From: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Thu, 12 Dec 2019 16:24:04 +0000 (+0100)
Subject: wg-quick: linux: try both iptables(8) and nft(8) on teardown
X-Git-Tag: v1.0.20191226~8
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=6fbfa0d7bba47ef1445b2354609c0f1e3886f3dd;p=thirdparty%2Fwireguard-tools.git

wg-quick: linux: try both iptables(8) and nft(8) on teardown

Daniel argues that technically a package manager could install nft(8)
after previously having started wg-quick(8) using iptables(8).

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---

diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index d52bad3..423a2c7 100755
--- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -188,7 +188,8 @@ remove_firewall() {
 			[[ $table == *" wg-quick-$INTERFACE" ]] && printf -v nftcmd '%sdelete %s\n' "$nftcmd" "$table"
 		done < <(nft list tables 2>/dev/null)
 		[[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd")
-	else
+	fi
+	if type -p iptables >/dev/null; then
 		local line iptables found restore
 		for iptables in iptables ip6tables; do
 			restore="" found=0