From fdb417ed5b09bd699ba1658f053a73739476e715 Mon Sep 17 00:00:00 2001
From: Dmitrii Dolgov <9erthalion6@gmail.com>
Date: Wed, 25 Jun 2025 14:57:26 +0200
Subject: [PATCH 1/5] Fix prepare-tap script

Fedora 42 now features new iptables, reflect this in the script. Also
fix few minor issues: move out sysctl bit to make it independent, and
correct getopts syntax to not require a value for -i/-f/-o.
---
 scripts/network/prepare-tap.sh | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/scripts/network/prepare-tap.sh b/scripts/network/prepare-tap.sh
index e538725..c50919c 100755
--- a/scripts/network/prepare-tap.sh
+++ b/scripts/network/prepare-tap.sh
@@ -23,7 +23,7 @@ CONFIGURE_IPTABLE="false"
 CONFIGURE_FIREWALLD="false"
 CONFIGURE_TUNTAP_IF_EXISTS="false"
 
-while getopts ":a:t:u:i:fo" opt; do
+while getopts ":a:t:u:ifo" opt; do
   case $opt in
     a) ADDRESS="${OPTARG}"
     ;;
@@ -62,34 +62,35 @@ ip link set "${NAME}" up
 echo "Assigning address ${ADDRESS} to device ${NAME}..."
 ip addr add "${ADDRESS}" dev "${NAME}"
 
+echo "Enabling ip forward..."
+sysctl net.ipv4.ip_forward=1
+
 if [[ "${CONFIGURE_FIREWALLD}" == "true" ]];
 then
     which firewall-cmd &>/dev/null || stop "Don't have the firewal-cmd tool"
 
     echo "Adding to the trusted zone..."
-    firewall-cmd --zone=trusted --add-interface="${NAME}"
+    firewall-cmd --zone=trusted --add-interface="${NAME}" || true
 fi
 
+echo "${CONFIGURE_IPTABLE}"
 if [[ "${CONFIGURE_IPTABLE}" == "true" ]];
 then
-    which iptables &>/dev/null || stop "Don't have the iptables tool"
-
-    echo "Enabling ip forward..."
-    sysctl net.ipv4.ip_forward=1
+    which iptables-nft &>/dev/null || stop "Don't have the iptables tool"
 
     echo "Preparing iptable..."
-    iptables -t nat -A POSTROUTING -s "${ADDRESS}" -j MASQUERADE
-    iptables -A FORWARD -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
-    iptables -A FORWARD -o "${NAME}" -d "${ADDRESS}" -j ACCEPT
+    iptables-nft -t nat -A POSTROUTING -s "${ADDRESS}" -j MASQUERADE
+    iptables-nft -A FORWARD -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
+    iptables-nft -A FORWARD -o "${NAME}" -d "${ADDRESS}" -j ACCEPT
 
-    RULE_NR=$(iptables -t filter -L INPUT --line-numbers |\
+    RULE_NR=$(iptables-nft -t filter -L INPUT --line-numbers |\
                 grep "REJECT     all" |\
                 awk '{print $1}')
 
     # Excempt tun device from potentiall reject all rule
     if [[ $RULE_NR == "" ]]; then
-        iptables -I INPUT -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
+        iptables-nft -I INPUT -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
     else
-        iptables -I INPUT $((RULE_NR - 1)) -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
+        iptables-nft -I INPUT $((RULE_NR - 1)) -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
     fi
 fi

From b3d62bd6c762326aa8e5c7bcbee2f3cc3aa59d7a Mon Sep 17 00:00:00 2001
From: Dmitrii Dolgov <9erthalion6@gmail.com>
Date: Tue, 1 Jul 2025 12:46:14 +0200
Subject: [PATCH 2/5] Use both versions of iptable

---
 scripts/network/prepare-tap.sh | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/scripts/network/prepare-tap.sh b/scripts/network/prepare-tap.sh
index c50919c..ecda599 100755
--- a/scripts/network/prepare-tap.sh
+++ b/scripts/network/prepare-tap.sh
@@ -76,12 +76,17 @@ fi
 echo "${CONFIGURE_IPTABLE}"
 if [[ "${CONFIGURE_IPTABLE}" == "true" ]];
 then
-    which iptables-nft &>/dev/null || stop "Don't have the iptables tool"
+    IPTABLES=iptables
+    if command -v iptables-nft &> /dev/null; then
+      IPTABLES=iptables-nft
+    fi
+
+    which "${IPTABLES}" &>/dev/null || stop "Don't have the iptables tool"
 
     echo "Preparing iptable..."
-    iptables-nft -t nat -A POSTROUTING -s "${ADDRESS}" -j MASQUERADE
-    iptables-nft -A FORWARD -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
-    iptables-nft -A FORWARD -o "${NAME}" -d "${ADDRESS}" -j ACCEPT
+    "${IPTABLES}" -t nat -A POSTROUTING -s "${ADDRESS}" -j MASQUERADE
+    "${IPTABLES}" -A FORWARD -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
+    "${IPTABLES}" -A FORWARD -o "${NAME}" -d "${ADDRESS}" -j ACCEPT
 
     RULE_NR=$(iptables-nft -t filter -L INPUT --line-numbers |\
                 grep "REJECT     all" |\

From ae7e8205bcdf810f1f73a6500ac02e19e86c37a6 Mon Sep 17 00:00:00 2001
From: Dmitrii Dolgov <9erthalion6@gmail.com>
Date: Tue, 1 Jul 2025 14:18:57 +0200
Subject: [PATCH 3/5] Update scripts/network/prepare-tap.sh

Co-authored-by: Mauro Ezequiel Moltrasio <moltrasiom@hotmail.com>
---
 scripts/network/prepare-tap.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/network/prepare-tap.sh b/scripts/network/prepare-tap.sh
index ecda599..d2c4600 100755
--- a/scripts/network/prepare-tap.sh
+++ b/scripts/network/prepare-tap.sh
@@ -88,7 +88,7 @@ then
     "${IPTABLES}" -A FORWARD -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
     "${IPTABLES}" -A FORWARD -o "${NAME}" -d "${ADDRESS}" -j ACCEPT
 
-    RULE_NR=$(iptables-nft -t filter -L INPUT --line-numbers |\
+    RULE_NR=$("${IPTABLES}" -t filter -L INPUT --line-numbers |\
                 grep "REJECT     all" |\
                 awk '{print $1}')
 

From 06e2d19199c3ce9828977821503fc243f96599b1 Mon Sep 17 00:00:00 2001
From: Dmitrii Dolgov <9erthalion6@gmail.com>
Date: Tue, 1 Jul 2025 14:19:02 +0200
Subject: [PATCH 4/5] Update scripts/network/prepare-tap.sh

Co-authored-by: Mauro Ezequiel Moltrasio <moltrasiom@hotmail.com>
---
 scripts/network/prepare-tap.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/network/prepare-tap.sh b/scripts/network/prepare-tap.sh
index d2c4600..441cc15 100755
--- a/scripts/network/prepare-tap.sh
+++ b/scripts/network/prepare-tap.sh
@@ -94,7 +94,7 @@ then
 
     # Excempt tun device from potentiall reject all rule
     if [[ $RULE_NR == "" ]]; then
-        iptables-nft -I INPUT -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
+        "${IPTABLES}" -I INPUT -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
     else
         iptables-nft -I INPUT $((RULE_NR - 1)) -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
     fi

From b48abf61277b041905f7860cd7495968143f18bc Mon Sep 17 00:00:00 2001
From: Dmitrii Dolgov <9erthalion6@gmail.com>
Date: Tue, 1 Jul 2025 14:19:07 +0200
Subject: [PATCH 5/5] Update scripts/network/prepare-tap.sh

Co-authored-by: Mauro Ezequiel Moltrasio <moltrasiom@hotmail.com>
---
 scripts/network/prepare-tap.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/network/prepare-tap.sh b/scripts/network/prepare-tap.sh
index 441cc15..9dee9cb 100755
--- a/scripts/network/prepare-tap.sh
+++ b/scripts/network/prepare-tap.sh
@@ -96,6 +96,6 @@ then
     if [[ $RULE_NR == "" ]]; then
         "${IPTABLES}" -I INPUT -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
     else
-        iptables-nft -I INPUT $((RULE_NR - 1)) -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
+        "${IPTABLES}" -I INPUT $((RULE_NR - 1)) -i "${NAME}" -s "${ADDRESS}" -j ACCEPT
     fi
 fi