Taking into account '-t table' iptables option

etc/post-up-down-routing.example

@@ -6,7 +6,5 @@ then
 else
     external_if=$1
 fi
-$do_action -t nat $IPTABLES_ADD $IT_INPUT -A $IT_POSTROUTING -s '10.1.0.0/24' -o $external_if -j MASQUERADE
-$do_action -t raw $IPTABLES_INSERT $IT_INPUT -I $IT_PREROUTING -i fwbr+ -j CT --zone 1
-$do_action -t nat $IPTABLES_INSERT $IT_INPUT -D $IT_POSTROUTING -s '10.1.0.0/24' -o $external_if -j MASQUERADE
-$do_action -t raw $IPTABLES_INSERT $IT_INPUT -D $IT_PREROUTING -i fwbr+ -j CT --zone 1
+$do_action -t nat $IPTABLES_ADD $IT_POSTROUTING -s '10.1.0.0/24' -o $external_if -j MASQUERADE
+$do_action -t raw $IPTABLES_INSERT $IT_PREROUTING -i fwbr+ -j CT --zone 1

scripts/setup

@@ -78,44 +78,88 @@ do_not_log_action () {
 ###############################################################
 # Firewall actions function definition
 ###############################################################
+get_table_information(){
+    if [ "$1" = "-t" ]
+    then
+        echo "$1 $2"
+    else
+        echo ""
+    fi
+}
+
+get_action_information(){
+    if [ "$1" = "-t" ]
+    then
+        echo "$3"
+    else
+        echo "$1"
+    fi
+}
+
+
+get_command_information(){
+    if [ "$1" = "-t" ]
+    then
+        shift 3
+    else
+        shift
+    fi
+    echo "$*"
+}
+
+get_chain_information(){
+    if [ "$1" = "-t" ]
+    then
+        shift 3
+    else
+        shift
+    fi
+    echo "$1"
+}
+
 do_exec () {
-	case $1 in
+    local it_action=`get_action_information $*`
+    local it_table=`get_table_information $*`
+    local it_command=`get_command_information $*`
+    local it_option
+	case ${it_action} in
 		__iptable_add_action)
 			shift
-			iptables_option=-A
+			it_option=-A
 		;;
 		__iptable_insert_action)
 			shift
-			iptables_option=-I
+			it_option=-I
 		;;
 		__iptable_set_policy_action)
 			shift
-			iptables_option=-P
+			it_option=-P
 		;;
 		*)
 			echo "Nothing to be done for $1"
 		;;
 	esac
 	if [ ${verbose} -ge 1 ] ; then
-		echo $IP_TABLES $iptables_option $*
+		echo $IP_TABLES $it_table $it_option $it_command
 	fi
-	if ! $IP_TABLES -C $* > /dev/null 2>&1
+	if ! $IP_TABLES $it_table -C $it_command > /dev/null 2>&1
 	then
-		$IP_TABLES $iptables_option $*
+		$IP_TABLES $it_table $it_option $it_command
 	fi
 }
 
 
 do_check () {
-	local the_action
-	the_action=$1
-	shift
-	case $the_action in
+    local it_action=`get_action_information $*`
+    local it_table=`get_table_information $*`
+    local it_command=`get_command_information $*`
+    local it_option
+	case $it_action in
 		__iptable_add_action)
-			iptables_option=-A
+			it_option=-A
 		;;
 		__iptable_insert_action)
-			iptables_option=-I
+			it_option=-I
 		;;
 		__iptable_set_policy_action)
 			return 0
@@ -126,33 +170,35 @@ do_check () {
 	esac
 	default_option=-C
 	if [ ${verbose} -ge 1 ] ; then
-		echo $do_log "$the_action:" $IP_TABLES -C $*
-		echo $IP_TABLES -C $*
+		echo $do_log "$it_action:" $IP_TABLES $it_table -C $it_command
+		echo $IP_TABLES $it_table -C $it_command
 	fi
-	$do_log "$the_action:" $IP_TABLES -C $*
-	$IP_TABLES -C $*
+	$do_log "$it_action:" $IP_TABLES -C $it_command
+	$IP_TABLES  $it_table -C $it_command
 	global_status=$((global_status+$?))
 }
 
 
 do_delete () {
-	local the_action
-	the_action=$1
-	shift
+    local it_action=`get_action_information $*`
+    local it_table=`get_table_information $*`
+    local it_command=`get_command_information $*`
+    local it_option
 	if [ ${verbose} -gt 1 ] ; then
-		$do_log "Trying to delete:" $(translate_iptables_rule $IP_TABLES $the_action $*)
+		$do_log "Trying to delete:" \
+         $(translate_iptables_rule $IP_TABLES $it_table $it_action $it_command)
 	fi
-	case $the_action in
+	case $it_action in
 		__iptable_add_action)
-			iptables_option=-D
+			it_option=-D
 		;;
 		__iptable_insert_action)
-			iptables_option=-D
+			it_option=-D
 		;;
 		__iptable_set_policy_action)
-			CHAIN_NAME="$1"
-			$do_log "DELETING: $IP_TABLES -P $CHAIN_NAME DROP"
-			$IP_TABLES -P $CHAIN_NAME ACCEPT
+			CHAIN_NAME=`get_chain_information $*`
+			$do_log "DELETING: $IP_TABLES $it_table -P $CHAIN_NAME DROP"
+			$IP_TABLES $it_table -P $CHAIN_NAME ACCEPT
 			return 0
 		;;
 		*)
@@ -162,12 +208,12 @@ do_delete () {
 
 
 	# Checks the rule then delete it, if it exists
-	if $IP_TABLES -C $* > /dev/null 2>&1
+	if $IP_TABLES $it_table -C $it_command > /dev/null 2>&1
 	then
-		$IP_TABLES $iptables_option $* || echo "DID NOT EXIST: "$IP_TABLES $iptables_option $*
-		$do_log "DELETING:" $IP_TABLES $iptables_option $*
+		$IP_TABLES $it_table $it_option $it_command || echo "DID NOT EXIST: "$IP_TABLES $it_option $it_command
+		$do_log "DELETING:" $IP_TABLES $it_table $it_option $it_command
 	else
-		$do_log "NOT EXISTING:" $IP_TABLES $iptables_option $*
+		$do_log "NOT EXISTING:" $IP_TABLES $it_table $it_option $it_command
 	fi
 	global_status=$((global_status+$?))
 }