wg-quick: linux: try both iptables(8) and nft(8) on teardown

Daniel argues that technically a package manager could install nft(8)
after previously having started wg-quick(8) using iptables(8).

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index d52bad306957f7372b2fadb8db70e65a0fabe90e..423a2c7a3ad1e30b1c2baee2ca9c4af23c567a9e 100755 (executable)
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -188,7 +188,8 @@ remove_firewall() {
                        [[ $table == *" wg-quick-$INTERFACE" ]] && printf -v nftcmd '%sdelete %s\n' "$nftcmd" "$table"
                done < <(nft list tables 2>/dev/null)
                [[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd")
-       else
+       fi
+       if type -p iptables >/dev/null; then
                local line iptables found restore
                for iptables in iptables ip6tables; do
                        restore="" found=0