From db252ce091dfa121f3ef2418f7221c5d24c2d26e Mon Sep 17 00:00:00 2001
From: gyurix <gyorgy.berenyi@format.hu>
Date: Tue, 20 Sep 2022 10:01:05 +0000
Subject: [PATCH] debugging duplication and filtering

---
 firewall/firewall-add | 47 +++++++++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 20 deletions(-)

diff --git a/firewall/firewall-add b/firewall/firewall-add
index 17e17bd..5fb754c 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -293,9 +293,35 @@ else
 		$IPTABLES -I $CHAIN -m state --state established,related -j ACCEPT;
 	fi
 
+	IPTABLES_OPTIONS=""
+	GREP_OPTIONS=""
+	if [ "$SOURCE_IP" != "" ]; then
+		IPTABLES_OPTIONS=$IPTABLES_OPTIONS" -s $SOURCE_IP";
+		GREP_OPTIONS=$GREP_OPTIONS"|grep -e $SOURCE_IP";
+
+		if [ "$SOURCE_PORT" != "" ]; then
+			IPTABLES_OPTIONS=$IPTABLES_OPTIONS" --sport $SOURCE_PORT";
+			GREP_OPTIONS=$GREP_OPTIONS"|grep -e $SOURCE_PORT";
+		fi
+	fi
+	
+	if [ "$TARGET_IP" != "" ]; then
+		IPTABLES_OPTIONS=$IPTABLES_OPTIONS" -d $TARGET_IP";
+		GREP_OPTIONS=$GREP_OPTIONS"|grep -e $TARGET_IP";
+
+		if [ "$TARGET_PORT" != "" ]; then
+			IPTABLES_OPTIONS=$IPTABLES_OPTIONS" --dport $TARGET_PORT";
+			GREP_OPTIONS=$GREP_OPTIONS"|grep -e $TARGET_PORT";
+		fi
+	fi
+	
+	if [[ "$SOURCE_IP" != "" && "$TARGET_IP" != "" ]]; then
+	
 	# 
 	# DELETE UNECESSARY LINES FROM PREVIOUS RULES
-	LINES=$($IPTABLES --line-number -n --list $CHAIN | grep $SOURCE_IP |grep $TARGET_IP |grep $PROTOCOL |grep $TARGET_PORT | awk '{print $1}'| tac)
+	IPTABLES_COMMAND="$IPTABLES --line-number -n --list $CHAIN | grep $PROTOCOL $GREP_OPTIONS | awk '{print \$1}'| tac";
+	debug "$IPTABLES_COMMAND";
+	LINES=$(eval $IPTABLES_COMMAND);
 
 	if [ -n "$LINES" ] ; then
 		for i in $LINES; do 
@@ -305,25 +331,6 @@ else
 		done
 	fi
 
-	IPTABLES_OPTIONS=""
-	if [ "$SOURCE_IP" != "" ]; then
-		IPTABLES_OPTIONS=$IPTABLES_OPTIONS" -s $SOURCE_IP";
-	else
-		SOURCE_PORT=""
-	fi
-	if [ "$SOURCE_PORT" != "" ]; then
-		IPTABLES_OPTIONS=$IPTABLES_OPTIONS" --sport $SOURCE_PORT";
-	fi
-	if [ "$TARGET_IP" != "" ]; then
-		IPTABLES_OPTIONS=$IPTABLES_OPTIONS" -d $TARGET_IP";
-	else
-		TARGET_PORT=""
-	fi
-	if [ "$TARGET_PORT" != "" ]; then
-		IPTABLES_OPTIONS=$IPTABLES_OPTIONS" --dport $TARGET_PORT";
-	fi
-	
-	if [[ "$SOURCE_IP" != "" && "$TARGET_IP" != "" ]]; then
 
 	debug "$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT"
 	$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT