From 71decae61ec20966a92a41df912da04f2c6f472f Mon Sep 17 00:00:00 2001
From: Martin Braun <braun@neuroforge.de>
Date: Sun, 13 Nov 2022 12:06:04 +0100
Subject: [PATCH] Update ufw-docker

---
 .../roles/ufw-docker-install/files/ufw-docker  | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/swarmsible/roles/ufw-docker-install/files/ufw-docker b/swarmsible/roles/ufw-docker-install/files/ufw-docker
index 0d1878f..6ea6b7c 100644
--- a/swarmsible/roles/ufw-docker-install/files/ufw-docker
+++ b/swarmsible/roles/ufw-docker-install/files/ufw-docker
@@ -11,7 +11,17 @@ GREP_REGEXP_INSTANCE_NAME="[-_.[:alnum:]]\\+"
 DEFAULT_PROTO=tcp
 
 ufw_docker_agent=ufw-docker-agent
-ufw_docker_agent_image="${UFW_DOCKER_AGENT_IMAGE:-neuroforgede/${ufw_docker_agent}:0.1}"
+ufw_docker_agent_image="${UFW_DOCKER_AGENT_IMAGE:-chaifeng/${ufw_docker_agent}:221002-nf_tables}"
+
+if [[ "${ufw_docker_agent_image}" = *-@(legacy|nf_tables) ]]; then
+    if iptables --version | grep -F '(legacy)' &>/dev/null; then
+        ufw_docker_agent_image="${ufw_docker_agent_image%-*}-legacy"
+    else
+        ufw_docker_agent_image="${ufw_docker_agent_image%-*}-nf_tables"
+    fi
+fi
+
+test -n "$ufw_docker_agent_image"
 
 function ufw-docker--status() {
     ufw-docker--list "$GREP_REGEXP_INSTANCE_NAME"
@@ -32,7 +42,9 @@ function ufw-docker--list() {
        NETWORK="[[:graph:]]*"
     fi
 
-    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\\?\\( ${NETWORK}\\)\\?\$"
+    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\\( ${NETWORK}\\)\$" ||  \
+    ufw status numbered | grep "# allow ${INSTANCE_NAME}\\( ${INSTANCE_PORT}\\/${PROTO}\\)\$" || \
+    ufw status numbered | grep "# allow ${INSTANCE_NAME}\$"
 }
 
 function ufw-docker--list-number() {
@@ -409,7 +421,7 @@ function die() {
 # __main__
 
 if ! ufw status 2>/dev/null | grep -Fq "Status: active" ; then
-    die "UFW is disabled or you are not root user."
+    die "UFW is disabled or you are not root user, or mismatched iptables legacy/nf_tables, current $(iptables --version)"
 fi
 
 ufw_action="${1:-help}"