From 9a748efe8c84084f69569c1453525ef3817cd93e Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Wed, 4 Aug 2021 07:34:57 +0000
Subject: [PATCH] Minor changes at NSENTER section.

---
 firewall/firewall-add | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/firewall/firewall-add b/firewall/firewall-add
index 6bc84fd..9aeab40 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -4,6 +4,8 @@ NAME=$NAME-$COMMENT
 CHAIN=$CHAIN
 COMMENT=$COMMENT
 PROTOCOL=$TYPE
+VPN_IP=$VPN_IP
+VPN_NETWORK=$VPN_NETWORK
 
 ##############################
 
@@ -41,11 +43,18 @@ if [[ "$NSENTER" == "true" ]] ; then
 
 	iptables="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- $IPTABLES -t nat";
 
-		if $iptables --list POSTROUTING |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then 
-			echo "nothing to do";
-		else $iptables -I POSTROUTING -m state --state established,related -j ACCEPT;
+	# DELETE UNECESSARY LINES FROM PREVIOUS RULES
+	LINES=$($iptables --line-number -n | grep $VPN_NETWORK | awk '{print $1}'| tac)
+
+		if [ -n "$LINES" ] ; then
+			for i in $LINES; do 
+				$iptables -D $CHAIN $i
+				sleep 0.1
+			done
 		fi
 
+	$iptables -I POSTROUTING -m state --state established,related -j ACCEPT;
+
 	$iptables -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
 
 else