From 2221964947c5ffce10a58a9d5949106490389237 Mon Sep 17 00:00:00 2001
From: Benjamin Reis <benjamin.reis@vates.tech>
Date: Mon, 4 Nov 2024 10:11:55 +0100
Subject: [PATCH] Adapt `firewall-port` to IPv6

Signed-off-by: Benjamin Reis <benjamin.reis@vates.tech>
---
 scripts/plugins/firewall-port | 45 ++++++++++++++++++++++++-----------
 1 file changed, 31 insertions(+), 14 deletions(-)

diff --git a/scripts/plugins/firewall-port b/scripts/plugins/firewall-port
index b06707dbd2..98b58afc6d 100644
--- a/scripts/plugins/firewall-port
+++ b/scripts/plugins/firewall-port
@@ -9,10 +9,28 @@ set -e
 # protocol.
 #
 # Usage:
-#   ./firewall-port {open|close} port protocol
+#   ./firewall-port [-6] {open|close} port protocol
 #
 #################################################
 
+usage() {
+    echo $"Usage: $0 [-6] {open|close|check} {port} {protocol}" 1>&2
+}
+
+BINARY=iptables
+while getopts ":6" option; do
+    case $option in
+        6)
+            BINARY=ip6tables
+            ;;
+        \?)
+            usage
+            exit 1
+            ;;
+   esac
+   shift
+done
+
 OP="$1"
 PORT="$2"
 PROTOCOL="${3:-tcp}"
@@ -29,26 +47,26 @@ esac
 
 case "${OP}" in
     open)
-        if ! iptables -C $CHAIN $RULE 2>/dev/null
+        if ! $BINARY -C $CHAIN $RULE 2>/dev/null
         then # first ensure chain exists
-            if  iptables -N "${CHAIN}" 2>/dev/null
+            if  $BINARY -N "${CHAIN}" 2>/dev/null
             then #chain did not exist but does now
-                iptables -A "${CHAIN}" -j RETURN
-                iptables -I INPUT -j "${CHAIN}"
-            fi # asuume chain is used if it exists
-        iptables -I "${CHAIN}" $RULE
-	/usr/libexec/iptables/iptables.init save
+                $BINARY -A "${CHAIN}" -j RETURN
+                $BINARY -I INPUT -j "${CHAIN}"
+            fi # assume chain is used if it exists
+        $BINARY -I "${CHAIN}" $RULE
+        /usr/libexec/iptables/"$BINARY".init save
         fi
         ;;
     close)
-        if iptables -C $CHAIN $RULE 2>/dev/null
+        if $BINARY -C $CHAIN $RULE 2>/dev/null
         then # close port  if it was opened 
-            iptables -D $CHAIN $RULE
-	    /usr/libexec/iptables/iptables.init save
+            $BINARY -D $CHAIN $RULE
+            /usr/libexec/iptables/"$BINARY".init save
         fi
         ;;
     check) 
-        if [[ -z `iptables -S $CHAIN | grep " $PORT "` ]]
+        if [[ -z `$BINARY -S $CHAIN | grep " $PORT "` ]]
         then
             echo "Port $PORT open: true"
         else
@@ -56,10 +74,9 @@ case "${OP}" in
         fi
         ;;
     *)
-        echo $"Usage: $0 {open|close|check} {port} {protocol}" 1>&2
+        usage
         exit 1
         ;;
 esac
 
 exit 0
-