From e3c1189008d3988287c46f1c194a5a34220a7dfc Mon Sep 17 00:00:00 2001
From: "Matthew R. Kasun" <mkasun@nusak.ca>
Date: Thu, 18 Aug 2022 04:20:23 -0400
Subject: [PATCH] flush tables vice delete rules for nft

---
 controllers/config/dnsconfig/netmaker.hosts |  3 +--
 logic/gateway.go                            | 10 ++++------
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/controllers/config/dnsconfig/netmaker.hosts b/controllers/config/dnsconfig/netmaker.hosts
index 655eaef6..45eab425 100644
--- a/controllers/config/dnsconfig/netmaker.hosts
+++ b/controllers/config/dnsconfig/netmaker.hosts
@@ -1,2 +1 @@
-10.0.0.1         testnode.skynet
-10.0.0.2         myhost.skynet
+10.0.0.2         testnode.skynet myhost.skynet
diff --git a/logic/gateway.go b/logic/gateway.go
index f7944edb..ce77ba7c 100644
--- a/logic/gateway.go
+++ b/logic/gateway.go
@@ -294,9 +294,8 @@ func firewallNFTCommandsCreateIngress(networkInterface string) (string, string)
 	postUp += "nft add rule ip nat POSTROUTING oifname " + networkInterface + " counter masquerade"
 
 	// doesn't remove potentially empty tables or chains
-	postDown := "nft delete rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
-	postDown += "nft delete rule ip filter FORWARD oifname " + networkInterface + " counter accept ; "
-	postDown += "nft delete rule ip nat POSTROUTING oifname " + networkInterface + " counter masquerade"
+	postDown := "nft flush table filter; "
+	postDown += "nft flush table nat; "
 
 	return postUp, postDown
 }
@@ -308,15 +307,14 @@ func firewallNFTCommandsCreateEgress(networkInterface string, gatewayInterface s
 	postUp += "nft add rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
 	postUp += "nft add rule ip filter FORWARD oifname " + networkInterface + " counter accept ; "
 
-	postDown := "nft delete rule ip filter FORWARD iifname " + networkInterface + " counter accept ; "
-	postDown += "nft delete rule ip filter FORWARD oifname " + networkInterface + " counter accept ; "
+	postDown := "nft flush table filter; "
 
 	if egressNatEnabled == "yes" {
 		postUp += "nft add table nat ; "
 		postUp += "nft add chain nat POSTROUTING ; "
 		postUp += "nft add rule ip nat POSTROUTING oifname " + gatewayInterface + " counter masquerade ;"
 
-		postDown += "nft delete rule ip nat POSTROUTING oifname " + gatewayInterface + " counter masquerade ;"
+		postDown += "nft flush table nat; "
 	}
 
 	return postUp, postDown