status-im/miniupnp
2
0
Fork 0
mirror of https://github.com/status-im/miniupnp.git synced 2025-02-05 02:44:24 +00:00
Code Issues Projects Releases Wiki Activity

Rework nft_removeall.sh to preserve nftables structures miniupnpd didn't add. Important for firewalld and sshguard co-existance.

Browse Source
This commit is contained in:
Paul Chambers 2019-08-31 20:47:11 -07:00
parent 624a4bfdf7
commit 60b57a442a
1 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
miniupnpd/netfilter_nft/scripts/nft_removeall.sh
View File

@ -1,4 +1,44 @@
#!/bin/sh #!/bin/sh
#
# Undo the things nft_init.sh did
#
# Do not disturb other existing structures in nftables, e.g. those created by firewalld
#
# Remove all rules in nft not just miniupnpd nft --check list table nat > /dev/null 2>&1
nft flush ruleset if [ $? -eq "0" ]; then
{
# nat table exists, so first remove the chains we added
nft --check list chain nat MINIUPNPD > /dev/null 2>&1
if [ $? -eq "0" ]; then
echo "Remove chain from nat table"
nft delete chain nat MINIUPNPD
fi
nft --check list chain nat MINIUPNPD-POSTROUTING > /dev/null 2>&1
if [ $? -eq "0" ]; then
echo "Remove pcp peer chain from nat table"
nft delete chain nat MINIUPNPD-POSTROUTING
fi
# then remove the table itself
echo "Remove nat table"
nft delete table nat
}
fi
nft --check list table inet filter > /dev/null 2>&1
if [ $? -eq "0" ]; then
{
# filter table exists, so first remove the chain we added
nft --check list chain inet filter MINIUPNPD > /dev/null 2>&1
if [ $? -eq "0" ]; then
echo "Remove chain from filter table"
nft delete chain inet filter MINIUPNPD
fi
# then remove the table itself
echo "Remove filter table"
nft delete table inet filter
}
fi