From 21a1498f161f7347cbf96316c21a924d569849c1 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Thu, 12 Dec 2019 17:24:04 +0100
Subject: wg-quick: linux: try both iptables(8) and nft(8) on teardown

Daniel argues that technically a package manager could install nft(8)
after previously having started wg-quick(8) using iptables(8).

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 src/tools/wg-quick/linux.bash | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/tools/wg-quick/linux.bash')

diff --git a/src/tools/wg-quick/linux.bash b/src/tools/wg-quick/linux.bash
index d52bad3..423a2c7 100755
--- a/src/tools/wg-quick/linux.bash
+++ b/src/tools/wg-quick/linux.bash
@@ -188,7 +188,8 @@ remove_firewall() {
 			[[ $table == *" wg-quick-$INTERFACE" ]] && printf -v nftcmd '%sdelete %s\n' "$nftcmd" "$table"
 		done < <(nft list tables 2>/dev/null)
 		[[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd")
-	else
+	fi
+	if type -p iptables >/dev/null; then
 		local line iptables found restore
 		for iptables in iptables ip6tables; do
 			restore="" found=0
-- 
cgit v1.2.3-59-g8ed1b