miniupnpd: Add options for netfilter scripts

miniupnpd/Makefile.linux

@@ -186,6 +186,7 @@ clean:
 install:	miniupnpd miniupnpd.8 miniupnpd.conf genuuid \
 	netfilter/iptables_init.sh netfilter/iptables_removeall.sh \
 	netfilter/ip6tables_init.sh netfilter/ip6tables_removeall.sh \
+	netfilter/miniupnpd_functions.sh \
 	linux/miniupnpd.init.d.script
 	$(STRIP) miniupnpd
 	$(INSTALL) -d $(DESTDIR)$(SBININSTALLDIR)
@@ -195,6 +196,7 @@ install:	miniupnpd miniupnpd.8 miniupnpd.conf genuuid \
 	$(INSTALL) netfilter/iptables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
 	$(INSTALL) netfilter/ip6tables_init.sh $(DESTDIR)$(ETCINSTALLDIR)
 	$(INSTALL) netfilter/ip6tables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
+	$(INSTALL) netfilter/miniupnpd_functions.sh $(DESTDIR)$(ETCINSTALLDIR)
 	$(INSTALL) --mode=0644 -b miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
 	$(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d
 	$(INSTALL) linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd

miniupnpd/Makefile.linux_nft

@@ -20,7 +20,7 @@ CFLAGS = -O -g #-DDEBUG
 CFLAGS ?= -Os
 CFLAGS += -fno-strict-aliasing
 CFLAGS += -fno-common
-CPPFLAGS += -D_GNU_SOURCE 
+CPPFLAGS += -D_GNU_SOURCE
 CFLAGS += -Wall
 CFLAGS += -Wextra -Wstrict-prototypes -Wdeclaration-after-statement
 #CFLAGS += -Wno-missing-field-initializers
@@ -96,6 +96,7 @@ clean:
 install:	miniupnpd miniupnpd.8 miniupnpd.conf genuuid \
 	netfilter/iptables_init.sh netfilter/iptables_removeall.sh \
 	netfilter/ip6tables_init.sh netfilter/ip6tables_removeall.sh \
+	netfilter/miniupnpd_functions.sh \
 	linux/miniupnpd.init.d.script
 	$(STRIP) miniupnpd
 	$(INSTALL) -d $(DESTDIR)$(SBININSTALLDIR)
@@ -105,6 +106,7 @@ install:	miniupnpd miniupnpd.8 miniupnpd.conf genuuid \
 	$(INSTALL) netfilter/iptables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
 	$(INSTALL) netfilter/ip6tables_init.sh $(DESTDIR)$(ETCINSTALLDIR)
 	$(INSTALL) netfilter/ip6tables_removeall.sh $(DESTDIR)$(ETCINSTALLDIR)
+	$(INSTALL) netfilter/miniupnpd_functions.sh $(DESTDIR)$(ETCINSTALLDIR)
 	$(INSTALL) --mode=0644 -b miniupnpd.conf $(DESTDIR)$(ETCINSTALLDIR)
 	$(INSTALL) -d $(DESTDIR)$(PREFIX)/etc/init.d
 	$(INSTALL) linux/miniupnpd.init.d.script $(DESTDIR)$(PREFIX)/etc/init.d/miniupnpd

miniupnpd/netfilter/ip6tables_display.sh

@@ -1,8 +1,9 @@
 #! /bin/sh
 # $Id: ip6tables_display.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
-IPTABLES=/sbin/ip6tables
+
+IPV6=1
+. $(dirname "$0")/miniupnpd_functions.sh
 
 #display all chains relative to miniupnpd
 $IPTABLES -v -n -t filter -L FORWARD
-$IPTABLES -v -n -t filter -L MINIUPNPD
-
+$IPTABLES -v -n -t filter -L $CHAIN

miniupnpd/netfilter/ip6tables_flush.sh

@@ -1,7 +1,8 @@
 #! /bin/sh
 # $Id: ip6tables_flush.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
-IPTABLES=/sbin/ip6tables
 
-#flush all rules owned by miniupnpd
-$IPTABLES -t filter -F MINIUPNPD
+IPV6=1
+. $(dirname "$0")/miniupnpd_functions.sh
 
+#flush all rules owned by miniupnpd
+$IPTABLES -t filter -F $CHAIN

miniupnpd/netfilter/ip6tables_init.sh

@@ -1,12 +1,22 @@
 #! /bin/sh
-# $Id: ip6tables_init.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
-IPTABLES=/sbin/ip6tables
+# $Id: ip6tables_init_and_clean.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
+# Improved Miniupnpd iptables init script.
+# Checks for state of filter before doing anything..
 
-#change this parameters :
-EXTIF=eth0
-
-#adding the MINIUPNPD chain for filter
-$IPTABLES -t filter -N MINIUPNPD
-#adding the rule to MINIUPNPD
-$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
+IPV6=1
+EXT=1
+. $(dirname "$0")/miniupnpd_functions.sh
 
+if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
+	echo "Filter table dirty; Cleaning..."
+elif [ "$FDIRTY" = "Chain" ]; then
+	echo "Dirty filter chain but no reference..? Fixing..."
+	$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+else
+	echo "Filter table clean..initalizing.."
+	$IPTABLES -t filter -N $CHAIN
+	$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+fi
+if [ "$CLEAN" = "yes" ]; then
+	$IPTABLES -t filter -F $CHAIN
+fi

miniupnpd/netfilter/ip6tables_removeall.sh

@@ -1,13 +1,16 @@
 #! /bin/sh
 # $Id: ip6tables_removeall.sh,v 1.1 2012/04/24 22:13:41 nanard Exp $
-IPTABLES=/sbin/ip6tables
 
-#change this parameters :
-EXTIF=eth0
+IPV6=1
+EXT=1
+. $(dirname "$0")/miniupnpd_functions.sh
 
 #removing the MINIUPNPD chain for filter
-$IPTABLES -t filter -F MINIUPNPD
-#adding the rule to MINIUPNPD
-$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
-$IPTABLES -t filter -X MINIUPNPD
-
+if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
+	$IPTABLES -t filter -F $CHAIN
+	$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+	$IPTABLES -t filter -X $CHAIN
+elif [ "$FDIRTY" = "Chain" ]; then
+	$IPTABLES -t filter -F $CHAIN
+	$IPTABLES -t filter -X $CHAIN
+fi

miniupnpd/netfilter/iptables_display.sh

@@ -1,14 +1,14 @@
 #! /bin/sh
 # $Id: iptables_display.sh,v 1.4 2011/05/16 12:11:37 nanard Exp $
-IPTABLES=/sbin/iptables
+
+. $(dirname "$0")/miniupnpd_functions.sh
 
 #display all chains relative to miniupnpd
 $IPTABLES -v -n -t nat -L PREROUTING
-$IPTABLES -v -n -t nat -L MINIUPNPD
+$IPTABLES -v -n -t nat -L $CHAIN
 $IPTABLES -v -n -t nat -L POSTROUTING
-$IPTABLES -v -n -t nat -L MINIUPNPD-POSTROUTING
+$IPTABLES -v -n -t nat -L $CHAIN-POSTROUTING
 $IPTABLES -v -n -t mangle -L PREROUTING
-$IPTABLES -v -n -t mangle -L MINIUPNPD
+$IPTABLES -v -n -t mangle -L $CHAIN
 $IPTABLES -v -n -t filter -L FORWARD
-$IPTABLES -v -n -t filter -L MINIUPNPD
-
+$IPTABLES -v -n -t filter -L $CHAIN

miniupnpd/netfilter/iptables_display_miniupnpd.sh

@@ -1,10 +1,10 @@
 #! /bin/sh
-# $Id: iptables_display.sh,v 1.6 2016/02/09 09:37:44 nanard Exp $
-IPTABLES=/sbin/iptables
+# $Id: iptables_display_miniupnpd.sh,v 1.1 2016/02/12 15:23:29 nanard Exp $
 
-#display miniupnpd chains
-$IPTABLES -v -n -t nat -L MINIUPNPD
-$IPTABLES -v -n -t nat -L MINIUPNPD-POSTROUTING
-$IPTABLES -v -n -t mangle -L MINIUPNPD
-$IPTABLES -v -n -t filter -L MINIUPNPD
+. $(dirname "$0")/miniupnpd_functions.sh
 
+#display miniupnpd chains
+$IPTABLES -v -n -t nat -L $CHAIN
+$IPTABLES -v -n -t nat -L $CHAIN-POSTROUTING
+$IPTABLES -v -n -t mangle -L $CHAIN
+$IPTABLES -v -n -t filter -L $CHAIN

miniupnpd/netfilter/iptables_flush.sh

@@ -1,10 +1,10 @@
 #! /bin/sh
-# $Id: iptables_flush.sh,v 1.3 2011/05/16 12:11:37 nanard Exp $
-IPTABLES=/sbin/iptables
+# $Id: iptables_flush.sh,v 1.6 2017/04/21 11:16:09 nanard Exp $
 
-#flush all rules owned by miniupnpd
-$IPTABLES -t nat -F MINIUPNPD
-$IPTABLES -t nat -F MINIUPNPD-POSTROUTING
-$IPTABLES -t filter -F MINIUPNPD
-$IPTABLES -t mangle -F MINIUPNPD
+. $(dirname "$0")/miniupnpd_functions.sh
 
+#flush all rules owned by miniupnpd
+$IPTABLES -t nat -F $CHAIN
+$IPTABLES -t nat -F $CHAIN-POSTROUTING
+$IPTABLES -t filter -F $CHAIN
+$IPTABLES -t mangle -F $CHAIN

miniupnpd/netfilter/iptables_init.sh

@@ -1,31 +1,37 @@
 #! /bin/sh
-# $Id: iptables_init.sh,v 1.5 2011/05/16 12:11:37 nanard Exp $
-IPTABLES="`which iptables`" || exit 1
-IPTABLES="$IPTABLES -w"
-IP="`which ip`" || exit 1
+# $Id: iptables_init_and_clean.sh,v 1.7 2017/04/21 11:16:09 nanard Exp $
+# Improved Miniupnpd iptables init script.
+# Checks for state of filter before doing anything..
 
-#change this parameters :
-#EXTIF=eth0
-EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1
-EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`"
+EXT=1
+. $(dirname "$0")/miniupnpd_functions.sh
 
-echo "External IP = $EXTIP"
+if [ "$NDIRTY" = "${CHAIN}Chain" ]; then
+	echo "Nat table dirty; Cleaning..."
+elif [ "$NDIRTY" = "Chain" ]; then
+	echo "Dirty NAT chain but no reference..? Fixing..."
+	#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
+	$IPTABLES -t nat -A PREROUTING -i $EXTIF -j $CHAIN
+else
+	echo "NAT table clean..initalizing.."
+	$IPTABLES -t nat -N $CHAIN
+	#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
+	$IPTABLES -t nat -A PREROUTING -i $EXTIF -j $CHAIN
+fi
+if [ "$CLEAN" = "yes" ]; then
+	$IPTABLES -t nat -F $CHAIN
+fi
 
-#adding the MINIUPNPD chain for nat
-$IPTABLES -t nat -N MINIUPNPD
-#adding the rule to MINIUPNPD
-#$IPTABLES -t nat -A PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD
-$IPTABLES -t nat -A PREROUTING -i $EXTIF -j MINIUPNPD
-
-#adding the MINIUPNPD chain for mangle
-$IPTABLES -t mangle -N MINIUPNPD
-$IPTABLES -t mangle -A PREROUTING -i $EXTIF -j MINIUPNPD
-
-#adding the MINIUPNPD chain for filter
-$IPTABLES -t filter -N MINIUPNPD
-#adding the rule to MINIUPNPD
-$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
-
-#adding the MINIUPNPD chain for nat
-$IPTABLES -t nat -N MINIUPNPD-POSTROUTING
-$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING
+if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
+	echo "Filter table dirty; Cleaning..."
+elif [ "$FDIRTY" = "Chain" ]; then
+	echo "Dirty filter chain but no reference..? Fixing..."
+	$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+else
+	echo "Filter table clean..initalizing.."
+	$IPTABLES -t filter -N MINIUPNPD
+	$IPTABLES -t filter -A FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+fi
+if [ "$CLEAN" = "yes" ]; then
+	$IPTABLES -t filter -F $CHAIN
+fi

miniupnpd/netfilter/iptables_removeall.sh

@@ -1,34 +1,46 @@
 #! /bin/sh
-# $Id: iptables_removeall.sh,v 1.5 2011/05/16 12:11:37 nanard Exp $
-IPTABLES="`which iptables`" || exit 1
-IPTABLES="$IPTABLES -w"
-IP="`which ip`" || exit 1
+# $Id: iptables_removeall.sh,v 1.10 2017/04/21 11:16:09 nanard Exp $
 
-#change this parameters :
-#EXTIF=eth0
-EXTIF="`LC_ALL=C $IP -4 route | grep 'default' | sed -e 's/.*dev[[:space:]]*//' -e 's/[[:space:]].*//'`" || exit 1
-EXTIP="`LC_ALL=C $IP -4 addr show $EXTIF | awk '/inet/ { print $2 }' | cut -d "/" -f 1`"
+EXT=1
+. $(dirname "$0")/miniupnpd_functions.sh
 
 #removing the MINIUPNPD chain for nat
-$IPTABLES -t nat -F MINIUPNPD
-#rmeoving the rule to MINIUPNPD
-#$IPTABLES -t nat -D PREROUTING -d $EXTIP -i $EXTIF -j MINIUPNPD
-$IPTABLES -t nat -D PREROUTING -i $EXTIF -j MINIUPNPD
-$IPTABLES -t nat -X MINIUPNPD
+if [ "$NDIRTY" = "${CHAIN}Chain" ]; then
+	$IPTABLES -t nat -F $CHAIN
+	#$IPTABLES -t nat -D PREROUTING -d $EXTIP -i $EXTIF -j $CHAIN
+	$IPTABLES -t nat -D PREROUTING -i $EXTIF -j $CHAIN
+	$IPTABLES -t nat -X $CHAIN
+elif [ "$NDIRTY" = "Chain" ]; then
+	$IPTABLES -t nat -F $CHAIN
+	$IPTABLES -t nat -X $CHAIN
+fi
 
 #removing the MINIUPNPD chain for mangle
-$IPTABLES -t mangle -F MINIUPNPD
-$IPTABLES -t mangle -D PREROUTING -i $EXTIF -j MINIUPNPD
-$IPTABLES -t mangle -X MINIUPNPD
+if [ "$MDIRTY" = "${CHAIN}Chain" ]; then
+	$IPTABLES -t mangle -F $CHAIN
+	$IPTABLES -t mangle -D FORWARD -i $EXTIF -j $CHAIN
+	$IPTABLES -t mangle -X $CHAIN
+elif [ "$MDIRTY" = "Chain" ]; then
+	$IPTABLES -t mangle -F $CHAIN
+	$IPTABLES -t mangle -X $CHAIN
+fi
 
 #removing the MINIUPNPD chain for filter
-$IPTABLES -t filter -F MINIUPNPD
-#adding the rule to MINIUPNPD
-$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j MINIUPNPD
-$IPTABLES -t filter -X MINIUPNPD
+if [ "$FDIRTY" = "${CHAIN}Chain" ]; then
+	$IPTABLES -t filter -F $CHAIN
+	$IPTABLES -t filter -D FORWARD -i $EXTIF ! -o $EXTIF -j $CHAIN
+	$IPTABLES -t filter -X $CHAIN
+elif [ "$FDIRTY" = "Chain" ]; then
+	$IPTABLES -t filter -F $CHAIN
+	$IPTABLES -t filter -X $CHAIN
+fi
 
 #removing the MINIUPNPD-POSTROUTING chain for nat
-$IPTABLES -t nat -F MINIUPNPD-POSTROUTING
-#removing the rule to MINIUPNPD-POSTROUTING
-$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j MINIUPNPD-POSTROUTING
-$IPTABLES -t nat -X MINIUPNPD-POSTROUTING
+if [ "$NPDIRTY" = "${CHAIN}-POSTROUTINGChain" ]; then
+	$IPTABLES -t nat -F $CHAIN-POSTROUTING
+	$IPTABLES -t nat -D POSTROUTING -o $EXTIF -j $CHAIN-POSTROUTING
+	$IPTABLES -t nat -X $CHAIN-POSTROUTING
+elif [ "$NPDIRTY" = "Chain" ]; then
+	$IPTABLES -t nat -F $CHAIN-POSTROUTING
+	$IPTABLES -t nat -X $CHAIN-POSTROUTING
+fi