diff --git a/miniupnpd/Makefile.linux b/miniupnpd/Makefile.linux index 71971f0..e978fd2 100644 --- a/miniupnpd/Makefile.linux +++ b/miniupnpd/Makefile.linux @@ -186,6 +186,7 @@ clean: install: miniupnpd miniupnpd.8 miniupnpd.conf genuuid \ netfilter/iptables_init.sh netfilter/iptables_removeall.sh \ netfilter/ip6tables_init.sh netfilter/ip6tables_removeall.sh \ + netfilter/miniupnpd_functions.sh \ linux/miniupnpd.init.d.script $(STRIP) miniupnpd $(INSTALL) -d $(DESTDIR)$(SBININSTALLDIR) @@ -195,6 +196,7 @@ install: miniupnpd miniupnpd.8 miniupnpd.conf genuuid \ $(INSTALL) netfilter/iptables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR) $(INSTALL) netfilter/ip6tables_init.sh $(DESTDIR)$(ETCINSTALLDIR) $(INSTALL) netfilter/ip6tables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR) + $(INSTALL) netfilter/miniupnpd_functions.sh $(DESTDIR)$(ETCINSTALLDIR) $(INSTALL) --mode=0644 -b miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR) $(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d $(INSTALL) linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd diff --git a/miniupnpd/Makefile.linux_nft b/miniupnpd/Makefile.linux_nft index 863c1be..0c03ca3 100644 --- a/miniupnpd/Makefile.linux_nft +++ b/miniupnpd/Makefile.linux_nft @@ -20,7 +20,7 @@ CFLAGS = -O -g #-DDEBUG CFLAGS ?= -Os CFLAGS += -fno-strict-aliasing CFLAGS += -fno-common -CPPFLAGS += -D_GNU_SOURCE +CPPFLAGS += -D_GNU_SOURCE CFLAGS += -Wall CFLAGS += -Wextra -Wstrict-prototypes -Wdeclaration-after-statement #CFLAGS += -Wno-missing-field-initializers @@ -96,6 +96,7 @@ clean: install: miniupnpd miniupnpd.8 miniupnpd.conf genuuid \ netfilter/iptables_init.sh netfilter/iptables_removeall.sh \ netfilter/ip6tables_init.sh netfilter/ip6tables_removeall.sh \ + netfilter/miniupnpd_functions.sh \ linux/miniupnpd.init.d.script $(STRIP) miniupnpd $(INSTALL) -d $(DESTDIR)$(SBININSTALLDIR) @@ -105,6 +106,7 @@ install: miniupnpd miniupnpd.8 miniupnpd.conf genuuid \ $(INSTALL) netfilter/iptables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR) $(INSTALL) netfilter/ip6tables_init.sh $(DESTDIR)$(ETCINSTALLDIR) $(INSTALL) netfilter/ip6tables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR) + $(INSTALL) netfilter/miniupnpd_functions.sh $(DESTDIR)$(ETCINSTALLDIR) $(INSTALL) --mode=0644 -b miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR) $(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d $(INSTALL) linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd diff --git a/miniupnpd/netfilter/ip6tables_display.sh b/miniupnpd/netfilter/ip6tables_display.sh index 922eb2d..4ef5995 100755 --- a/miniupnpd/netfilter/ip6tables_display.sh +++ b/miniupnpd/netfilter/ip6tables_display.sh @@ -1,8 +1,9 @@ #! /bin/sh # $Id: ip6tables_display.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $ -IPTABLES=/sbin/ip6tables + +IPV6=1 +. $(dirname "$0")/miniupnpd_functions.sh #display all chains relative to miniupnpd $IPTABLES -v -n -t filter -L FORWARD -$IPTABLES -v -n -t filter -L MINIUPNPD - +$IPTABLES -v -n -t filter -L $CHAIN diff --git a/miniupnpd/netfilter/ip6tables_flush.sh b/miniupnpd/netfilter/ip6tables_flush.sh index b9c68d9..ceec1e4 100755 --- a/miniupnpd/netfilter/ip6tables_flush.sh +++ b/miniupnpd/netfilter/ip6tables_flush.sh @@ -1,7 +1,8 @@ #! /bin/sh # $Id: ip6tables_flush.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $ -IPTABLES=/sbin/ip6tables + +IPV6=1 +. $(dirname "$0")/miniupnpd_functions.sh #flush all rules owned by miniupnpd -$IPTABLES -t filter -F MINIUPNPD - +$IPTABLES -t filter -F $CHAIN diff --git a/miniupnpd/netfilter/ip6tables_init.sh b/miniupnpd/netfilter/ip6tables_init.sh index 288b980..162ef13 100755 --- a/miniupnpd/netfilter/ip6tables_init.sh +++ b/miniupnpd/netfilter/ip6tables_init.sh @@ -1,12 +1,22 @@ #! /bin/sh -# $Id: ip6tables_init.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $ -IPTABLES=/sbin/ip6tables +# $Id: ip6tables_init_and_clean.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $ +# Improved Miniupnpd iptables init script. +# Checks for state of filter before doing anything.. -#change this parameters : -EXTIF=eth0 - -#adding the MINIUPNPD chain for filter -$IPTABLES -t filter -N MINIUPNPD -#adding the rule to MINIUPNPD -$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD +IPV6=1 +EXT=1 +. $(dirname "$0")/miniupnpd_functions.sh +if [ "$FDIRTY" = "${CHAIN}Chain" ]; then + echo "Filter table dirty; Cleaning..." +elif [ "$FDIRTY" = "Chain" ]; then + echo "Dirty filter chain but no reference..? Fixing..." + $IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN +else + echo "Filter table clean..initalizing.." + $IPTABLES -t filter -N $CHAIN + $IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN +fi +if [ "$CLEAN" = "yes" ]; then + $IPTABLES -t filter -F $CHAIN +fi diff --git a/miniupnpd/netfilter/ip6tables_init_and_clean.sh b/miniupnpd/netfilter/ip6tables_init_and_clean.sh deleted file mode 100755 index 38e2a57..0000000 --- a/miniupnpd/netfilter/ip6tables_init_and_clean.sh +++ /dev/null @@ -1,22 +0,0 @@ -#! /bin/sh -# $Id: ip6tables_init_and_clean.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $ -# Improved Miniupnpd iptables init script. -# Checks for state of filter before doing anything.. - -EXTIF=eth0 -IPTABLES=/sbin/ip6tables -FDIRTY="`LC_ALL=C /sbin/ip6tables -t filter -L -n | grep 'MINIUPNPD' | awk '{printf $1}'`" - -if [[ $FDIRTY = "MINIUPNPDChain" ]]; then - echo "Filter table dirty; Cleaning..." - $IPTABLES -t filter -F MINIUPNPD -elif [[ $FDIRTY = "Chain" ]]; then - echo "Dirty filter chain but no reference..? Fixsted." - $IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD - $IPTABLES -t filter -F MINIUPNPD -else - echo "Filter table clean..initalizing.." - $IPTABLES -t filter -N MINIUPNPD - $IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD -fi - diff --git a/miniupnpd/netfilter/ip6tables_removeall.sh b/miniupnpd/netfilter/ip6tables_removeall.sh index 56ffb8e..126ca58 100755 --- a/miniupnpd/netfilter/ip6tables_removeall.sh +++ b/miniupnpd/netfilter/ip6tables_removeall.sh @@ -1,13 +1,16 @@ #! /bin/sh # $Id: ip6tables_removeall.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $ -IPTABLES=/sbin/ip6tables -#change this parameters : -EXTIF=eth0 +IPV6=1 +EXT=1 +. $(dirname "$0")/miniupnpd_functions.sh #removing the MINIUPNPD chain for filter -$IPTABLES -t filter -F MINIUPNPD -#adding the rule to MINIUPNPD -$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD -$IPTABLES -t filter -X MINIUPNPD - +if [ "$FDIRTY" = "${CHAIN}Chain" ]; then + $IPTABLES -t filter -F $CHAIN + $IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN + $IPTABLES -t filter -X $CHAIN +elif [ "$FDIRTY" = "Chain" ]; then + $IPTABLES -t filter -F $CHAIN + $IPTABLES -t filter -X $CHAIN +fi diff --git a/miniupnpd/netfilter/iptables_display.sh b/miniupnpd/netfilter/iptables_display.sh index 8901334..956375f 100755 --- a/miniupnpd/netfilter/iptables_display.sh +++ b/miniupnpd/netfilter/iptables_display.sh @@ -1,14 +1,14 @@ #! /bin/sh # $Id: iptables_display.sh,v 1.4 2011/05/16 12:11:37 nanard Exp $ -IPTABLES=/sbin/iptables + +. $(dirname "$0")/miniupnpd_functions.sh #display all chains relative to miniupnpd $IPTABLES -v -n -t nat -L PREROUTING -$IPTABLES -v -n -t nat -L MINIUPNPD +$IPTABLES -v -n -t nat -L $CHAIN $IPTABLES -v -n -t nat -L POSTROUTING -$IPTABLES -v -n -t nat -L MINIUPNPD-POSTROUTING +$IPTABLES -v -n -t nat -L $CHAIN-POSTROUTING $IPTABLES -v -n -t mangle -L PREROUTING -$IPTABLES -v -n -t mangle -L MINIUPNPD +$IPTABLES -v -n -t mangle -L $CHAIN $IPTABLES -v -n -t filter -L FORWARD -$IPTABLES -v -n -t filter -L MINIUPNPD - +$IPTABLES -v -n -t filter -L $CHAIN diff --git a/miniupnpd/netfilter/iptables_display_miniupnpd.sh b/miniupnpd/netfilter/iptables_display_miniupnpd.sh index 77a39c9..1d69457 100755 --- a/miniupnpd/netfilter/iptables_display_miniupnpd.sh +++ b/miniupnpd/netfilter/iptables_display_miniupnpd.sh @@ -1,10 +1,10 @@ #! /bin/sh -# $Id: iptables_display.sh,v 1.6 2016/02/09 09:37:44 nanard Exp $ -IPTABLES=/sbin/iptables +# $Id: iptables_display_miniupnpd.sh,v 1.1 2016/02/12 15:23:29 nanard Exp $ + +. $(dirname "$0")/miniupnpd_functions.sh #display miniupnpd chains -$IPTABLES -v -n -t nat -L MINIUPNPD -$IPTABLES -v -n -t nat -L MINIUPNPD-POSTROUTING -$IPTABLES -v -n -t mangle -L MINIUPNPD -$IPTABLES -v -n -t filter -L MINIUPNPD - +$IPTABLES -v -n -t nat -L $CHAIN +$IPTABLES -v -n -t nat -L $CHAIN-POSTROUTING +$IPTABLES -v -n -t mangle -L $CHAIN +$IPTABLES -v -n -t filter -L $CHAIN diff --git a/miniupnpd/netfilter/iptables_flush.sh b/miniupnpd/netfilter/iptables_flush.sh index 0258a74..e147829 100755 --- a/miniupnpd/netfilter/iptables_flush.sh +++ b/miniupnpd/netfilter/iptables_flush.sh @@ -1,10 +1,10 @@ #! /bin/sh -# $Id: iptables_flush.sh,v 1.3 2011/05/16 12:11:37 nanard Exp $ -IPTABLES=/sbin/iptables +# $Id: iptables_flush.sh,v 1.6 2017/04/21 11:16:09 nanard Exp $ + +. $(dirname "$0")/miniupnpd_functions.sh #flush all rules owned by miniupnpd -$IPTABLES -t nat -F MINIUPNPD -$IPTABLES -t nat -F MINIUPNPD-POSTROUTING -$IPTABLES -t filter -F MINIUPNPD -$IPTABLES -t mangle -F MINIUPNPD - +$IPTABLES -t nat -F $CHAIN +$IPTABLES -t nat -F $CHAIN-POSTROUTING +$IPTABLES -t filter -F $CHAIN +$IPTABLES -t mangle -F $CHAIN diff --git a/miniupnpd/netfilter/iptables_init.sh b/miniupnpd/netfilter/iptables_init.sh index 297014f..1983277 100755 --- a/miniupnpd/netfilter/iptables_init.sh +++ b/miniupnpd/netfilter/iptables_init.sh @@ -1,31 +1,37 @@ #! /bin/sh -# $Id: iptables_init.sh,v 1.5 2011/05/16 12:11:37 nanard Exp $ -IPTABLES="`which iptables`" || exit 1 -IPTABLES="$IPTABLES -w" -IP="`which ip`" || exit 1 +# $Id: iptables_init_and_clean.sh,v 1.7 2017/04/21 11:16:09 nanard Exp $ +# Improved Miniupnpd iptables init script. +# Checks for state of filter before doing anything.. -#change this parameters : -#EXTIF=eth0 -EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1 -EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`" +EXT=1 +. $(dirname "$0")/miniupnpd_functions.sh -echo "External IP = $EXTIP" +if [ "$NDIRTY" = "${CHAIN}Chain" ]; then + echo "Nat table dirty; Cleaning..." +elif [ "$NDIRTY" = "Chain" ]; then + echo "Dirty NAT chain but no reference..? Fixing..." + #$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN + $IPTABLES -t nat -A PREROUTING -i $EXTIF -j $CHAIN +else + echo "NAT table clean..initalizing.." + $IPTABLES -t nat -N $CHAIN + #$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN + $IPTABLES -t nat -A PREROUTING -i $EXTIF -j $CHAIN +fi +if [ "$CLEAN" = "yes" ]; then + $IPTABLES -t nat -F $CHAIN +fi -#adding the MINIUPNPD chain for nat -$IPTABLES -t nat -N MINIUPNPD -#adding the rule to MINIUPNPD -#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD -$IPTABLES -t nat -A PREROUTING -i $EXTIF -j MINIUPNPD - -#adding the MINIUPNPD chain for mangle -$IPTABLES -t mangle -N MINIUPNPD -$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j MINIUPNPD - -#adding the MINIUPNPD chain for filter -$IPTABLES -t filter -N MINIUPNPD -#adding the rule to MINIUPNPD -$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD - -#adding the MINIUPNPD chain for nat -$IPTABLES -t nat -N MINIUPNPD-POSTROUTING -$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING +if [ "$FDIRTY" = "${CHAIN}Chain" ]; then + echo "Filter table dirty; Cleaning..." +elif [ "$FDIRTY" = "Chain" ]; then + echo "Dirty filter chain but no reference..? Fixing..." + $IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN +else + echo "Filter table clean..initalizing.." + $IPTABLES -t filter -N MINIUPNPD + $IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN +fi +if [ "$CLEAN" = "yes" ]; then + $IPTABLES -t filter -F $CHAIN +fi diff --git a/miniupnpd/netfilter/iptables_init_and_clean.sh b/miniupnpd/netfilter/iptables_init_and_clean.sh deleted file mode 100755 index f61dff7..0000000 --- a/miniupnpd/netfilter/iptables_init_and_clean.sh +++ /dev/null @@ -1,42 +0,0 @@ -#! /bin/sh -# $Id: iptables_init_and_clean.sh,v 1.1 2011/05/13 09:58:47 nanard Exp $ -# Improved Miniupnpd iptables init script. -# Checks for state of filter before doing anything.. - -IPTABLES="`which iptables`" || exit 1 -IPTABLES="$IPTABLES -w" -IP="`which ip`" || exit 1 - -#EXTIF=eth0 -EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1 -EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`" - -NDIRTY="`LC_ALL=C $IPTABLES -t nat -L -n | awk '/MINIUPNPD/ {printf $1}'`" -FDIRTY="`LC_ALL=C $IPTABLES -t filter -L -n | awk '/MINIUPNPD/ {printf $1}'`" -echo "External IP = $EXTIP" - -if [[ $NDIRTY = "MINIUPNPDChain" ]]; then - echo "Nat table dirty; Cleaning..." - $IPTABLES -t nat -F MINIUPNPD -elif [[ $NDIRTY = "Chain" ]]; then - echo "Dirty NAT chain but no reference..? Fixsted." - $IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD - $IPTABLES -t nat -F MINIUPNPD -else - echo "NAT table clean..initalizing.." - $IPTABLES -t nat -N MINIUPNPD - $IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD -fi -if [[ $FDIRTY = "MINIUPNPDChain" ]]; then - echo "Filter table dirty; Cleaning..." - $IPTABLES -t filter -F MINIUPNPD -elif [[ $FDIRTY = "Chain" ]]; then - echo "Dirty filter chain but no reference..? Fixsted." - $IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD - $IPTABLES -t filter -F MINIUPNPD -else - echo "Filter table clean..initalizing.." - $IPTABLES -t filter -N MINIUPNPD - $IPTABLES -t filter -I FORWARD 4 -i $EXTIF ! -o $EXTIF -j MINIUPNPD -fi - diff --git a/miniupnpd/netfilter/iptables_removeall.sh b/miniupnpd/netfilter/iptables_removeall.sh index 534ede8..cd24596 100755 --- a/miniupnpd/netfilter/iptables_removeall.sh +++ b/miniupnpd/netfilter/iptables_removeall.sh @@ -1,34 +1,46 @@ #! /bin/sh -# $Id: iptables_removeall.sh,v 1.5 2011/05/16 12:11:37 nanard Exp $ -IPTABLES="`which iptables`" || exit 1 -IPTABLES="$IPTABLES -w" -IP="`which ip`" || exit 1 +# $Id: iptables_removeall.sh,v 1.10 2017/04/21 11:16:09 nanard Exp $ -#change this parameters : -#EXTIF=eth0 -EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1 -EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`" +EXT=1 +. $(dirname "$0")/miniupnpd_functions.sh #removing the MINIUPNPD chain for nat -$IPTABLES -t nat -F MINIUPNPD -#rmeoving the rule to MINIUPNPD -#$IPTABLES -t nat -D PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD -$IPTABLES -t nat -D PREROUTING -i $EXTIF -j MINIUPNPD -$IPTABLES -t nat -X MINIUPNPD +if [ "$NDIRTY" = "${CHAIN}Chain" ]; then + $IPTABLES -t nat -F $CHAIN + #$IPTABLES -t nat -D PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN + $IPTABLES -t nat -D PREROUTING -i $EXTIF -j $CHAIN + $IPTABLES -t nat -X $CHAIN +elif [ "$NDIRTY" = "Chain" ]; then + $IPTABLES -t nat -F $CHAIN + $IPTABLES -t nat -X $CHAIN +fi #removing the MINIUPNPD chain for mangle -$IPTABLES -t mangle -F MINIUPNPD -$IPTABLES -t mangle -D PREROUTING -i $EXTIF -j MINIUPNPD -$IPTABLES -t mangle -X MINIUPNPD +if [ "$MDIRTY" = "${CHAIN}Chain" ]; then + $IPTABLES -t mangle -F $CHAIN + $IPTABLES -t mangle -D FORWARD -i $EXTIF -j $CHAIN + $IPTABLES -t mangle -X $CHAIN +elif [ "$MDIRTY" = "Chain" ]; then + $IPTABLES -t mangle -F $CHAIN + $IPTABLES -t mangle -X $CHAIN +fi #removing the MINIUPNPD chain for filter -$IPTABLES -t filter -F MINIUPNPD -#adding the rule to MINIUPNPD -$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD -$IPTABLES -t filter -X MINIUPNPD +if [ "$FDIRTY" = "${CHAIN}Chain" ]; then + $IPTABLES -t filter -F $CHAIN + $IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN + $IPTABLES -t filter -X $CHAIN +elif [ "$FDIRTY" = "Chain" ]; then + $IPTABLES -t filter -F $CHAIN + $IPTABLES -t filter -X $CHAIN +fi #removing the MINIUPNPD-POSTROUTING chain for nat -$IPTABLES -t nat -F MINIUPNPD-POSTROUTING -#removing the rule to MINIUPNPD-POSTROUTING -$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING -$IPTABLES -t nat -X MINIUPNPD-POSTROUTING +if [ "$NPDIRTY" = "${CHAIN}-POSTROUTINGChain" ]; then + $IPTABLES -t nat -F $CHAIN-POSTROUTING + $IPTABLES -t nat -D POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING + $IPTABLES -t nat -X $CHAIN-POSTROUTING +elif [ "$NPDIRTY" = "Chain" ]; then + $IPTABLES -t nat -F $CHAIN-POSTROUTING + $IPTABLES -t nat -X $CHAIN-POSTROUTING +fi diff --git a/miniupnpd/netfilter/miniupnpd_functions.sh b/miniupnpd/netfilter/miniupnpd_functions.sh new file mode 100755 index 0000000..20c7a1c --- /dev/null +++ b/miniupnpd/netfilter/miniupnpd_functions.sh @@ -0,0 +1,64 @@ +#! /bin/sh +# $Id: miniupnpd_functions.sh,v 1.1 2018/02/24 12:15:19 nanard Exp $ + +IP=$(which ip) || { + echo "Can't find ip" >&2 + exit 1 +} +if [ -z "$IPV6" ]; then + IPTABLES=$(which iptables) || { + echo "Can't find iptables" >&2 + exit 1 + } + IP="$IP -4" +else + IPTABLES=$(which ip6tables) || { + echo "Can't find ip6tables" >&2 + exit 1 + } + IP="$IP -6" +fi + +CHAIN=MINIUPNPD +CLEAN= + +while getopts ":c:i:f" opt; do + case $opt in + c) + CHAIN=$OPTARG + ;; + i) + EXTIF=$OPTARG + ;; + f) + CLEAN=yes + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + :) + echo "Option -$OPTARG requires an argument." >&2 + exit 1 + ;; + esac +done + +if [ -n "$EXT" ]; then + if [ -z "$EXTIF" ]; then + EXTIF=$(LC_ALL=C $IP route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//') || { + echo "Can't find default interface" >&2 + exit 1 + } + fi + #if [ -z "$IPV6" ]; then + # EXTIP=$(LC_ALL=C $IP addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1) + #fi +fi + +FDIRTY=$(LC_ALL=C $IPTABLES -t filter -L -n | awk "/$CHAIN/ {printf \$1}") +if [ -z "$IPV6" ]; then + NDIRTY=$(LC_ALL=C $IPTABLES -t nat -L -n | awk "/$CHAIN/ {printf \$1}") + MDIRTY=$(LC_ALL=C $IPTABLES -t mangle -L -n | awk "/$CHAIN/ {printf \$1}") + NPDIRTY=$(LC_ALL=C $IPTABLES -t nat -L -n | awk "/$CHAIN-POSTROUTING/ {printf \$1}") +fi