@@ -18,12 +18,12 @@ modprobe="/sbin/modprobe"
1818sysctl=" /sbin/sysctl"
1919
2020# Includes
21- # shellcheck source=/usr/local/hestia/func/main.sh
22- # shellcheck source=/usr/local/hestia/func/firewall.sh
23- # shellcheck source=/usr/local/hestia/conf/hestia.conf
2421source /etc/profile.d/hestia.sh
22+ # shellcheck source=/usr/local/hestia/func/main.sh
2523source $HESTIA /func/main.sh
24+ # shellcheck source=/usr/local/hestia/func/firewall.sh
2625source $HESTIA /func/firewall.sh
26+ # shellcheck source=/usr/local/hestia/conf/hestia.conf
2727source $HESTIA /conf/hestia.conf
2828
2929
@@ -48,13 +48,15 @@ if [ ! -e "$rules" ]; then
4848 exit
4949fi
5050
51- $sysctl net.netfilter.nf_conntrack_max > /dev/null 2>&1
51+ # Checking conntrack module avaiabilty
52+ $modprobe nf_conntrack > /dev/null 2>&1
5253if [ $? -ne 0 ]; then
53- conntrack=' no'
54+ $sysctl net.netfilter.nf_conntrack_max > /dev/null 2>&1
55+ if [ $? -ne 0 ]; then
56+ conntrack=' no'
57+ fi
5458fi
5559
56- # Checking conntrack module avaiabilty
57- $modprobe nf_conntrack > /dev/null 2>&1
5860$modprobe nf_conntrack_ftp > /dev/null 2>&1
5961if [ $? -ne 0 ]; then
6062 conntrack_ftp=' no'
@@ -67,7 +69,7 @@ if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then
6769fi
6870
6971# Load ipset lists before adding Hestia iptables rules
70- $BIN /v-update-firewall-ipset
72+ [ -x " $( which ipset ) " ] && $BIN /v-update-firewall-ipset
7173
7274# Creating temporary file
7375tmp=$( mktemp)
@@ -183,33 +185,30 @@ if [ -d "/etc/sysconfig" ]; then
183185 fi
184186else
185187 /sbin/iptables-save > /etc/iptables.rules
188+ routable=" /usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
189+ preup=" /etc/network/if-pre-up.d/hestia-iptables"
190+ # Recreate the Hestia iptables rules loading script
191+ rm -f $routable $preup
186192 if dpkg-query -W -f' ${Status}' " netplan*" 2> /dev/null | grep -q " ok installed" && [ -d /etc/netplan ] && [ -n " $( ls -A /etc/netplan 2> /dev/null) " ; then
187- preup=" /usr/lib/networkd-dispatcher/routable.d/10-hestia-iptables"
188- if [ ! -e " $preup " ; then
189- IFS=' %'
190- echo ' #!/bin/sh' > $preup
191- echo ' ' >> $preup
192- echo ' if [ "$IFACE" = "' $( ip route list | awk ' /default .+/ {print $5}' | uniq) ' " ]; then' >> $preup
193- [ -x " $( which ipset) " && echo " ${HESTIA} /bin/v-update-firewall-ipset" >> $preup
194- echo ' sleep 3' >> $preup
195- echo ' /sbin/iptables-restore < /etc/iptables.rules' >> $preup
196- echo ' fi' >> $preup
197- echo " exit 0" >> $preup
198- chmod +x $preup
199- fi
193+ echo ' #!/bin/sh' > $routable
194+ echo ' ' >> $routable
195+ echo ' if [ "$IFACE" = "' $( ip route list | awk ' /default .+/ {print $5}' | uniq) ' " ]; then' >> $routable
196+ echo ' [ -x "' $( which ipset) ' " ] && ' " ${HESTIA} /bin/v-update-firewall-ipset" >> $routable
197+ echo ' /sbin/iptables-restore < /etc/iptables.rules' >> $routable
198+ echo ' fi' >> $routable
199+ echo ' ' >> $routable
200+ echo " exit 0" >> $routable
201+ chmod +x $routable
200202 else
201- preup=" /etc/network/if-pre-up.d/hestia-iptables"
202- if [ ! -e " $preup " ; then
203- IFS=' %'
204- echo ' #!/bin/sh' > $preup
205- echo ' ' >> $preup
206- echo ' if [ "$IFACE" = "' $( ip route list | awk ' /default .+/ {print $5}' | uniq) ' " ]; then' >> $preup
207- [ -x " $( which ipset) " && echo " ${HESTIA} /bin/v-update-firewall-ipset" >> $preup
208- echo ' /sbin/iptables-restore < /etc/iptables.rules' >> $preup
209- echo ' fi' >> $preup
210- echo " exit 0" >> $preup
211- chmod +x $preup
212- fi
203+ echo ' #!/bin/sh' > $preup
204+ echo ' ' >> $preup
205+ echo ' if [ "$IFACE" = "' $( ip route list | awk ' /default .+/ {print $5}' | uniq) ' " ]; then' >> $preup
206+ echo ' [ -x "' $( which ipset) ' " ] && ' " ${HESTIA} /bin/v-update-firewall-ipset" >> $preup
207+ echo ' /sbin/iptables-restore < /etc/iptables.rules' >> $preup
208+ echo ' fi' >> $preup
209+ echo ' ' >> $preup
210+ echo " exit 0" >> $preup
211+ chmod +x $preup
213212 fi
214213fi
215214
0 commit comments