From 2c311af932987db8998bdc9fd80c6a2374641564 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Thu, 27 Feb 2025 13:36:54 -0800
Subject: [PATCH] Restore base iptables network config

---
 installers/common.sh | 52 +++++++++++++++++++++++++-------------------
 1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/installers/common.sh b/installers/common.sh
index 03e5e4a5..f884ad73 100755
--- a/installers/common.sh
+++ b/installers/common.sh
@@ -26,6 +26,7 @@ readonly raspap_adblock="/etc/dnsmasq.d/090_adblock.conf"
 readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
 readonly raspap_network="$raspap_dir/networking/"
 readonly raspap_router="/etc/lighttpd/conf-available/50-raspap-router.conf"
+readonly rulesv4="/etc/iptables/rules.v4"
 readonly blocklist_hosts="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
 readonly blocklist_domains="https://big.oisd.nl/dnsmasq"
 
@@ -265,7 +266,10 @@ function _install_dependencies() {
         echo "${network_tools} will be installed from the main deb sources list"
     fi
 
-     sudo apt-get install -y lighttpd git hostapd dnsmasq $php_package $dhcpcd_package $iw_package $rsync_package $network_tools $ifconfig_package vnstat qrencode jq isoquery || _install_status 1 "Unable to install dependencies"
+    # Set dconf-set-selections
+    echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
+    echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
+    sudo apt-get install -y lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package $iw_package $rsync_package $network_tools $ifconfig_package vnstat qrencode jq isoquery || _install_status 1 "Unable to install dependencies"
     _install_status 0
 }
 
@@ -770,29 +774,34 @@ function _enable_raspap_daemon() {
     sudo systemctl enable raspapd.service || _install_status 1 "Failed to enable raspap.service"
 }
 
-# Configure IP forwarding, setting nftables rules
+# Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
 function _configure_networking() {
     _install_log "Configuring networking"
-
     echo "Enabling IP forwarding"
-    echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/99-raspap.conf > /dev/null || _install_status 1 "Unable to set IP forwarding"
-    sudo sysctl --system || _install_status 1 "Unable to reload sysctl settings"
+    echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || _install_status 1 "Unable to set IP forwarding"
+    sudo sysctl -p $raspap_sysctl || _install_status 1 "Unable to execute sysctl"
+    sudo /etc/init.d/procps restart || _install_status 1 "Unable to execute procps"
 
-    echo "Configuring nftables rules"
-
-    # Define NAT table and masquerade rules
-    sudo nft add table ip nat
-    sudo nft add chain ip nat POSTROUTING { type nat hook postrouting priority 100 \; }
-    sudo nft add rule ip nat POSTROUTING oifname "wlan0" masquerade
-    sudo nft add rule ip nat POSTROUTING ip saddr 192.168.50.0/24 oifname "eth0" masquerade
-
-    # Save rules to persist across reboots
-    echo "Saving nftables rules"
-    sudo nft list ruleset | sudo tee /etc/nftables.conf > /dev/null || _install_status 1 "Unable to save nftables rules"
-    
-    # Enable nftables service for persistence
-    sudo systemctl enable nftables.service
-    sudo systemctl restart nftables.service || _install_status 1 "Unable to restart nftables service"
+    echo "Checking iptables rules"
+    rules=(
+    "-A POSTROUTING -j MASQUERADE"
+    "-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE"
+    )
+    for rule in "${rules[@]}"; do
+        if grep -- "$rule" $rulesv4 > /dev/null; then
+            echo "Rule already exits: ${rule}"
+        else
+            rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
+            echo "Adding rule: ${rule}"
+            sudo iptables $rule || _install_status 1 "Unable to execute iptables"
+            added=true
+        fi
+    done
+    # Persist rules if added
+    if [ "$added" = true ]; then
+        echo "Persisting IP tables rules"
+        sudo iptables-save | sudo tee $rulesv4 > /dev/null || _install_status 1 "Unable to execute iptables-save"
+    fi
 
     # Prompt to install RaspAP daemon
     echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
@@ -808,8 +817,7 @@ function _configure_networking() {
         _enable_raspap_daemon
     fi
     _install_status 0
-}
-
+ }
 
 # Prompt to configure TCP BBR option
 function _prompt_configure_tcp_bbr() {