Improve enabling, disabling, and showing status for blocklists.

[lightmaster]

Add chain_exists function to check if an iptables chain already exists.

When enabling UFW, check if each blocklist chain already exists and for each one that does already exist, remove it and then recreate the chain. Prevents issues starting UFW if a chain already existed when you tried to enable UFW.

When disabling UFW, check to make sure each chain actually exists before removing them. Otherwise, if a chain was already removed, ufw disable will error and stop cleaning up the other blocklists.

Reformat the status display so that it separates each chain and shows the column headers for what each value is.

[lightmaster]

Yea, I'll rework it tomorrow. I'm using this, plus some other code that does country blocks based on ipdeny.com lists, mainly cuz I found that first and am see a huge amount of hits from Brazil (around 10k per min). Using this on a weather site based in a small town in US, so there's no reason for anything from there period.

Those status lines were part of me marrying the 2 different bits of codes' statuses together and how it looked best with around 20 lines of status output.

[lightmaster]

I'm not sold on the the status display change though. It definitely would benefit from a header but currently it's 3 lines of iptables status and this change takes it to 12 lines. Could you remove the status changes and resubmit please?

What about status output like this? Adds a header line and adds descriptions on the end of each one for which is which.

>> /etc/ufw/after.init status
Name: ufw-blocklist-ipsum
Type: hash:net
Revision: 7
Header: family inet hashsize 8192 maxelem 65536 bucketsize 12 initval 0x9c448673
Size in memory: 553968
References: 3
Number of entries: 18953

 pkts bytes target     prot opt in     out     source               destination         
47623 2245K DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* ufw-blocklist-input */

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* ufw-blocklist-foward */

    0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0            /* ufw-blocklist-output */

Oct 27 06:29:33 Adguard-Home ufw-blocklist-ipsum[88092]: starting update of ufw-blocklist-ipsum with 19504 entries from https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt

[poddmo]

The header is a definite and formatting with printf I think is the way to go. I'm aiming to have multiple ipsets, with matching packets jumping to the shared targets. So the output of status might look something like this:

 pkts bytes  target                          prot opt in     out     source               destination         
       0        0 ufw-blocklist-input      all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-ipsum src
       0        0 ufw-blocklist-input      all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-bogons src
       0        0 ufw-blocklist-input      all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-countryA src
       0        0 ufw-blocklist-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-ipsum dst
       0        0 ufw-blocklist-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-bogons dst
       0        0 ufw-blocklist-forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-countryA dst
       0        0 ufw-blocklist-output    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-ipsum dst
       0        0 ufw-blocklist-output    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-bogons dst
       0        0 ufw-blocklist-output    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set ufw-blocklist-countryA dst

That's getting complicated as the status might come from each of the scripts