+ name=$PROTOCOL
+ match="(\$2 == \"$PROTOCOL\" || \$2 == $protonum)"
+ insert="iptables -I INPUT -p $PROTOCOL"
+ if test X"$DPORT" != X; then
+ name="$name to port $DPORT"
+ match="$match && /dpt:$DPORT/"
+ insert="$insert --dport $DPORT"
+ fi
+ if test X"$SPORT" != X; then
+ name="$name from port $SPORT"
+ match="$match && /spt:$SPORT/"
+ insert="$insert --sport $SPORT"
+ fi
+ insert="$insert -j ACCEPT"
+
+ if (iptables -n -L INPUT) >/dev/null 2>&1; then
+ if iptables -n -L INPUT | awk "$match { n++ } END { exit n == 0 }"
+ then
+ # There's already a rule for this protocol. Don't override it.
+ log_success_msg "iptables already has a rule for $name, not explicitly enabling"
+ else
+ action "Enabling $name with iptables" $insert
+ fi
+ elif (iptables --version) >/dev/null 2>&1; then
+ action "cannot list iptables rules, not adding a rule for $name"
+ else
+ action "iptables binary not installed, not adding a rule for $name"
+ fi