extern/sshuttle
1
1
Fork 0
mirror of https://github.com/sshuttle/sshuttle.git synced 2025-04-23 18:58:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Handle when default chains already exists (#392)

Browse Source
This commit is contained in:
Haw Loeung 2020-01-31 11:18:00 +11:00 committed by Brian May
parent ad31ac4e18
commit 84076f29fa
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
sshuttle/methods/nft.py
View File

@ -1,5 +1,6 @@
import socket import socket
from sshuttle.firewall import subnet_weight from sshuttle.firewall import subnet_weight
from sshuttle.helpers import Fatal, log
from sshuttle.linux import nft, nft_get_handle, nonfatal from sshuttle.linux import nft, nft_get_handle, nonfatal
from sshuttle.methods import BaseMethod from sshuttle.methods import BaseMethod
@ -21,16 +22,19 @@ class Method(BaseMethod):
def _nft(action, *args): def _nft(action, *args):
return nft(family, table, action, *args) return nft(family, table, action, *args)
chain = 'sshuttle-%s' % port
# basic cleanup/setup of chains # basic cleanup/setup of chains
_nft('add table', '') _nft('add table', '')
_nft('add chain', 'prerouting', # prerouting, postrouting, and output chains may already exist
'{ type nat hook prerouting priority -100; policy accept; }') for chain in ['prerouting', 'postrouting', 'output']:
_nft('add chain', 'postrouting', rules = '{{ type nat hook {} priority -100; policy accept; }}' \
'{ type nat hook postrouting priority 100; policy accept; }') .format(chain)
_nft('add chain', 'output', try:
'{ type nat hook output priority -100; policy accept; }') _nft('add chain', chain, rules)
except Fatal:
log('Chain {} already exists, ignoring\n'.format(chain))
chain = 'sshuttle-%s' % port
_nft('add chain', chain) _nft('add chain', chain)
_nft('flush chain', chain) _nft('flush chain', chain)
_nft('add rule', 'output jump %s' % chain) _nft('add rule', 'output jump %s' % chain)