From 1ace0d51e7c34f83cc68845e97b553cb525b002c Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Fri, 18 Jun 2021 12:27:30 +0000
Subject: [PATCH] Fixing SOURE_PORT variables cycle.

---
 firewall/firewall-add | 98 ++++++++++++++++++++++---------------------
 1 file changed, 51 insertions(+), 47 deletions(-)

diff --git a/firewall/firewall-add b/firewall/firewall-add
index 77c97e5..be52838 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -1,5 +1,6 @@
 #!/bin/sh
 NSENTER=$NSENTER
+NAME=$NAME-$COMMENT
 CHAIN=$CHAIN
 COMMENT=$COMMENT
 PROTOCOL=$TYPE
@@ -18,74 +19,77 @@ COUNT_SOURCE_PORT=$(set |grep SOURCE_PORT |wc -l)
 COUNT_TARGET_IP=$(set |grep TARGET_IP |wc -l)
 COUNT_TARGET_PORT=$(set |grep TARGET_PORT |wc -l)
 
-
 for source_ip_index in $(seq 1 $COUNT_SOURCE_IP) ; do
 	if set |grep SOURCE_IP_ ; then
 		SOURCE_IP=$(eval "echo \${"SOURCE_IP_$source_ip_index"}")
 	fi
 
+	for target_ip_index in $(seq 1 $COUNT_TARGET_IP) ; do
+		if set |grep TARGET_IP_ ; then
+			TARGET_IP=$(eval "echo \${"TARGET_IP_$target_ip_index"}")                 
+		fi                                                                               
+
+		for target_port_index in $(seq 1 $COUNT_TARGET_PORT) ; do
+			if set |grep TARGET_PORT_ ; then
+				TARGET_PORT=$(eval "echo \${"TARGET_PORT_$target_port_index"}")
+			fi
+
+#############################
+# NSENTER Specific settings #
+if [[ "$NSENTER" == "true" ]] ; then
+
+	iptables="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- /sbin/iptables-legacy -t nat";
+
+	if $iptables --list POSTROUTING |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then 
+		echo "nothing to do";
+	else $iptables -I POSTROUTING -m state --state established,related -j ACCEPT;
+	fi
+
 	for source_port_index in $(seq 1 $COUNT_SOURCE_PORT) ; do
 		if set |grep SOURCE_PORT_ ; then
 			SOURCE_PORT=$(eval "echo \${"SOURCE_PORT_$source_port_index"}")
 		fi
-		for target_ip_index in $(seq 1 $COUNT_TARGET_IP) ; do
-			if set |grep TARGET_IP_ ; then
-				TARGET_IP=$(eval "echo \${"TARGET_IP_$target_ip_index"}")                 
-			fi                                                                               
 
-			for target_port_index in $(seq 1 $COUNT_TARGET_PORT) ; do
-				if set |grep TARGET_PORT_ ; then
-					TARGET_PORT=$(eval "echo \${"TARGET_PORT_$target_port_index"}")
-				fi
+		# DELETE UNECESSARY LINES FROM PREVIOUS RULES
+		LINES=$($iptables --line-number -n --list POSTROUTING | grep $SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $SOURCE_PORT |grep $TARGET_PORT | awk '{print $1}'| tac)
 
-#############################
+		if [ -n "$LINES" ] ; then
+			for i in $LINES; do 
+				$iptables -D PREROUTING $i
+				sleep 0.1
+			done
+		fi
 
-# NSENTER Specific settings #
-
-if [[ "$NSENTER" == "true" ]] ; then
-
-iptables="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- /sbin/iptables-legacy -t nat";
-
-	if $iptables --list POSTROUTING |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then 
-			else $iptables -I POSTROUTING -m state --state established,related -j ACCEPT;
-	fi
-
-# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-LINES=$($iptables --line-number -n --list POSTROUTING | grep $SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $SOURCE_PORT |grep $TARGET_PORT | awk '{print $1}'| tac)
-
-if [ -n "$LINES" ] ; then
-	for i in $LINES; do 
-		$iptables -D PREROUTING $i
-		sleep 0.1
-	done
-fi
-
-$iptables -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
+		$iptables -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
 
+	done	
 else 
 	iptables="/sbin/iptables-legacy"
 	
 	if $iptables --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then 
-			else $iptables -I $CHAIN -m state --state established,related -j ACCEPT;
+		echo "nothing to do";
+	else $iptables -I $CHAIN -m state --state established,related -j ACCEPT;
 	fi
 
-# 
-# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-LINES=$($iptables --line-number -n --list $CHAIN | grep $SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $TARGET_PORT | awk '{print $1}'| tac)
+	# 
+	# DELETE UNECESSARY LINES FROM PREVIOUS RULES
+	LINES=$($iptables --line-number -n --list $CHAIN | grep $SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $TARGET_PORT | awk '{print $1}'| tac)
 
-	if [ -n "$LINES" ] ; then
-		for i in $LINES; do 
-			$iptables -D $CHAIN $i
-			sleep 0.1
-		done
-	fi
+		if [ -n "$LINES" ] ; then
+			for i in $LINES; do 
+				$iptables -D $CHAIN $i
+				sleep 0.1
+			done
+		fi
 
-$iptables -I $CHAIN -s $SOURCE_IP -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT
+	$iptables -I $CHAIN -s $SOURCE_IP -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT
 
-#############################
+	#############################
 
 fi
-			done	
-		done
-	done
-done
+
+		done # target_port
+	done # target_ip
+done # source_ip
+
+