Improve generate and loading firewall rules

myrevery · web-flow · commit 75de7e40e69a · 2021-06-04T13:50:00.000-07:00
diff --git a/bin/v-stop-firewall b/bin/v-stop-firewall
@@ -76,33 +76,28 @@ if [ -d "/etc/sysconfig" ]; then
     fi
 else
     /sbin/iptables-save > /etc/iptables.rules
+    routable="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
+    preup="/etc/network/if-pre-up.d/hestia-iptables"
+    # Recreate the Hestia iptables rules loading script
+    rm -f $routable $preup
     if dpkg-query -W -f'${Status}' "netplan*" 2>/dev/null | grep -q "ok installed" && [ -d /etc/netplan ] && [ -n "$(ls -A /etc/netplan 2>/dev/null)" ]; then
-        preup="/usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
-        if [ ! -e "$preup" ]; then
-            IFS='%'
-            echo '#!/bin/sh' > $preup
-            echo '' >> $preup
-            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
-            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
-            echo '    sleep 3' >> $preup
-            echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
-            echo 'fi' >> $preup
-            echo "exit 0" >> $preup
-            chmod +x $preup
-        fi
+        echo '#!/bin/sh' > $routable
+        echo '' >> $routable
+        echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $routable
+        echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $routable
+        echo 'fi' >> $routable
+        echo '' >> $routable
+        echo "exit 0" >> $routable
+        chmod +x $routable
     else
-        preup="/etc/network/if-pre-up.d/hestia-iptables"
-        if [ ! -e "$preup" ]; then
-            IFS='%'
-            echo '#!/bin/sh' > $preup
-            echo '' >> $preup
-            echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
-            [ -x "$(which ipset)" ] && echo "    ${HESTIA}/bin/v-update-firewall-ipset" >> $preup
-            echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
-            echo 'fi' >> $preup
-            echo "exit 0" >> $preup
-            chmod +x $preup
-        fi
+        echo '#!/bin/sh' > $preup
+        echo '' >> $preup
+        echo 'if [ "$IFACE" = "'$(ip route list | awk '/default .+/ {print $5}' | uniq)'" ]; then' >> $preup
+        echo '    /sbin/iptables-restore < /etc/iptables.rules' >> $preup
+        echo 'fi' >> $preup
+        echo '' >> $preup
+        echo "exit 0" >> $preup
+        chmod +x $preup
     fi
 fi
 
