charlieporth1/NFTTables_or_IPTables_switcher_Ubuntu_and_Debian.sh

## NFTTables_or_IPTables_switcher_Ubuntu_and_Debian.sh
#!/bin/bash
which_tables=$1
timeout_time=180

function set_iptables() {
          arg=$1
          table=$2
          find -L /usr/sbin -name 'iptables*' -type l -exec rm -rf {} \;
          find -L /usr/sbin -name 'ip6tables*' -type l -exec rm -rf {} \;
          echo 0 | update-alternatives $arg iptables /usr/sbin/iptables-$table
          echo 0 | update-alternatives $arg iptables-save /usr/sbin/iptables-$table-save
          echo 0 | update-alternatives $arg iptables-restore /usr/sbin/iptables-$table-restore

          echo 0 | update-alternatives $arg ip6tables /usr/sbin/ip6tables-$table
          echo 0 | update-alternatives $arg ip6tables-save /usr/sbin/ip6tables-$table-save
          echo 0 | update-alternatives $arg ip6tables-restore /usr/sbin/ip6tables-$table-restore

          echo 0 | update-alternatives $arg arptables /usr/sbin/arptables-$table
          echo 0 | update-alternatives $arg ebtables /usr/sbin/ebtables-$table
          if [[ "$arg" == '--set' ]]; then
                    echo 0 | update-alternatives --install /usr/sbin/arptables arptables /usr/sbin/arptables-$table 20 --slave /usr/sbin/arptables-save arptables-save /usr/sbin/arptable-$table-save --slave /usr/sbin/arptables-restore arptables-restore /usr/sbin/arptables-$table-restore
                    echo 0 | update-alternatives \
                              --install /usr/sbin/iptables iptables /usr/sbin/iptables-$table 10 \
                              --slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-$table-restore \
                              --slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-$table-save
           fi
           echo 0 | update-alternatives --display iptables
           echo 0 | update-alternatives --display ip6tables
           echo 0 | update-alternatives --display arptables
           echo 0 | update-alternatives --display ebtables
}

is_nft_tables_iptables=$(iptables -V | grep -o nf_tables)

case "$which_tables" in
      purge-nftables | purge-nftable | purge-firewalld | remove-nftables | remove-nftable | remove-firewalld | rm-nftables | rm-nftable | rm-firewalld )
           pkg_list=$(apt list --installed | grep "nft\|firewalld" | awk -F/ '{print $1}' | grep -v "libnftnl11")
           if [[ -n $pkg_list ]]; then
              timeout $timeout_time yes | timeout $timeout_time apt purge -y firewalld nftables python3-nftables
              printf '%s\n' $pkg_list | xargs timeout $timeout_time apt purge -y
           fi
      ;;
      firewalld | nftables | nftable )

        if ! command -v nft; then
           timeout $timeout_time yes | timeout $timeout_time apt install -y firewalld nftables
        fi

        if [[ -z $is_nft_tables_iptables ]]; then
           set_iptables --set nft
           update-alternatives --config iptables-nft
        fi
      ;;
      iptables-nft | iptables-nftables | nft )

         if ! command -v iptables-nft; then
              timeout $timeout_time yes | timeout $timeout_time apt install -y ipset iptables
         fi
         if [[ -n $is_nft_tables_iptables ]]; then
              set_iptables --remove legacy
              set_iptables --set nft
              update-alternatives --config iptables-nft
         fi
      ;;
      ip | iptables | ipt | ip-tables )

        if ! command -v iptables-legacy; then
             timeout $timeout_time yes | timeout $timeout_time apt install -y iptables ipset
             timeout $timeout_time yes | timeout $timeout_time apt install -y ip6tables
        fi
        if [[ -n $is_nft_tables_iptables ]]; then
             set_iptables --remove nft
             set_iptables --set legacy
             update-alternatives --config iptables

             find -L /sbin -name 'iptables*' -type l -exec rm -rf {} \;
             find -L /sbin -name 'ip6tables*' -type l -exec rm -rf {} \;

             ln -s /etc/alternatives/iptables /sbin/iptables
             ln -s /etc/alternatives/iptables-save /sbin/iptables-save
             ln -s /etc/alternatives/iptables-restore /sbin/iptables-restore
             ln -s /sbin/xtables-legacy-multi /sbin/ip6tables
             ln -s /sbin/xtables-legacy-multi /sbin/ip6tables-save
             ln -s /sbin/xtables-legacy-multi /sbin/ip6tables-restore
         fi
      ;;
esac
systemctl restart firewalld.service
	#!/bin/bash
	which_tables=$1
	timeout_time=180

	function set_iptables() {
	arg=$1
	table=$2
	find -L /usr/sbin -name 'iptables*' -type l -exec rm -rf {} \;
	find -L /usr/sbin -name 'ip6tables*' -type l -exec rm -rf {} \;
	echo 0 \| update-alternatives $arg iptables /usr/sbin/iptables-$table
	echo 0 \| update-alternatives $arg iptables-save /usr/sbin/iptables-$table-save
	echo 0 \| update-alternatives $arg iptables-restore /usr/sbin/iptables-$table-restore

	echo 0 \| update-alternatives $arg ip6tables /usr/sbin/ip6tables-$table
	echo 0 \| update-alternatives $arg ip6tables-save /usr/sbin/ip6tables-$table-save
	echo 0 \| update-alternatives $arg ip6tables-restore /usr/sbin/ip6tables-$table-restore

	echo 0 \| update-alternatives $arg arptables /usr/sbin/arptables-$table
	echo 0 \| update-alternatives $arg ebtables /usr/sbin/ebtables-$table
	if [[ "$arg" == '--set' ]]; then
	echo 0 \| update-alternatives --install /usr/sbin/arptables arptables /usr/sbin/arptables-$table 20 --slave /usr/sbin/arptables-save arptables-save /usr/sbin/arptable-$table-save --slave /usr/sbin/arptables-restore arptables-restore /usr/sbin/arptables-$table-restore
	echo 0 \| update-alternatives \
	--install /usr/sbin/iptables iptables /usr/sbin/iptables-$table 10 \
	--slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-$table-restore \
	--slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-$table-save
	fi
	echo 0 \| update-alternatives --display iptables
	echo 0 \| update-alternatives --display ip6tables
	echo 0 \| update-alternatives --display arptables
	echo 0 \| update-alternatives --display ebtables
	}

	is_nft_tables_iptables=$(iptables -V \| grep -o nf_tables)

	case "$which_tables" in
	purge-nftables \| purge-nftable \| purge-firewalld \| remove-nftables \| remove-nftable \| remove-firewalld \| rm-nftables \| rm-nftable \| rm-firewalld )
	pkg_list=$(apt list --installed \| grep "nft\\|firewalld" \| awk -F/ '{print $1}' \| grep -v "libnftnl11")
	if [[ -n $pkg_list ]]; then
	timeout $timeout_time yes \| timeout $timeout_time apt purge -y firewalld nftables python3-nftables
	printf '%s\n' $pkg_list \| xargs timeout $timeout_time apt purge -y
	fi
	;;
	firewalld \| nftables \| nftable )

	if ! command -v nft; then
	timeout $timeout_time yes \| timeout $timeout_time apt install -y firewalld nftables
	fi

	if [[ -z $is_nft_tables_iptables ]]; then
	set_iptables --set nft
	update-alternatives --config iptables-nft
	fi
	;;
	iptables-nft \| iptables-nftables \| nft )

	if ! command -v iptables-nft; then
	timeout $timeout_time yes \| timeout $timeout_time apt install -y ipset iptables
	fi
	if [[ -n $is_nft_tables_iptables ]]; then
	set_iptables --remove legacy
	set_iptables --set nft
	update-alternatives --config iptables-nft
	fi
	;;
	ip \| iptables \| ipt \| ip-tables )

	if ! command -v iptables-legacy; then
	timeout $timeout_time yes \| timeout $timeout_time apt install -y iptables ipset
	timeout $timeout_time yes \| timeout $timeout_time apt install -y ip6tables
	fi
	if [[ -n $is_nft_tables_iptables ]]; then
	set_iptables --remove nft
	set_iptables --set legacy
	update-alternatives --config iptables

	find -L /sbin -name 'iptables*' -type l -exec rm -rf {} \;
	find -L /sbin -name 'ip6tables*' -type l -exec rm -rf {} \;

	ln -s /etc/alternatives/iptables /sbin/iptables
	ln -s /etc/alternatives/iptables-save /sbin/iptables-save
	ln -s /etc/alternatives/iptables-restore /sbin/iptables-restore
	ln -s /sbin/xtables-legacy-multi /sbin/ip6tables
	ln -s /sbin/xtables-legacy-multi /sbin/ip6tables-save
	ln -s /sbin/xtables-legacy-multi /sbin/ip6tables-restore
	fi
	;;
	esac
	systemctl restart firewalld.service