[lxc-devel] [lxd/master] lxd/firewall/drivers/drivers/xtables: Wait for each iptables call before proceeding to next

[tomponline on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 481 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200527/82e38482/attachment.bin>
-------------- next part --------------
From 1c4e6ea0874e491d07b6ed35921613bb9ba64bbe Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Thu, 28 May 2020 01:08:57 +0100
Subject: [PATCH] lxd/firewall/drivers/drivers/xtables: Wait for each iptables
 call before proceeding to next

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/firewall/drivers/drivers_xtables.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lxd/firewall/drivers/drivers_xtables.go b/lxd/firewall/drivers/drivers_xtables.go
index 728161786e..d0822fb476 100644
--- a/lxd/firewall/drivers/drivers_xtables.go
+++ b/lxd/firewall/drivers/drivers_xtables.go
@@ -78,8 +78,7 @@ func (d Xtables) xtablesIsNftables(cmd string) bool {
 
 // iptablesInUse returns whether the specified iptables backend command has any rules defined.
 func (d Xtables) iptablesInUse(iptablesCmd string) bool {
-	tables := []string{"filter", "nat", "mangle", "raw"}
-	for _, table := range tables {
+	checkTable := func(table string) bool {
 		cmd := exec.Command(iptablesCmd, "-S", "-t", table)
 		stdout, err := cmd.StdoutPipe()
 		if err != nil {
@@ -100,6 +99,15 @@ func (d Xtables) iptablesInUse(iptablesCmd string) bool {
 				return true
 			}
 		}
+
+		return false
+	}
+
+	tables := []string{"filter", "nat", "mangle", "raw"}
+	for _, table := range tables {
+		if checkTable(table) {
+			return true
+		}
 	}
 
 	return false