diff --git a/hostmngr/files/scripts/hosts_acl.sh b/hostmngr/files/scripts/hosts_acl.sh index f0388865d..6a08f353b 100755 --- a/hostmngr/files/scripts/hosts_acl.sh +++ b/hostmngr/files/scripts/hosts_acl.sh @@ -271,14 +271,14 @@ touch $ACL_FILE echo "iptables -w -F hosts_forward" >> $ACL_FILE echo "ip6tables -w -F hosts_forward" >> $ACL_FILE -hosts_ipv4_forward=$(iptables -t filter --list -n | grep hosts_forward) +hosts_ipv4_forward=$(iptables -w -t filter --list -n | grep hosts_forward) if [ -z "$hosts_ipv4_forward" ]; then echo "iptables -w -t filter -N hosts_forward" >> $ACL_FILE ret=$? [ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j hosts_forward" >> $ACL_FILE fi -hosts_ipv6_forward=$(ip6tables -t filter --list -n | grep hosts_forward) +hosts_ipv6_forward=$(ip6tables -w -t filter --list -n | grep hosts_forward) if [ -z "$hosts_ipv6_forward" ]; then echo "ip6tables -w -t filter -N hosts_forward" >> $ACL_FILE ret=$? diff --git a/mcastmngr/files/linux/etc/firewall.mcast b/mcastmngr/files/linux/etc/firewall.mcast index be8e428f0..84c786a96 100644 --- a/mcastmngr/files/linux/etc/firewall.mcast +++ b/mcastmngr/files/linux/etc/firewall.mcast @@ -1,2 +1,2 @@ # Forward multicast packets from wan to lan -iptables -t filter -A zone_wan_forward -p udp -d 224.0.0.0/240.0.0.0 -m comment --comment "!fw3: Allow-Multicast-UDP" -j zone_lan_dest_ACCEPT +iptables -w -t filter -A zone_wan_forward -p udp -d 224.0.0.0/240.0.0.0 -m comment --comment "!fw3: Allow-Multicast-UDP" -j zone_lan_dest_ACCEPT diff --git a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh index 6db1eb3fc..7d1db7cfb 100644 --- a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh +++ b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh @@ -412,14 +412,14 @@ add_internet_schedule_rules() { echo "iptables -w -F parentalcontrol_forward" >> $ACL_FILE echo "ip6tables -w -F parentalcontrol_forward" >> $ACL_FILE - parentalcontrol_ipv4_forward=$(iptables -t filter --list -n | grep parentalcontrol_forward) + parentalcontrol_ipv4_forward=$(iptables -w -t filter --list -n | grep parentalcontrol_forward) if [ -z "$parentalcontrol_ipv4_forward" ]; then echo "iptables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE ret=$? [ $ret -eq 0 ] && echo "iptables -w -t filter -I FORWARD -j parentalcontrol_forward" >> $ACL_FILE fi - parentalcontrol_ipv6_forward=$(ip6tables -t filter --list -n | grep parentalcontrol_forward) + parentalcontrol_ipv6_forward=$(ip6tables -w -t filter --list -n | grep parentalcontrol_forward) if [ -z "$parentalcontrol_ipv6_forward" ]; then echo "ip6tables -w -t filter -N parentalcontrol_forward" >> $ACL_FILE ret=$? diff --git a/qosmngr/files/common/lib/qos/iptables.sh b/qosmngr/files/common/lib/qos/iptables.sh index fa226986d..f2253c6d1 100755 --- a/qosmngr/files/common/lib/qos/iptables.sh +++ b/qosmngr/files/common/lib/qos/iptables.sh @@ -279,17 +279,17 @@ create_iptables_chains() { ret=$? [ $ret -eq 0 ] && iptables -w -t mangle -I OUTPUT -j qos_output - ip6tables -t mangle -N qos_forward 2> /dev/null + ip6tables -w -t mangle -N qos_forward 2> /dev/null ret=$? - [ $ret -eq 0 ] && ip6tables -t mangle -I FORWARD -j qos_forward + [ $ret -eq 0 ] && ip6tables -w -t mangle -I FORWARD -j qos_forward - ip6tables -t mangle -N qos_prerouting 2> /dev/null + ip6tables -w -t mangle -N qos_prerouting 2> /dev/null ret=$? - [ $ret -eq 0 ] && ip6tables -t mangle -I PREROUTING -j qos_prerouting + [ $ret -eq 0 ] && ip6tables -w -t mangle -I PREROUTING -j qos_prerouting - ip6tables -t mangle -N qos_output 2> /dev/null + ip6tables -w -t mangle -N qos_output 2> /dev/null ret=$? - [ $ret -eq 0 ] && ip6tables -t mangle -I OUTPUT -j qos_output + [ $ret -eq 0 ] && ip6tables -w -t mangle -I OUTPUT -j qos_output } flush_iptables_chains() { diff --git a/udpecho/files/etc/init.d/udpechoserverd b/udpecho/files/etc/init.d/udpechoserverd index f2cae4eaf..3bb60a3ce 100755 --- a/udpecho/files/etc/init.d/udpechoserverd +++ b/udpecho/files/etc/init.d/udpechoserverd @@ -19,12 +19,12 @@ start_service() { if [ "${enable_udpechoserver}" -eq "1" ] && [ "$port_udpechoserver" -ne "0" ]; then if [ -z "$address_udpechoserver" ]; then - iptables -I zone_wan_input -p udp --dport "$port_udpechoserver" -j ACCEPT -m comment --comment "Open UDPechoserver port" - ip6tables -I zone_wan_input -p udp --dport "$port_udpechoserver" -j ACCEPT -m comment --comment "Open UDPechoserver port" + iptables -w -I zone_wan_input -p udp --dport "$port_udpechoserver" -j ACCEPT -m comment --comment "Open UDPechoserver port" + ip6tables -w -I zone_wan_input -p udp --dport "$port_udpechoserver" -j ACCEPT -m comment --comment "Open UDPechoserver port" elif [[ "$address_udpechoserver" =~ .*:.* ]]; then - ip6tables -I zone_wan_input -p udp --dport "$port_udpechoserver" -j ACCEPT -m comment --comment "Open UDPechoserver port" + ip6tables -w -I zone_wan_input -p udp --dport "$port_udpechoserver" -j ACCEPT -m comment --comment "Open UDPechoserver port" else - iptables -I zone_wan_input -p udp --dport "$port_udpechoserver" -j ACCEPT -m comment --comment "Open UDPechoserver port" + iptables -w -I zone_wan_input -p udp --dport "$port_udpechoserver" -j ACCEPT -m comment --comment "Open UDPechoserver port" fi procd_open_instance @@ -36,12 +36,12 @@ start_service() { stop_service() { # Remove the USPechoserver ports created earlier - while iptables -nL zone_wan_input --line-numbers | grep "Open UDPechoserver port" > /dev/null; do - iptables -D zone_wan_input "$(iptables -nL zone_wan_input --line-numbers | grep "Open UDPechoserver port" | head -1|awk '{print $1}')"; + while iptables -w -nL zone_wan_input --line-numbers | grep "Open UDPechoserver port" > /dev/null; do + iptables -w -D zone_wan_input "$(iptables -w -nL zone_wan_input --line-numbers | grep "Open UDPechoserver port" | head -1|awk '{print $1}')"; done - while ip6tables -nL zone_wan_input --line-numbers | grep "Open UDPechoserver port" > /dev/null; do - ip6tables -D zone_wan_input "$(ip6tables -nL zone_wan_input --line-numbers | grep "Open UDPechoserver port" | head -1|awk '{print $1}')"; + while ip6tables -w -nL zone_wan_input --line-numbers | grep "Open UDPechoserver port" > /dev/null; do + ip6tables -w -D zone_wan_input "$(ip6tables -w -nL zone_wan_input --line-numbers | grep "Open UDPechoserver port" | head -1|awk '{print $1}')"; done plus_enable="$(uci -q -c /var/state get udpechoserver.udpechoserver.plus)" diff --git a/userinterface/files/etc/firewall.userinterface b/userinterface/files/etc/firewall.userinterface index 580a4d88a..a96b467ac 100755 --- a/userinterface/files/etc/firewall.userinterface +++ b/userinterface/files/etc/firewall.userinterface @@ -19,8 +19,8 @@ exec_cmd() { } delete_ui_firewall_rules() { - input_chains=$(iptables -S | grep -E "^-N zone[a-zA-Z0-9_]+input$" | cut -d' ' -f 2) - output_chains=$(iptables -S | grep -E "^-N zone[a-zA-Z0-9_]+output$" | cut -d' ' -f 2) + input_chains=$(iptables -w 1 -S | grep -E "^-N zone[a-zA-Z0-9_]+input$" | cut -d' ' -f 2) + output_chains=$(iptables -w 1 -S | grep -E "^-N zone[a-zA-Z0-9_]+output$" | cut -d' ' -f 2) for chain in ${input_chains}; do CMD="iptables -w 1 -t filter -nL ${chain} --line-numbers" @@ -42,8 +42,8 @@ delete_ui_firewall_rules() { done done - input6_chains=$(ip6tables -S | grep -E "^-N zone[a-zA-Z0-9_]+input$" | cut -d' ' -f 2) - output6_chains=$(ip6tables -S | grep -E "^-N zone[a-zA-Z0-9_]+output$" | cut -d' ' -f 2) + input6_chains=$(ip6tables -w 1 -S | grep -E "^-N zone[a-zA-Z0-9_]+input$" | cut -d' ' -f 2) + output6_chains=$(ip6tables -w 1 -S | grep -E "^-N zone[a-zA-Z0-9_]+output$" | cut -d' ' -f 2) for chain in ${input6_chains}; do CMD="ip6tables -w 1 -t filter -nL ${chain} --line-numbers"