diff --git a/script.sh.template b/script.sh.template index 05b7933..8750403 100644 --- a/script.sh.template +++ b/script.sh.template @@ -3,16 +3,13 @@ echo ============================== >> {{script_log_fp}} env >> {{script_log_fp}} iptable_check_add(){ - local x="$@" - iptables -C $x 2>/dev/null || iptables -A $x + iptables -C $@ 2>/dev/null || iptables -A $@ } iptable_nat_check_add(){ - local x="$@" - iptables -t nat -C $x 2>/dev/null || iptables -t nat -A $x + iptables -t nat -C $@ 2>/dev/null || iptables -t nat -A $@ } iptable_mangle_check_add(){ - local x="$@" - iptables -t mangle -C $x 2>/dev/null || iptables -t mangle -A $x + iptables -t mangle -C $@ 2>/dev/null || iptables -t mangle -A $@ } # create route table if it does not exist @@ -25,8 +22,8 @@ if [ $(getent group|grep {{route_table_name}} | wc -l) -eq 0 ]; then groupadd {{route_table_name}} fi -iptable_mangle_check_add -I OUTPUT -m owner --gid-owner {{route_table_name}} -j MARK --set-mark {{route_table_id}} -iptable_nat_check_add -t nat -I POSTROUTING -m owner --gid-owner {{route_table_name}} -o ${dev} -j MASQUERADE +iptable_mangle_check_add OUTPUT -m owner --gid-owner {{route_table_name}} -j MARK --set-mark {{route_table_id}} +iptable_nat_check_add POSTROUTING -m owner --gid-owner {{route_table_name}} -o ${dev} -j MASQUERADE # populate route table ip route flush table {{route_table_name}} ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local} table {{route_table_name}} @@ -37,6 +34,6 @@ ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local} ip rule add fwmark {{route_table_id}} table {{route_table_name}} pref {{rule_pref}} #ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}} -iptable_check_add -I OUTPUT -m mark --mark {{route_table_id}} -j ACCEPT +iptable_check_add OUTPUT -m mark --mark {{route_table_id}} -j ACCEPT exit 0 diff --git a/test.sh b/test.sh deleted file mode 100755 index 2b532e4..0000000 --- a/test.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -iptable_check_add(){ - local x="$@" - iptables -C $x 2>/dev/null || iptables -A $x -}