From dc0ec0db19091f7a9296aa6f84f52cf82a60f141 Mon Sep 17 00:00:00 2001
From: Vladimir Avtsenov <vladimir.lsk.cool@gmail.com>
Date: Mon, 21 Oct 2024 23:11:59 +0300
Subject: [PATCH] clear iptables while running

---
 kvas2.go                             |  4 ++
 netfilter-helper/iptables-cleaner.go | 57 ++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 netfilter-helper/iptables-cleaner.go

diff --git a/kvas2.go b/kvas2.go
index 9b6f242..1f9b634 100644
--- a/kvas2.go
+++ b/kvas2.go
@@ -472,6 +472,10 @@ func New(config Config) (*App, error) {
 		return nil, fmt.Errorf("netfilter helper init fail: %w", err)
 	}
 	app.NetfilterHelper4 = nh4
+	err = app.NetfilterHelper4.ClearIPTables(app.Config.ChainPrefix)
+	if err != nil {
+		return nil, fmt.Errorf("failed to clear iptables: %w", err)
+	}
 
 	app.Groups = make(map[int]*Group)
 
diff --git a/netfilter-helper/iptables-cleaner.go b/netfilter-helper/iptables-cleaner.go
new file mode 100644
index 0000000..d79191c
--- /dev/null
+++ b/netfilter-helper/iptables-cleaner.go
@@ -0,0 +1,57 @@
+package netfilterHelper
+
+import (
+	"fmt"
+	"strings"
+)
+
+func (nh *NetfilterHelper) ClearIPTables(chainPrefix string) error {
+	jumpToChainPrefix := fmt.Sprintf("-j %s", chainPrefix)
+	tableList := []string{"nat", "mangle", "filter"}
+
+	for _, table := range tableList {
+		chainListToDelete := make([]string, 0)
+
+		chains, err := nh.IPTables.ListChains(table)
+		if err != nil {
+			return fmt.Errorf("listing chains error: %w", err)
+		}
+
+		for _, chain := range chains {
+			if strings.HasPrefix(chain, chainPrefix) {
+				chainListToDelete = append(chainListToDelete, chain)
+				continue
+			}
+
+			rules, err := nh.IPTables.List(table, chain)
+			if err != nil {
+				return fmt.Errorf("listing rules error: %w", err)
+			}
+
+			for _, rule := range rules {
+				ruleSlice := strings.Split(rule, " ")
+				if len(ruleSlice) < 2 || ruleSlice[0] != "-A" || ruleSlice[1] != chain {
+					// TODO: Warn
+					continue
+				}
+				ruleSlice = ruleSlice[2:]
+
+				if strings.Contains(strings.Join(ruleSlice, " "), jumpToChainPrefix) {
+					err := nh.IPTables.Delete(table, chain, ruleSlice...)
+					if err != nil {
+						return fmt.Errorf("rule deletion error: %w", err)
+					}
+				}
+			}
+		}
+
+		for _, chain := range chainListToDelete {
+			err := nh.IPTables.ClearAndDeleteChain(table, chain)
+			if err != nil {
+				return fmt.Errorf("deleting chain error: %w", err)
+			}
+		}
+	}
+
+	return nil
+}