use nft is available and ignore iptables errors

2022-03-29 09:03:43 +02:00 · 2022-03-29 09:03:43 +02:00 · dc75ac0406
parent d17d62ecf9
commit dc75ac0406
2 changed files with 56 additions and 41 deletions
--- a/2
+++ b/2
@ -14,6 +14,8 @@ The **patch** part changes is incremented if multiple releases happen the same m

 ### Changed

+use nft is available and ignore iptables errors
+
 ### Fixed

 ### Removed
--- a/dump-server-state.sh
+++ b/dump-server-state.sh
@ -425,13 +425,9 @@ task_iptables() {
    debug "Task: iptables"

    iptables_bin=$(command -v iptables)
-    nft_bin=$(command -v nft)

-    if [ -n "${nft_bin}" ]; then
-        debug "* nft found, skip iptables"
-    else
    if [ -n "${iptables_bin}" ]; then
-            last_result=$({ ${iptables_bin} -L -n -v; ${iptables_bin} -t filter -L -n -v; } >> "${dump_dir}/iptables-v.txt")
+        last_result=$({ ${iptables_bin} -L -n -v; ${iptables_bin} -t filter -L -n -v; } > "${dump_dir}/iptables-v.txt")
        last_rc=$?

        if [ ${last_rc} -eq 0 ]; then
@ -439,10 +435,11 @@ task_iptables() {
        else
            debug "* iptables -v ERROR"
            debug "${last_result}"
-                rc=10
+            # Ignore errors because we don't know if this is nft related or a real error
+            # rc=10
        fi

-            last_result=$({ ${iptables_bin} -L -n; ${iptables_bin} -t filter -L -n; } >> "${dump_dir}/iptables.txt")
+        last_result=$({ ${iptables_bin} -L -n; ${iptables_bin} -t filter -L -n; } > "${dump_dir}/iptables.txt")
        last_rc=$?

        if [ ${last_rc} -eq 0 ]; then
@ -450,7 +447,8 @@ task_iptables() {
        else
            debug "* iptables ERROR"
            debug "${last_result}"
-                rc=10
+            # Ignore errors because we don't know if this is nft related or a real error
+            # rc=10
        fi
    else
        debug "* iptables not found"
@ -467,11 +465,26 @@ task_iptables() {
        else
            debug "* iptables-save ERROR"
            debug "${last_result}"
-                rc=10
+            # Ignore errors because we don't know if this is nft related or a real error
+            # rc=10
        fi
    else
        debug "* iptables-save not found"
    fi
+
+    nft_bin=$(command -v nft)
+
+    if [ -n "${nft_bin}" ]; then
+        last_result=$(${nft_bin} list ruleset > "${dump_dir}/nft-ruleset.txt")
+        last_rc=$?
+
+        if [ ${last_rc} -eq 0 ]; then
+            debug "* nft ruleset OK"
+        else
+            debug "* nft ruleset ERROR"
+            debug "${last_result}"
+            rc=10
+        fi
    fi
 }