Merge pull request #2385 from Raybuntu/iptables

iptables: Fix several issues

packages/network/iptables/config/home.v4

@@ -8,7 +8,7 @@
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i tether -p udp -m conntrack --ctstate NEW -j ACCEPT
 -A INPUT -j private-subnets
--A FORWARD -i tether -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i tether -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -o tether -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A DOCKER-USER -j private-subnets
 -A private-subnets -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

packages/network/iptables/config/home.v6

@@ -8,7 +8,7 @@
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i tether -p udp -m conntrack --ctstate NEW -j ACCEPT
 -A INPUT -j private-subnets
--A FORWARD -i tether -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i tether -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -o tether -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A DOCKER-USER -j private-subnets
 -A private-subnets -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

packages/network/iptables/scripts/iptables_helper

@@ -23,18 +23,19 @@ IPTABLES_CMDS="$IPTABLES4 $IPTABLES6"
 PUBLIC_RULES="/etc/iptables/public.v"
 HOME_RULES="/etc/iptables/home.v"
 CUSTOM_RULES="/storage/.config/iptables/rules.v"
+DOCKER="service.system.docker.service"
+SYSTEMCTL="/usr/bin/systemctl"
+CONNMANCTL="/usr/bin/connmanctl"
 
 check_docker() {
-    if [ "`/usr/bin/systemctl is-active docker.service`" == "active" ]; then
-	/usr/bin/systemctl restart docker
-    fi
+    $SYSTEMCTL is-active --quiet $DOCKER && $SYSTEMCTL restart $DOCKER
 }
 
 check_tether() {
-    if [ -n "`/usr/bin/connmanctl technologies|grep 'Tethering = True'`" ]; then
-	/usr/bin/connmanctl tether wifi off
+    if [ -n "`$CONNMANCTL technologies|grep 'Tethering = True'`" ]; then
+	$CONNMANCTL tether wifi off
 	sleep 1
-	/usr/bin/connmanctl tether wifi on
+	$CONNMANCTL tether wifi on
     fi
 }
 

packages/network/iptables/system.d/iptables.service

@@ -1,13 +1,13 @@
 [Unit]
 Description=IPTABLES Packet Filtering
 ConditionPathExists=/usr/lib/libreelec/iptables_helper
-ConditionPathExists=/storage/.cache/services/iptables.conf
+ConditionPathExists=|/storage/.cache/services/iptables.conf
 Before=network.target
 Wants=network.target
 
 [Service]
 Type=oneshot
-EnvironmentFile=/storage/.cache/services/iptables.conf
+EnvironmentFile=-/storage/.cache/services/iptables.conf
 ExecStart=/usr/lib/libreelec/iptables_helper enable
 ExecReload=/usr/lib/libreelec/iptables_helper enable
 ExecStop=/usr/lib/libreelec/iptables_helper disable