fix

firewall2.sh

@@ -40,6 +40,7 @@ BOT_ACCOUNT="blockbot@detroitriotcity.com"
 CRAWLER_TMP='/tmp/crawlers.txt'
 DATE="$(date +%Y:%H: -d "1 hour ago")"
 #DATE="$(date +%Y:%H:)";
+RULE_SET='/opt/firewall/nft.rules'
 COUNTRY=(
 	https://www.ipdeny.com/ipblocks/data/countries/il.zone
 	https://www.ipdeny.com/ipblocks/data/countries/cn.zone
@@ -279,7 +280,16 @@ trust() {
 start() {
 
 	$NFT flush ruleset
-	$NFT -f /usr/share/nftables/ipv4-filter.nft
+
+	if [ -f "$RULE_SET" ]; then
+		echo
+		echo "Importing Existing Rule Set"
+		$NFT -f $RULE_SET
+	else
+		echo
+		echo "No existing Rules saved"
+		$NFT -f /usr/share/nftables/ipv4-filter.nft
+	fi
 
 	if [[ $HOSTNAME == *"nas"* ]]; then
 		attacker-protection
@@ -291,7 +301,7 @@ start() {
 		cups
 		syncthingServer
 		syncthing
-		blockCountry
+		#blockCountry
 		jellyfin
 		wireguard-networking
 		uptimeKuma
@@ -299,9 +309,7 @@ start() {
 		$NFT insert rule filter input iif docker0 $NFT_ACCEPT
 		basic-security
 	else
-		{
+		virtualization
-			virtualization
-		}
 		basic-security
 	fi
 
@@ -313,6 +321,7 @@ status() {
 }
 
 stop() {
+	$NFT -s list ruleset | tee $RULE_SET
 	$NFT flush ruleset
 	$NFT -f /usr/share/nftables/ipv4-filter.nft
 	$NFT add rule filter input icmp type echo-request $NFT_ACCEPT