From 6fbfa0d7bba47ef1445b2354609c0f1e3886f3dd Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 12 Dec 2019 17:24:04 +0100 Subject: [PATCH] wg-quick: linux: try both iptables(8) and nft(8) on teardown Daniel argues that technically a package manager could install nft(8) after previously having started wg-quick(8) using iptables(8). Suggested-by: Daniel Kahn Gillmor Signed-off-by: Jason A. Donenfeld --- src/wg-quick/linux.bash | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index d52bad3..423a2c7 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -188,7 +188,8 @@ remove_firewall() { [[ $table == *" wg-quick-$INTERFACE" ]] && printf -v nftcmd '%sdelete %s\n' "$nftcmd" "$table" done < <(nft list tables 2>/dev/null) [[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd") - else + fi + if type -p iptables >/dev/null; then local line iptables found restore for iptables in iptables ip6tables; do restore="" found=0