From 9a3fbe874eb3c9271413b341e902c1da4f632d5f Mon Sep 17 00:00:00 2001
From: Markus Gothe <markus.gothe@genexis.eu>
Date: Wed, 1 May 2024 16:28:01 +0200
Subject: [PATCH] hostmngr: Don't try to resolve IP-adresses in firewall.

Using iptables --list without -n takes a long time
on some configurations during boot up which is a problem.

This commit resolves this by not trying resolve hostnames
as it is not necessary for the functionality.

It also splits up the check in two: one for IPv4 and one
for IPv6 to make the logic more robust and fail-safe.
---
 hostmngr/files/scripts/hosts_acl.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/hostmngr/files/scripts/hosts_acl.sh b/hostmngr/files/scripts/hosts_acl.sh
index b2a9aeeb9..89c4eb237 100755
--- a/hostmngr/files/scripts/hosts_acl.sh
+++ b/hostmngr/files/scripts/hosts_acl.sh
@@ -277,11 +277,15 @@ touch $ACL_FILE
 echo "iptables -w -F hosts_forward" >> $ACL_FILE
 echo "ip6tables -w -F hosts_forward" >> $ACL_FILE
 
-hosts_forward=$(iptables -t filter --list | grep hosts_forward)
-if [ -z "$hosts_forward" ]; then
+hosts_ipv4_forward=$(iptables -t filter --list -n | grep hosts_forward)
+if [ -z "$hosts_ipv4_forward" ]; then
 	echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
 	[ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE
+fi
+
+hosts_ipv6_forward=$(ip6tables -t filter --list -n | grep hosts_forward)
+if [ -z "$hosts_ipv6_forward" ]; then
 	echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE
 	ret=$?
 	[ $ret -eq 0 ] && echo "ip6tables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE