Merge pull request from f1sherman/a-few-nftables-fixes

A few nftables fixes :

    Spelling fix: routeing --> routing
    Fix typo where we're incorrectly checking for $TABLE instead of $NAT_TABLE in nft_removeall.sh
    Split NAT and TABLE everywhere for consistency
This commit is contained in:
Thomas BERNARD 2022-01-22 19:30:10 +01:00 committed by GitHub
commit 3f51c41ea2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 18 additions and 18 deletions

View File

@ -75,7 +75,7 @@
# table names for netfilter nft. Default is "filter" for both # table names for netfilter nft. Default is "filter" for both
#upnp_table_name= #upnp_table_name=
#upnp_nattable_name= #upnp_nat_table_name=
# chain names for netfilter and netfilter nft # chain names for netfilter and netfilter nft
# netfilter : default are MINIUPNPD, MINIUPNPD, MINIUPNPD-POSTROUTING # netfilter : default are MINIUPNPD, MINIUPNPD, MINIUPNPD-POSTROUTING
# netfilter nft : default are miniupnpd, prerouting_miniupnpd, postrouting_miniupnpd # netfilter nft : default are miniupnpd, prerouting_miniupnpd, postrouting_miniupnpd

View File

@ -68,7 +68,7 @@ The following is used in miniupnpd for a table setup but it can be customized:
and the following config settings can be used to change the tables and chains : and the following config settings can be used to change the tables and chains :
upnp_table_name=filter upnp_table_name=filter
upnp_nattable_name=filter upnp_nat_table_name=filter
upnp_forward_chain=miniupnpd upnp_forward_chain=miniupnpd
upnp_nat_chain=prerouting_miniupnpd upnp_nat_chain=prerouting_miniupnpd
upnp_nat_postrouting_chain=postrouting_miniupnpd upnp_nat_postrouting_chain=postrouting_miniupnpd

View File

@ -8,8 +8,8 @@ NFT=$(which nft) || {
TABLE="filter" TABLE="filter"
NAT_TABLE="filter" NAT_TABLE="filter"
CHAIN="miniupnpd" CHAIN="miniupnpd"
PREROUTEING_CHAIN="prerouting_miniupnpd" PREROUTING_CHAIN="prerouting_miniupnpd"
POSTROUTEING_CHAIN="postrouting_miniupnpd" POSTROUTING_CHAIN="postrouting_miniupnpd"
while getopts ":t:n:c:p:r:" opt; do while getopts ":t:n:c:p:r:" opt; do
case $opt in case $opt in
@ -23,10 +23,10 @@ while getopts ":t:n:c:p:r:" opt; do
CHAIN=$OPTARG CHAIN=$OPTARG
;; ;;
p) p)
PREROUTEING_CHAIN=$OPTARG PREROUTING_CHAIN=$OPTARG
;; ;;
r) r)
POSTROUTEING_CHAIN=$OPTARG POSTROUTING_CHAIN=$OPTARG
;; ;;
\?) \?)
echo "Invalid option: -$OPTARG" >&2 echo "Invalid option: -$OPTARG" >&2

View File

@ -3,8 +3,8 @@
. $(dirname "$0")/miniupnpd_functions.sh . $(dirname "$0")/miniupnpd_functions.sh
# Prerouting # Prerouting
$NFT delete chain inet $NAT_TABLE $PREROUTEING_CHAIN $NFT delete chain inet $NAT_TABLE $PREROUTING_CHAIN
# Postrouting # Postrouting
$NFT delete chain inet $NAT_TABLE $POSTROUTEING_CHAIN $NFT delete chain inet $NAT_TABLE $POSTROUTING_CHAIN
# Filter # Filter
$NFT delete chain inet $TABLE $CHAIN $NFT delete chain inet $TABLE $CHAIN

View File

@ -3,8 +3,8 @@
. $(dirname "$0")/miniupnpd_functions.sh . $(dirname "$0")/miniupnpd_functions.sh
# Prerouting # Prerouting
$NFT list chain inet $NAT_TABLE $PREROUTEING_CHAIN $NFT list chain inet $NAT_TABLE $PREROUTING_CHAIN
# Postrouting # Postrouting
$NFT list chain inet $NAT_TABLE $POSTROUTEING_CHAIN $NFT list chain inet $NAT_TABLE $POSTROUTING_CHAIN
# Filter # Filter
$NFT list chain inet $TABLE $CHAIN $NFT list chain inet $TABLE $CHAIN

View File

@ -3,5 +3,5 @@
. $(dirname "$0")/miniupnpd_functions.sh . $(dirname "$0")/miniupnpd_functions.sh
$NFT flush chain inet $TABLE $CHAIN $NFT flush chain inet $TABLE $CHAIN
$NFT flush chain inet $NAT_TABLE $PREROUTEING_CHAIN $NFT flush chain inet $NAT_TABLE $PREROUTING_CHAIN
$NFT flush chain inet $NAT_TABLE $POSTROUTEING_CHAIN $NFT flush chain inet $NAT_TABLE $POSTROUTING_CHAIN

View File

@ -49,7 +49,7 @@ cat >> /tmp/miniupnpd.nft <<EOF
policy accept; policy accept;
# miniupnpd # miniupnpd
jump $PREROUTEING_CHAIN jump $PREROUTING_CHAIN
# Add other rules here # Add other rules here
} }
@ -59,15 +59,15 @@ cat >> /tmp/miniupnpd.nft <<EOF
policy accept; policy accept;
# miniupnpd # miniupnpd
jump $POSTROUTEING_CHAIN jump $POSTROUTING_CHAIN
# Add other rules here # Add other rules here
} }
chain $PREROUTEING_CHAIN { chain $PREROUTING_CHAIN {
} }
chain $POSTROUTEING_CHAIN { chain $POSTROUTING_CHAIN {
} }
} }
EOF EOF

View File

@ -17,7 +17,7 @@ fi
if [ "$TABLE" != "$NAT_TABLE" ] if [ "$TABLE" != "$NAT_TABLE" ]
then then
$NFT --check list table inet $TABLE > /dev/null 2>&1 $NFT --check list table inet $NAT_TABLE > /dev/null 2>&1
if [ $? -eq "0" ]; then if [ $? -eq "0" ]; then
# then remove the table itself # then remove the table itself
echo "Remove miniupnpd nat table" echo "Remove miniupnpd nat table"

View File

@ -69,7 +69,7 @@ static const struct {
{ UPNPCLEANINTERVAL, "clean_ruleset_interval"}, { UPNPCLEANINTERVAL, "clean_ruleset_interval"},
#ifdef USE_NETFILTER #ifdef USE_NETFILTER
{ UPNPTABLENAME, "upnp_table_name"}, { UPNPTABLENAME, "upnp_table_name"},
{ UPNPNATTABLENAME, "upnp_nattable_name"}, { UPNPNATTABLENAME, "upnp_nat_table_name"},
{ UPNPFORWARDCHAIN, "upnp_forward_chain"}, { UPNPFORWARDCHAIN, "upnp_forward_chain"},
{ UPNPNATCHAIN, "upnp_nat_chain"}, { UPNPNATCHAIN, "upnp_nat_chain"},
{ UPNPNATPOSTCHAIN, "upnp_nat_postrouting_chain"}, { UPNPNATPOSTCHAIN, "upnp_nat_postrouting_chain"},