From 1dd887adb4faf18453f81c4825a3c62392192e61 Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Tue, 15 Jun 2021 11:57:40 +0000
Subject: [PATCH] Creating nsenter specific lines for setting firewall rules.

---
 firewall/firewall-add | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/firewall/firewall-add b/firewall/firewall-add
index 15b7ee1..4f85e19 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -1,5 +1,5 @@
 #!/bin/sh
-
+NSENTER=$NSENTER
 CHAIN=$CHAIN
 COMMENT=$COMMENT
 PROTOCOL=$TYPE
@@ -10,11 +10,25 @@ echo 1 > /proc/sys/net/ipv4/ip_forward
 
 ##############################
 
+#############################
+
+# NSENTER Specific settings #
+
+if [[ "$NSENTER" == "true" ]] ; then
+
+iptables="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- /sbin/iptables-legacy -t nat";
+
+	if $iptables --list POSTROUTING |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then 
+			else $iptables -I POSTROUTING -m state --state established,related -j ACCEPT;
+	fi
+
+else 
+	iptables="/sbin/iptables-legacy"
+	
+	if $iptables --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then 
+			else $iptables -I $CHAIN -m state --state established,related -j ACCEPT;
+	fi
 # 
-if /sbin/iptables-legacy --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ;
-        then : ;
-	        else /sbin/iptables-legacy -I $CHAIN -m state --state established,related -j ACCEPT;
-fi
 
 ###############################
 
@@ -39,16 +53,16 @@ for source_ip_index in $(seq 1 $COUNT_SOURCE_IP) ; do
 			fi
 
 			# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-			LINES=$(/sbin/iptables-legacy --line-number -n --list $CHAIN | grep $SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $TARGET_PORT | awk '{print $1}'| tac)
+			LINES=$($iptables --line-number -n --list $CHAIN | grep $SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $TARGET_PORT | awk '{print $1}'| tac)
 
 			if [ -n "$LINES" ] ; then
 				for i in $LINES; do 
-					/sbin/iptables-legacy -D $CHAIN $i
+					$iptables -D $CHAIN $i
 					sleep 0.1
 				done
 			fi
 
-			/sbin/iptables-legacy -I $CHAIN -s $SOURCE_IP -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT      
+			$iptables -I $CHAIN -s $SOURCE_IP -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT      
 		done
 	done
 done