From 4186b952595ff79027882fbae27124f770d57547 Mon Sep 17 00:00:00 2001
From: Oliver Smith <osmith@sysmocom.de>
Date: Wed, 7 Jul 2021 16:40:36 +0200
Subject: [PATCH] net/templates/run.sh: tweak masquerade

Replace the old check with an exact check for the given rule. The old
check doesn't work on my system if docker is running and sets up other
masquerading rules.

Change -A to -I, so it is less likely to be affected by whatever other
rules may already be above in the chain.

Change-Id: I30c22fe4e7683611e8dada329dbf7d51f78b6016
---
 net/templates/run.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/templates/run.sh b/net/templates/run.sh
index 0eacb0f..8571a42 100755
--- a/net/templates/run.sh
+++ b/net/templates/run.sh
@@ -13,8 +13,9 @@ apn="${APN_DEV}"
 
 sudo true || exit 1
 
-if [ -z "$(sudo iptables -L -t nat | grep MASQUERADE)" ]; then
-  sudo iptables -t nat -A POSTROUTING -s ${GGSN_NET} -o $dev -j MASQUERADE
+if ! sudo iptables -t nat -C POSTROUTING -s ${GGSN_NET} -o $dev -j MASQUERADE 2>/dev/null; then
+  echo "Adding iptables rule for masquerade"
+  sudo iptables -t nat -I POSTROUTING -s ${GGSN_NET} -o $dev -j MASQUERADE
 fi
 
 if [ "$(sudo cat /proc/sys/net/ipv4/ip_forward)" = "0" ]; then