From c9cf96eeefce4ab9683a103a61e9d4454bcf91aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Thu, 24 May 2018 04:23:51 +0200
Subject: [PATCH] network: use iptables-restore --wait if available

Avoid bailing out early if multiple instances of iptables-restore are
called simultaneously.

Fixes QubesOS/qubes-issues#3665

(cherry picked from commit 8f6bd245bde7981c9df39440884ebecbee673aa7)
---
 network/qubes-iptables | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/network/qubes-iptables b/network/qubes-iptables
index 7badb7d..4226ee4 100755
--- a/network/qubes-iptables
+++ b/network/qubes-iptables
@@ -33,10 +33,16 @@ start() {
     # Do not start if there is no config file.
     [ ! -f "$IPTABLES_DATA" ] && return 6
 
+    CMD_ARGS=
+    if "$CMD-restore" --help 2>&1 | grep -q wait=; then
+        CMD_ARGS=--wait
+    fi
+
     echo -n $"${CMD}: Applying firewall rules: "
 
-    $CMD-restore $IPTABLES_DATA
-    if [ $? -eq 0 ]; then
+    "$CMD-restore" $CMD_ARGS "$IPTABLES_DATA"
+    ret="$?"
+    if [ "$ret" -eq 0 ]; then
         echo OK
     else
         echo FAIL; return 1