Merge pull request #913 from balena-io/synchronous-iptables

Run iptables rules synchronous to avoid locking errors

src/lib/iptables.ts

@@ -7,10 +7,17 @@ export const execAsync: (args: string) => Bluebird<string> = Bluebird.promisify(
 );
 
 function applyIptablesArgs(args: string): Bluebird<void> {
-	return Bluebird.all([
-		execAsync(`iptables ${args}`),
-		execAsync(`ip6tables ${args}`),
-	]).return();
+	let err: Error | null = null;
+	// We want to run both commands regardless, but also rethrow an error
+	// if one of them fails
+	return execAsync(`iptables ${args}`)
+		.catch(e => (err = e))
+		.then(() => execAsync(`ip6tables ${args}`).catch(e => (err = e)))
+		.then(() => {
+			if (err != null) {
+				throw err;
+			}
+		});
 }
 
 function clearIptablesRule(rule: string): Bluebird<void> {

test/06-iptables.spec.coffee

@@ -29,7 +29,7 @@ describe 'iptables', ->
 	it "falls back to blocking the port with DROP if there's no REJECT support", ->
 		stub(iptables, 'execAsync').callsFake (cmd) ->
 			if /REJECT$/.test(cmd)
-				Promise.reject()
+				Promise.reject(new Error())
 			else
 				Promise.resolve()
 		iptables.rejectOnAllInterfacesExcept(['foo', 'bar'], 42)