Add support for --wait options to restore commands

Without this, either one of iptables and ip6tables services is likely to
fail at system startup because the other one is holding the xtables
lock.

iptables-config

@@ -45,3 +45,15 @@ IPTABLES_STATUS_LINENUMBERS="yes"
 # Space separated list of sysctl items which are to be reloaded on start.
 # List items will be matched by fgrep.
 #IPTABLES_SYSCTL_LOAD_LIST=".nf_conntrack .bridge-nf"
+
+# Set wait option for iptables-restore calls in seconds
+#   Default: 600
+# Set to 0 to deactivate the wait.
+#IPTABLES_RESTORE_WAIT=600
+
+# Set wait interval option for iptables-restore calls in microseconds
+#   Default: 1000000
+# Set to 100000 to try to get the lock every 100000 microseconds, 10 times a
+# second.
+# Only usable with IPTABLES_RESTORE_WAIT > 0
+#IPTABLES_RESTORE_WAIT_INTERVAL=1000000

iptables.init

@@ -55,6 +55,8 @@ IPTABLES_STATUS_NUMERIC="yes"
 IPTABLES_STATUS_VERBOSE="no"
 IPTABLES_STATUS_LINENUMBERS="yes"
 IPTABLES_SYSCTL_LOAD_LIST=""
+IPTABLES_RESTORE_WAIT=600
+IPTABLES_RESTORE_WAIT_INTERVAL=1000000
 
 # Load firewall configuration.
 [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
@@ -177,6 +179,12 @@ start() {
 
     OPT=
     [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
+    if [ $IPTABLES_RESTORE_WAIT -ne 0 ]; then
+       OPT="${OPT} --wait ${IPTABLES_RESTORE_WAIT}"
+       if [ $IPTABLES_RESTORE_WAIT_INTERVAL -lt 1000000 ]; then
+           OPT="${OPT} --wait-interval ${IPTABLES_RESTORE_WAIT_INTERVAL}"
+       fi
+    fi
 
     $IPTABLES-restore $OPT $IPTABLES_DATA
     if [ $? -eq 0 ]; then
@@ -328,6 +336,12 @@ reload() {
 
     OPT=
     [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
+    if [ $IPTABLES_RESTORE_WAIT -ne 0 ]; then
+       OPT="${OPT} --wait ${IPTABLES_RESTORE_WAIT}"
+       if [ $IPTABLES_RESTORE_WAIT_INTERVAL -lt 1000000 ]; then
+           OPT="${OPT} --wait-interval ${IPTABLES_RESTORE_WAIT_INTERVAL}"
+       fi
+    fi
 
     $IPTABLES-restore $OPT $IPTABLES_DATA
     if [ $? -eq 0 ]; then