diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-12-12 17:24:04 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-12-12 17:24:04 +0100 |
| commit | 6fbfa0d7bba47ef1445b2354609c0f1e3886f3dd (patch) | |
| tree | be140182b7f8f08a024618d5baa61845c0efb454 /src | |
| parent | wg-quick: linux: support older nft(8) (diff) | |
| download | wireguard-tools-6fbfa0d7bba47ef1445b2354609c0f1e3886f3dd.tar.xz wireguard-tools-6fbfa0d7bba47ef1445b2354609c0f1e3886f3dd.zip | |
wg-quick: linux: try both iptables(8) and nft(8) on teardown
Daniel argues that technically a package manager could install nft(8)
after previously having started wg-quick(8) using iptables(8).
Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
| -rwxr-xr-x | src/wg-quick/linux.bash | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index d52bad3..423a2c7 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -188,7 +188,8 @@ remove_firewall() { [[ $table == *" wg-quick-$INTERFACE" ]] && printf -v nftcmd '%sdelete %s\n' "$nftcmd" "$table" done < <(nft list tables 2>/dev/null) [[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd") - else + fi + if type -p iptables >/dev/null; then local line iptables found restore for iptables in iptables ip6tables; do restore="" found=0 |