From 09e4beb73735a96ba8226a553f0512e0e06c5199 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Mon, 29 Aug 2022 19:46:48 +0200
Subject: [PATCH] nixos-module/container/upstream: catch preexisting iptables
 chains

---
 nix/nixos-module/container/upstream.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nix/nixos-module/container/upstream.nix b/nix/nixos-module/container/upstream.nix
index 814ff00..d5a1a7d 100644
--- a/nix/nixos-module/container/upstream.nix
+++ b/nix/nixos-module/container/upstream.nix
@@ -61,12 +61,14 @@ in
     externalIP = staticIpv4Address;
     extraCommands = ''
       # Prohibit SMTP except for servers
-      iptables -N fwd_smtp
+      iptables -N fwd_smtp || \
+        iptables -F fwd_smtp
       iptables -A fwd_smtp --source ${config.site.net.serv.subnet4} -j RETURN
       iptables -A fwd_smtp -j REJECT
       iptables -I FORWARD -p tcp --dport 25 -j fwd_smtp
 
-      ip6tables -N fwd_smtp
+      ip6tables -N fwd_smtp \\
+        ip6tables -F fwd_smtp
       ${lib.concatMapStrings (subnet6: ''
         ip6tables -A fwd_smtp --source ${subnet6} -j RETURN
         ip6tables -A fwd_smtp --dest ${subnet6} -j RETURN