From f27689b0b8ccd506e9e82b4e3089065d75ce5558 Mon Sep 17 00:00:00 2001
From: Brad Cowie <brad@wand.net.nz>
Date: Sun, 3 Mar 2024 16:32:45 +1300
Subject: [PATCH] Fix counter for return rule in forward in.

---
 support/firewall.functions | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/support/firewall.functions b/support/firewall.functions
index 75e5969..c3eb5c0 100644
--- a/support/firewall.functions
+++ b/support/firewall.functions
@@ -389,10 +389,15 @@ function nft(){
 		forward-in)
 			# Replace accept with return so packets get passed on to forward-out
 			if [ "${terminal_statement}" == "accept" ]; then
-				if [ ! -z "${end_of_rule}" ]; then
-					FWD_IN+=("${start_of_rule} return ${end_of_rule}")
+				local return_action="return"
+				if [ "${conf_counters}" == "true" ]; then
+					return_action="counter return"
+				fi
+
+				if [ -n "${end_of_rule}" ]; then
+					FWD_IN+=("${start_of_rule}${return_action}${end_of_rule}")
 				else
-					FWD_IN+=("${start_of_rule} return")
+					FWD_IN+=("${start_of_rule}${return_action}")
 				fi
 			else
 				FWD_IN+=("${rule}")
@@ -404,10 +409,15 @@ function nft(){
 		forward)
 			# Replace accept with return so packets get passed on to forward-out
 			if [ "${terminal_statement}" == "accept" ]; then
-				if [ ! -z "${end_of_rule}" ]; then
-					FWD_IN+=("${start_of_rule} return ${end_of_rule}")
+				local return_action="return"
+				if [ "${conf_counters}" == "true" ]; then
+					return_action="counter return"
+				fi
+
+				if [ -n "${end_of_rule}" ]; then
+					FWD_IN+=("${start_of_rule}${return_action}${end_of_rule}")
 				else
-					FWD_IN+=("${start_of_rule} return")
+					FWD_IN+=("${start_of_rule}${return_action}")
 				fi
 			else
 				FWD_IN+=("${rule}")