Wait for /run/xtables.lock for wireguard rules

When box is restarted seems like there is a race to take iptables lock
file and some units can not start because of that.

In the log error looks like this.

    Can't lock /run/xtables.lock: Resource temporarily unavailable
    Another app is currently holding the xtables lock. Perhaps you want
    to use the -w option?

Take iptables suggestion and wait for the xtables lock.

Downside is if something is not going to release the lock, then we stall
forever.

1 files changed, 4 insertions, 4 deletions

diff --git a/roles/wgtor/templates/wgtor0.conf.j2 b/roles/wgtor/templates/wgtor0.conf.j2
index 6acb081..d535967 100644
--- a/roles/wgtor/templates/wgtor0.conf.j2
+++ b/roles/wgtor/templates/wgtor0.conf.j2
@@ -6,10 +6,10 @@ ListenPort = 51822
 # See for source of iptables rules.
 # https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
 
-PostUp = iptables -t nat -A PREROUTING -i %i -p udp --dport 53 -j REDIRECT --to-ports 5353
-PostUp = iptables -t nat -A PREROUTING -i %i -p udp --dport 5353 -j REDIRECT --to-ports 5353
-PostUp = iptables -t nat -A PREROUTING -i %i -p tcp --syn -j REDIRECT --to-ports 9040
-PostUp = iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040
+PostUp = iptables --wait -t nat -A PREROUTING -i %i -p udp --dport 53 -j REDIRECT --to-ports 5353
+PostUp = iptables --wait -t nat -A PREROUTING -i %i -p udp --dport 5353 -j REDIRECT --to-ports 5353
+PostUp = iptables --wait -t nat -A PREROUTING -i %i -p tcp --syn -j REDIRECT --to-ports 9040
+PostUp = iptables --wait -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040
 
 PostDown = iptables -t nat -D PREROUTING -i %i -p udp --dport 53 -j REDIRECT --to-ports 5353
 PostDown = iptables -t nat -D PREROUTING -i %i -p udp --dport 5353 -j REDIRECT --to-ports 5353