use nft is available and ignore iptables errors

This commit is contained in:
Jérémy Lecour 2022-03-29 09:03:43 +02:00 committed by Jérémy Lecour
parent d17d62ecf9
commit dc75ac0406
2 changed files with 56 additions and 41 deletions

View File

@ -14,6 +14,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Changed
use nft is available and ignore iptables errors
### Fixed
### Removed

View File

@ -425,52 +425,65 @@ task_iptables() {
debug "Task: iptables"
iptables_bin=$(command -v iptables)
if [ -n "${iptables_bin}" ]; then
last_result=$({ ${iptables_bin} -L -n -v; ${iptables_bin} -t filter -L -n -v; } > "${dump_dir}/iptables-v.txt")
last_rc=$?
if [ ${last_rc} -eq 0 ]; then
debug "* iptables -v OK"
else
debug "* iptables -v ERROR"
debug "${last_result}"
# Ignore errors because we don't know if this is nft related or a real error
# rc=10
fi
last_result=$({ ${iptables_bin} -L -n; ${iptables_bin} -t filter -L -n; } > "${dump_dir}/iptables.txt")
last_rc=$?
if [ ${last_rc} -eq 0 ]; then
debug "* iptables OK"
else
debug "* iptables ERROR"
debug "${last_result}"
# Ignore errors because we don't know if this is nft related or a real error
# rc=10
fi
else
debug "* iptables not found"
fi
iptables_save_bin=$(command -v iptables-save)
if [ -n "${iptables_save_bin}" ]; then
last_result=$(${iptables_save_bin} > "${dump_dir}/iptables-save.txt")
last_rc=$?
if [ ${last_rc} -eq 0 ]; then
debug "* iptables-save OK"
else
debug "* iptables-save ERROR"
debug "${last_result}"
# Ignore errors because we don't know if this is nft related or a real error
# rc=10
fi
else
debug "* iptables-save not found"
fi
nft_bin=$(command -v nft)
if [ -n "${nft_bin}" ]; then
debug "* nft found, skip iptables"
else
if [ -n "${iptables_bin}" ]; then
last_result=$({ ${iptables_bin} -L -n -v; ${iptables_bin} -t filter -L -n -v; } >> "${dump_dir}/iptables-v.txt")
last_rc=$?
last_result=$(${nft_bin} list ruleset > "${dump_dir}/nft-ruleset.txt")
last_rc=$?
if [ ${last_rc} -eq 0 ]; then
debug "* iptables -v OK"
else
debug "* iptables -v ERROR"
debug "${last_result}"
rc=10
fi
last_result=$({ ${iptables_bin} -L -n; ${iptables_bin} -t filter -L -n; } >> "${dump_dir}/iptables.txt")
last_rc=$?
if [ ${last_rc} -eq 0 ]; then
debug "* iptables OK"
else
debug "* iptables ERROR"
debug "${last_result}"
rc=10
fi
if [ ${last_rc} -eq 0 ]; then
debug "* nft ruleset OK"
else
debug "* iptables not found"
fi
iptables_save_bin=$(command -v iptables-save)
if [ -n "${iptables_save_bin}" ]; then
last_result=$(${iptables_save_bin} > "${dump_dir}/iptables-save.txt")
last_rc=$?
if [ ${last_rc} -eq 0 ]; then
debug "* iptables-save OK"
else
debug "* iptables-save ERROR"
debug "${last_result}"
rc=10
fi
else
debug "* iptables-save not found"
debug "* nft ruleset ERROR"
debug "${last_result}"
rc=10
fi
fi
}