From ca04c9636f77f8b24de629a351eadb189b268d26 Mon Sep 17 00:00:00 2001
From: Pawel Kuzak <pkuzak@DXKA-5ZDR762.united.domain>
Date: Mon, 21 Dec 2015 15:31:32 +0100
Subject: [PATCH] Make creation of iptables chain optional

iptables might be managed via different tools by an administrator. In such a setup, insertion and deletion of rules in the INPUT chain as well as creation of new chains by an application is not wanted.
By setting the corresponding configuration parameter in the config file, the init-script will not touch the INPUT queue nor will it create the rtpengine chain. It will still attempt to create a rule in the rtpengine chain, but will refuse to start if that chain does not exist.
---
 debian/ngcp-rtpengine-daemon.default |  1 +
 debian/ngcp-rtpengine-daemon.init    | 58 +++++++++++++++++-----------
 2 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/debian/ngcp-rtpengine-daemon.default b/debian/ngcp-rtpengine-daemon.default
index f204ab19b..fab2f2510 100644
--- a/debian/ngcp-rtpengine-daemon.default
+++ b/debian/ngcp-rtpengine-daemon.default
@@ -32,3 +32,4 @@ TABLE=0
 # GRAPHITE_INTERVAL=60
 # GRAPHITE_PREFIX=myownprefix
 # MAX_SESSIONS=5000
+# CREATE_IPTABLES_CHAIN=no
diff --git a/debian/ngcp-rtpengine-daemon.init b/debian/ngcp-rtpengine-daemon.init
index ca7f5a7af..7fbabc63f 100755
--- a/debian/ngcp-rtpengine-daemon.init
+++ b/debian/ngcp-rtpengine-daemon.init
@@ -126,16 +126,24 @@ case "$1" in
 		ip6tables -X mediaproxy 2> /dev/null
 		rmmod xt_MEDIAPROXY 2>/dev/null
 
-		iptables -N rtpengine 2> /dev/null
-		iptables -D INPUT -j rtpengine 2> /dev/null
-		iptables -I INPUT -j rtpengine
-		iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-		iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
-		ip6tables -N rtpengine 2> /dev/null
-		ip6tables -D INPUT -j rtpengine 2> /dev/null
-		ip6tables -I INPUT -j rtpengine
-		ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-		ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+		if [ "$CREATE_IPTABLES_CHAIN" != "no" ]; then
+			iptables -N rtpengine 2> /dev/null
+			iptables -D INPUT -j rtpengine 2> /dev/null
+			iptables -I INPUT -j rtpengine
+			ip6tables -N rtpengine 2> /dev/null
+			ip6tables -D INPUT -j rtpengine 2> /dev/null
+			ip6tables -I INPUT -j rtpengine
+		fi
+		if iptables -C INPUT -j rtpengine 1> /dev/null 2> /dev/null && iptables -n --list rtpengine 1> /dev/null 2> /dev/null; then
+			iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+			iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+			ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+			ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+		else
+			echo ""
+			echo "Missing rtpengine iptables chain - not starting"
+			exit 0
+		fi
 		set -e
 	fi
 	start-stop-daemon --start --quiet --pidfile $PIDFILE \
@@ -213,20 +221,26 @@ case "$1" in
 		ip6tables -F mediaproxy 2> /dev/null
 		ip6tables -X mediaproxy 2> /dev/null
 		rmmod xt_MEDIAPROXY 2>/dev/null
-
-		iptables -D INPUT -j rtpengine 2> /dev/null
-		iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
-		ip6tables -D INPUT -j rtpengine 2> /dev/null
-		ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
 		rmmod xt_RTPENGINE 2>/dev/null
-
 		modprobe xt_RTPENGINE
-		iptables -N rtpengine 2> /dev/null
-		iptables -I INPUT -j rtpengine
-		iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
-		ip6tables -N rtpengine 2> /dev/null
-		ip6tables -I INPUT -j rtpengine
-		ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+		if [ "$CREATE_IPTABLES_CHAIN" != "no" ]; then
+			iptables -D INPUT -j rtpengine 2> /dev/null
+			ip6tables -D INPUT -j rtpengine 2> /dev/null
+			iptables -N rtpengine 2> /dev/null
+			iptables -I INPUT -j rtpengine
+			ip6tables -N rtpengine 2> /dev/null
+			ip6tables -I INPUT -j rtpengine
+		fi
+		if iptables -C INPUT -j rtpengine 1> /dev/null 2> /dev/null && iptables -n --list rtpengine 1> /dev/null 2> /dev/null; then
+			ip6tables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+			iptables -D rtpengine -p udp -j RTPENGINE --id "$TABLE" 2>/dev/null
+			iptables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+			ip6tables -I rtpengine -p udp -j RTPENGINE --id "$TABLE"
+		else
+			echo ""
+                        echo "Missing rtpengine iptables chain - not starting"
+                        exit 0
+		fi
 		set -e
 	fi
 	start-stop-daemon --start --quiet --pidfile \