From d746805aec263a5c3f1151645362749ac20fd2dd Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Tue, 11 Jan 2022 00:28:44 +0300
Subject: [PATCH] blockcheck: revert /proc/net/ip_* checking for iptables
 targets

---
 blockcheck.sh | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/blockcheck.sh b/blockcheck.sh
index 45c8936..831843d 100755
--- a/blockcheck.sh
+++ b/blockcheck.sh
@@ -117,9 +117,20 @@ IPFW_DEL()
 }
 ipt6_has_raw()
 {
-	grep -xFq raw /proc/net/ip6_tables_names
+	ip6tables -nL -t raw >/dev/null 2>/dev/null
+}
+ipt_has_nfq()
+{
+	# cannot just check /proc/net/ip_tables_targets because of iptables-nft or modules not loaded yet
+	local ret ipt
+	for ipt in iptables ip6tables; do
+		$ipt -A OUTPUT -t mangle -p 255 -j NFQUEUE --queue-num $QNUM --queue-bypass 2>/dev/null
+		ret=$?
+		[ $ret = 0 ] || return 1
+		$ipt -D OUTPUT -t mangle -p 255 -j NFQUEUE --queue-num $QNUM --queue-bypass 2>/dev/null
+	done
+	return 0
 }
-
 
 check_system()
 {
@@ -176,7 +187,7 @@ check_prerequisites()
 	case "$UNAME" in
 		Linux)
 			progs="$progs iptables ip6tables"
-			! grep -xFq NFQUEUE /proc/net/ip_tables_targets || ! grep -xFq NFQUEUE /proc/net/ip6_tables_targets && {
+			ipt_has_nfq || {
 				echo NFQUEUE iptables or ip6tables target is missing. pls install modules.
 				[ "$SUBSYS" = openwrt ] && echo 'OpenWRT : opkg update ; opkg install iptables-mod-nfqueue'
 				exitp 6