From 7c658d08729d4bff498abd2a52214a8248313e9e Mon Sep 17 00:00:00 2001
From: Ludovic Pouzenc <ludovic@pouzenc.fr>
Date: Mon, 29 Aug 2016 19:54:38 +0200
Subject: misc/setup_routing.sh: bugfix : could leave stale NAT rules if
 equipment change on an already active service

---
 misc/setup_routing.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/misc/setup_routing.sh b/misc/setup_routing.sh
index e11d5ee..6ca904f 100755
--- a/misc/setup_routing.sh
+++ b/misc/setup_routing.sh
@@ -153,6 +153,14 @@ function nat_setup() {
 
 	ip addr show dev lo | grep -q "$ip4_public/32" || $DRY ip addr add $ip4_public/32 dev lo
 
+	# Remove PRE/POST old rules for the same ip4_public but wrong ip4_nexthop
+	# (happens if active service is updated, new equipement)
+	ruleno_pre=$(iptables -t nat -L PREROUTING -n --line-numbers | grep " $ip4_public " | grep -vE "to:$ip4_nexthop$" | cut -d' ' -f1 | head -n1)
+	[ -n "$ruleno_pre" ] && $DRY iptables -t nat -D PREROUTING $ruleno_pre
+	ruleno_post=$(iptables -t nat -L POSTROUTING -n --line-numbers | grep -E "to:$ip4_public$" | grep -v " $ip4_nexthop " | cut -d' ' -f1 | head -n1)
+	[ -n "$ruleno_post" ] && $DRY iptables -t nat -D POSTROUTING $ruleno_post
+
+	# Insert PRE/POST rules if not already there
 	iptables -t nat -L PREROUTING -n --line-numbers | grep -E "to:$ip4_nexthop$" -q \
 	|| $DRY iptables -t nat -A PREROUTING -d $ip4_public -j DNAT --to-destination $ip4_nexthop
 
-- 
cgit v1.1