); safe_system(str); } void ipsec_norules() { /* clear input rules */ - safe_system("/sbin/iptables -F IPSECINPUT"); - safe_system("/sbin/iptables -F IPSECFORWARD"); - safe_system("/sbin/iptables -F IPSECOUTPUT"); + safe_system("/sbin/iptables --wait -F IPSECINPUT"); + safe_system("/sbin/iptables --wait -F IPSECFORWARD"); + safe_system("/sbin/iptables --wait -F IPSECOUTPUT"); } /*