hassio-addons/qbittorrent/rootfs/usr/local/sbin/iptables-restore

#!/usr/bin/env bash
set -euo pipefail

REAL_IPTABLES_RESTORE="/sbin/iptables-restore"
if [[ ! -x "${REAL_IPTABLES_RESTORE}" ]]; then
	REAL_IPTABLES_RESTORE="/usr/sbin/iptables-restore"
fi

cleanup() {
	[[ -n "${RULES_FILE:-}" && -f "${RULES_FILE}" ]] && rm -f "${RULES_FILE}"
	[[ -n "${SANITIZED_FILE:-}" && -f "${SANITIZED_FILE}" ]] && rm -f "${SANITIZED_FILE}"
}
trap cleanup EXIT

RULES_FILE="$(mktemp)"
cat >"${RULES_FILE}"

# First attempt with the original ruleset
if output="$(${REAL_IPTABLES_RESTORE} "$@" <"${RULES_FILE}" 2>&1)"; then
	[[ -n "${output}" ]] && printf '%s\n' "${output}" >&2
	exit 0
fi
status=$?

# Retry without comment matches if the kernel is missing the comment module
SANITIZED_FILE="$(mktemp)"
sed -E 's/-m[[:space:]]+comment[[:space:]]+--comment[[:space:]]+"[^"]*"//g' "${RULES_FILE}" >"${SANITIZED_FILE}"

if retry_output="$(${REAL_IPTABLES_RESTORE} "$@" <"${SANITIZED_FILE}" 2>&1)"; then
	printf '%s\n' "iptables-restore failed with comment matches; reapplied without comments." >&2
	printf '%s\n' "Original error: ${output}" >&2
	[[ -n "${retry_output}" ]] && printf '%s\n' "${retry_output}" >&2
	exit 0
fi
retry_status=$?

# Final fallback: try legacy backend if available
for legacy in /sbin/iptables-restore-legacy /usr/sbin/iptables-restore-legacy; do
	if [[ -x "${legacy}" ]]; then
		if legacy_output="$(${legacy} "$@" <"${RULES_FILE}" 2>&1)"; then
			printf '%s\n' "iptables-restore failed; succeeded using legacy backend." >&2
			printf '%s\n' "Original error: ${output}" >&2
			[[ -n "${legacy_output}" ]] && printf '%s\n' "${legacy_output}" >&2
			exit 0
		fi
	fi
done

printf '%s\n' "iptables-restore failed and fallbacks were unsuccessful." >&2
printf '%s\n' "Original error: ${output}" >&2
printf '%s\n' "Sanitized retry error: ${retry_output}" >&2
exit ${retry_status}