Merge branch 'NSS-12.4-K6.1' of https://github.com/qosmio/nss-packages into NSS-12.4-K6.1

qca-nss-ecm/files/qca-nss-ecm.firewall

@@ -1,13 +1,32 @@
 #!/bin/sh
 
-if grep -q "fw3" /etc/init.d/firewall; then
+FW_SCRIPT="/etc/init.d/firewall"
-	iptables -nvL | grep -q "Chain RATE-LIMIT" && iptables -F RATE-LIMIT
+
-	iptables -nvL | grep -q "Chain RATE-LIMIT" || iptables -N RATE-LIMIT
+if grep -q "fw3" "$FW_SCRIPT"; then
+    if ! iptables -nvL | grep -q "Chain RATE-LIMIT"; then
+        iptables -N RATE-LIMIT
+    fi
+
+    iptables -F RATE-LIMIT
     iptables -A RATE-LIMIT --match limit --limit 1000/sec --limit-burst 1000 -j RETURN
     iptables -A RATE-LIMIT -j DROP
     iptables -I zone_wan_forward 5 --match conntrack --ctstate NEW -j RATE-LIMIT
-elif grep -q "fw4" /etc/init.d/firewall; then
+    [ -n "$(command -v ip6tables)" ] && {
+    if ! ip6tables -nvL | grep -q "Chain RATE-LIMIT"; then
+        ip6tables -N RATE-LIMIT
+    fi
+
+    ip6tables -F RATE-LIMIT
+    ip6tables -A RATE-LIMIT --match limit --limit 1000/sec --limit-burst 1000 -j RETURN
+    ip6tables -A RATE-LIMIT -j DROP
+    ip6tables -I zone_wan_forward 5 --match conntrack --ctstate NEW -j RATE-LIMIT
+    }
+
+elif grep -q "fw4" "$FW_SCRIPT"; then
+    if ! nft list chain inet fw4 RATE-LIMIT > /dev/null 2>&1; then
         nft add chain inet fw4 RATE-LIMIT
+    fi
+
     nft add rule inet fw4 RATE-LIMIT limit rate 1000/second burst 1000 packets counter return
     nft add rule inet fw4 RATE-LIMIT counter drop
     nft insert rule inet fw4 forward_wan ct state new counter jump RATE-LIMIT