Added delete firewall rule option

firewall/firewall-add

@@ -20,6 +20,7 @@ NAME=$NAME
 COMMENT="$COMMENT"
 NAME="$NAME-$COMMENT"
 PROTOCOL=$TYPE
+DELETE=$OPERATION
 
 EXTRA_OPTIONS="$2 $3 $4"
       
@@ -245,6 +246,20 @@ if [[ -z "$TARGET_IP" ]]; then
 	fi
 fi
 
+delete_lines() {
+	
+	if [ "$1" != "" ]; then
+		CHAIN=$1;
+	fi
+
+	if [ -n "$LINES" ] ; then
+		for i in $LINES; do 
+			debug "$IPTABLES -D $CHAIN $i"
+			$IPTABLES -w -D $CHAIN $i
+			sleep 0.1
+		done
+	fi
+}
 
 prerouting() {
 	if [ "$(set |grep -w SOURCE_IFACE)" != "" ]; then 
@@ -260,13 +275,7 @@ prerouting() {
 					LINES=$($IPTABLES -w -L --line-number -n | grep DNAT | grep $SOURCE_PORT |grep $TARGET_IP |grep $TARGET_PORT |grep $COMMENT | awk '{print $1}'| tac)
 					debug "Previous prerouting lines: "$LINES
 					# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-					if [ -n "$LINES" ] ; then
+					delete_lines "PREROUTING";
-						for i in $LINES; do 
-							debug "$IPTABLES -D PREROUTING $i";
-							$IPTABLES -w -D PREROUTING $i
-							sleep 0.1
-						done
-					fi
 
 					debug "$IPTABLES -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT"
 					$IPTABLES -w -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
@@ -286,13 +295,7 @@ postrouting() {
 		debug "Previous postrouting lines: "$LINES
 
 		# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-		if [ -n "$LINES" ] ; then
+		delete_lines "POSTROUTING";
-			for i in $LINES; do 
-				debug "$IPTABLES -D POSTROUTING $i"
-				$IPTABLES -w -D POSTROUTING $i
-				sleep 0.1
-			done
-		fi
 	
 		debug "$IPTABLES -I POSTROUTING -s $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --sport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE"	
 		$IPTABLES -w -I POSTROUTING -s $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --sport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE	
@@ -306,13 +309,8 @@ postrouting() {
 		debug "Previous postrouting lines: "$LINES
 
 		# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-		if [ -n "$LINES" ] ; then
+		delete_lines "POSTROUTING";
-			for i in $LINES; do 
+		
-				debug "$IPTABLES -D POSTROUTING $i"
-				$IPTABLES -w -D POSTROUTING $i
-				sleep 0.1
-			done
-		fi
 		debug "$IPTABLES -I POSTROUTING -s $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE"
 		$IPTABLES -w -I POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE	
 	fi
@@ -332,6 +330,7 @@ ip_route() {
 	done
 }
 
+
 if [[ "$ROUTE" == "true" ]] ; then
 	IP_ROUTE="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- ip route";
 
@@ -465,18 +464,19 @@ else
 		IPTABLES_COMMAND="$IPTABLES -w --line-number -n --list $CHAIN | grep $PROTOCOL $GREP_OPTIONS | awk '{print \$1}'| tac";
 		debug "$IPTABLES_COMMAND";
 		LINES=$(eval $IPTABLES_COMMAND);
+		delete_lines;
 
-		if [ -n "$LINES" ] ; then
+		if [ "$OPERATION" == "DELETE" ]; then
-			for i in $LINES; do 
+			
-				debug "$IPTABLES -D $CHAIN $i"
+			IPTABLES_COMMAND="$IPTABLES -w --line-number -n --list $CHAIN | grep -w "$COMMENT" | awk '{print \$1}'| tac";
-				$IPTABLES -w -D $CHAIN $i
+			debug "$IPTABLES_COMMAND";
-				sleep 0.1
+			LINES=$(eval $IPTABLES_COMMAND);
-			done
+			delete_lines;
+
+		else
+			debug "$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT"
+			$IPTABLES -w -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT
 		fi
-
-
-		debug "$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT"
-		$IPTABLES -w -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT
 	fi
 	#############################
 fi