Linux-router News & Developer Blog

[garywill]

Oooa~ There hadn't been a developer's manual for this project.

I'm posting some Linux-router's News & Developer Notes on this post.

++++++++++++++++++++++++++++

Bilibili (中) | Youtube (en)

Stay away from 996. Everyone lives a healthy life! 🌱

[garywill]

Give ability to Bash script to easily undo iptables changes

(让Bash脚本能够轻松复原iptables更改)

Writing shell commands to add iptables rules is a HeadACHe.

Then having to undo iptables changes is double HHeadACHHe.

Each -I or -A needs a -D.

Each -N needs -F+-X.

I wrote a new function iptb() for linux-router to reduce the double headache to be single headache.

Usage syntax is almost same with iptables:

iptb 4 v nat I POSTROUTING -s ${GATEWAY%.*}.0/24 $IPTABLES_NAT_OUT $MASQUERADE_NOTOUT ! -d ${GATEWAY%.*}.0/24  -j MASQUERADE || die
iptb 4 v filter I FORWARD  -i ${SUBNET_IFACE} $IPTABLES_NAT_OUT -s ${GATEWAY%.*}.0/24 -j ACCEPT || die
iptb 4 v filter I FORWARD  -o ${SUBNET_IFACE} $IPTABLES_NAT_IN  -d ${GATEWAY%.*}.0/24 -j ACCEPT || die

Undoing iptables changes is mush easier now -- use clean_iptables()

clean_iptables() {
    bash $CONFDIR/undo_iptables.sh
    [[ -f $CONFDIR/undo_iptables_2.sh ]] && bash $CONFDIR/undo_iptables_2.sh
}

undo_iptables.sh was automatically generated.

Hope that can make potential contributors fear less about the code :)

See the code of function iptb(): https://github.com/garywill/linux-router/blob/15a2e0ce53928c658d15b651d03cf4a88a460d8c/lnxrouter#L829-L902