use batched wg rule removal

yapishu · yapishu · commit 5b7f23835001 · 2022-12-14T21:14:25.000-06:00
diff --git a/api/wg_api.py b/api/wg_api.py
@@ -43,8 +43,8 @@ def restart_wg():
         return False
     if resp.status_code == 200:
         logging.info('[WG]: WG interface restarted')
-        remove_predowns()
-        fwd_predown_rules()
+        # remove_predowns()
+        # fwd_predown_rules()
         os.system(f'cp {wgconf} {wgconf}.bak')
         return True
     else:
@@ -211,7 +211,7 @@ def rule_gen(rule,ad):
 {protocol} -d {peer} --dport {port} -j ACCEPT\n'
         preroute_rule = f'{prefix} = iptables -{ad} PREROUTING \
 -t nat -p {protocol} -i eth0 --dport {port} -j DNAT --to-destination \
-{peer}:{port}\n'
+{peer}:{port}\n -m comment --comment "fwded"\n'
         if rule == 'fwd':
             return fwd_rule
         elif rule == 'pre':
diff --git a/wg/restart.sh b/wg/restart.sh
@@ -1,4 +1,10 @@
 #!/bin/bash
+# iptables --line-numbers --list
 echo "Restarting WG interface..."
+# Look for all rules that have the 'fwded' comment
+FWD_RULES=$(iptables --line-number -nL FORWARD|grep fwded|awk '{print $1}'|tac)
 wg-quick down wg0
+# Delete them (background)
+for rul in $FWD_RULES; do iptables -D FORWARD $rul; done
+sleep 0.1
 wg-quick up wg0
