NFTables fixes and scripts

This commit fixes the list detection and uses the inet chain for ipv4.
The scripts got reworked as well and a display script was added.

miniupnpd/netfilter_nft/nftnlrdr.c

@@ -132,7 +132,7 @@ add_redirect_rule2(const char * ifname,
 	d_printf(("add redirect rule2(%s, %s, %u, %s, %u, %d, %s)!\n",
 	          ifname, rhost, eport, iaddr, iport, proto, desc));
 
-	r = rule_set_dnat(NFPROTO_IPV4, ifname, proto,
+	r = rule_set_dnat(NFPROTO_INET, ifname, proto,
 	                  0, eport,
 	                  inet_addr(iaddr), iport,  desc, NULL);
 

miniupnpd/netfilter_nft/nftnlrdr_misc.c

@@ -604,15 +604,15 @@ table_cb(const struct nlmsghdr *nlh, void *data)
 
 	if (r->type == RULE_NONE) {
 		free(r);
-	} else if (strcmp(r->chain, miniupnpd_nat_postrouting_chain) == 0) {
+	} else if (r->type == RULE_NAT && r->nat_type == NFT_NAT_SNAT) {
 		r->index = index_peer;
 		LIST_INSERT_HEAD(&head_peer, r, entry);
 		index_peer++;
-	} else if (strcmp(r->chain, miniupnpd_nat_chain) == 0) {
+	} else if (r->type == RULE_NAT && r->nat_type == NFT_NAT_DNAT) {
 		r->index = index_redirect;
 		LIST_INSERT_HEAD(&head_redirect, r, entry);
 		index_redirect++;
-	} else {
+	} else if (r->type == RULE_FILTER) {
 		r->index = index_filter;
 		LIST_INSERT_HEAD(&head_filter, r, entry);
 		index_filter++;

miniupnpd/netfilter_nft/scripts/nft_delete_chain.sh

@@ -1,5 +1,5 @@
-#! /sbin/nft -f
+#!/bin/sh
 
-delete chain nat MINIUPNPD
-delete chain nat MINIUPNPD-POSTROUTING
-delete chain filter MINIUPNPD
+nft delete chain nat MINIUPNPD
+nft delete chain nat MINIUPNPD-POSTROUTING
+nft delete chain filter MINIUPNPD

miniupnpd/netfilter_nft/scripts/nft_display.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# Prerouting
+nft list chain ip nat MINIUPNPD
+# Postrouting
+nft list chain ip nat MINIUPNPD-POSTROUTING
+# Filter
+nft list chain inet filter MINIUPNPD

miniupnpd/netfilter_nft/scripts/nft_flush.sh

@@ -1,5 +1,5 @@
-#! /sbin/nft -f
+#!/bin/sh
 
-flush chain ip nat MINIUPNPD
-flush chain ip nat MINIUPNPD-POSTROUTING
-flush chain inet filter MINIUPNPD
+nft flush chain ip nat MINIUPNPD
+nft flush chain ip nat MINIUPNPD-POSTROUTING
+nft flush chain inet filter MINIUPNPD

miniupnpd/netfilter_nft/scripts/nft_init.sh

@@ -1,11 +1,11 @@
-#! /bin/sh
+#!/bin/sh
 
 nft list table nat > /dev/null
 nft_nat_exists=$?
-nft list table filter > /dev/null
+nft list table inet filter > /dev/null
 nft_filter_exists=$?
-nft list table mangle > /dev/null
-nft_mangle_exists=$?
+#nft list table inet mangle > /dev/null
+#nft_mangle_exists=$?
 
 if [ $nft_nat_exists -eq "1" ]; then
 	echo "create nat"
@@ -15,19 +15,19 @@ if [ $nft_filter_exists -eq "1" ]; then
 	echo "create filter"
 	nft "add table inet filter"
 fi
-if [ $nft_mangle_exists -eq "1" ]; then
-	echo "create mangle"
-	nft "add table mangle"
-fi
+#if [ $nft_mangle_exists -eq "1" ]; then
+#	echo "create mangle"
+#	nft "add table mangle"
+#fi
 
 nft list chain nat MINIUPNPD > /dev/null
 nft_nat_miniupnpd_exists=$?
 nft list chain nat MINIUPNPD-POSTROUTING > /dev/null
 nft_nat_miniupnpd_pcp_peer_exists=$?
-nft list chain filter MINIUPNPD > /dev/null
+nft list chain inet filter MINIUPNPD > /dev/null
 nft_filter_miniupnpd_exists=$?
-nft list chain mangle MINIUPNPD > /dev/null
-nft_mangle_miniupnpd_exists=$?
+#nft list chain inet mangle MINIUPNPD > /dev/null
+#nft_mangle_miniupnpd_exists=$?
 
 if [ $nft_nat_miniupnpd_exists -eq "1" ]; then
 	echo "create chain in nat"
@@ -39,9 +39,9 @@ if [ $nft_nat_miniupnpd_pcp_peer_exists -eq "1" ]; then
 fi
 if [ $nft_filter_miniupnpd_exists -eq "1" ]; then
 	echo "create chain in filter "
-	nft "add chain filter MINIUPNPD"
-fi
-if [ $nft_mangle_miniupnpd_exists -eq "1" ]; then
-	echo "create chain in mangle"
-	nft "add chain mangle MINIUPNPD"
+	nft "add chain inet filter MINIUPNPD"
 fi
+#if [ $nft_mangle_miniupnpd_exists -eq "1" ]; then
+#	echo "create chain in mangle"
+#	nft "add chain inet mangle MINIUPNPD"
+#fi

miniupnpd/netfilter_nft/scripts/nft_removeall.sh

@@ -1,5 +1,4 @@
-#! /sbin/nft -f
+#!/bin/sh
 
-delete rule nat MINIUPNPD
-delete rule nat MINIUPNPD-POSTROUTING
-delete rule filter MINIUPNPD
+# Remove all rules in nft not just miniupnpd
+nft flush ruleset