Exit if qBittorrent is unreable and validate iptables rules before add/del

update: Dockerfile - substitute ncat with netcat-openbsd
fix: data/start.sh - use correct command to validate connection to qBittorrent
fix: data/start.sh - always check if port is open on firewall (fixes issue when starting and VPN mapped port is already equal to configured, fw check was skipped)

Dockerfile

@@ -20,7 +20,7 @@ LABEL version="1.0.4"
 ARG DEBIAN_FRONTEND=noninteractive
 
 RUN apt update
-RUN apt install --no-install-suggests --no-install-recommends -y natpmpc curl bc ncat
+RUN apt install --no-install-suggests --no-install-recommends -y natpmpc curl bc netcat-openbsd
 RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/*
 RUN apt clean
 

data/start.sh

@@ -35,8 +35,24 @@ qbt_checksid(){
 }
 
 qbt_isreachable(){
-    (sleep 3; echo "^C") | ncat -4 --wait 5 ${QBITTORRENT_SERVER} ${QBITTORRENT_PORT} 2>/dev/null &>/dev/null
-    return $?
+    nc -4 -vw 5 ${QBITTORRENT_SERVER} ${QBITTORRENT_PORT} 2>&1 &>/dev/null
+}
+
+fw_delrule(){
+    if (docker exec ${VPN_CT_NAME} /sbin/iptables -L INPUT -n | grep -qP "^ACCEPT.*${configured_port}.*"); then
+        docker exec ${VPN_CT_NAME} /sbin/iptables -D INPUT -i ${VPN_IF_NAME} -p tcp --dport ${configured_port} -j ACCEPT
+        docker exec ${VPN_CT_NAME} /sbin/iptables -D INPUT -i ${VPN_IF_NAME} -p udp --dport ${configured_port} -j ACCEPT
+    fi
+}
+
+fw_addrule(){
+    if ! (docker exec ${VPN_CT_NAME} /sbin/iptables -L INPUT -n | grep -qP "^ACCEPT.*${active_port}.*"); then
+        docker exec ${VPN_CT_NAME} /sbin/iptables -A INPUT -i ${VPN_IF_NAME} -p tcp --dport ${active_port} -j ACCEPT
+        docker exec ${VPN_CT_NAME} /sbin/iptables -A INPUT -i ${VPN_IF_NAME} -p udp --dport ${active_port} -j ACCEPT
+        return 0
+    else
+        return 1
+    fi
 }
 
 get_portmap() {
@@ -59,14 +75,8 @@ get_portmap() {
 
     if [ ${configured_port} != ${active_port} ]; then
         if qbt_changeport ${qbt_sid} ${active_port}; then
-            docker exec ${VPN_CT_NAME} /sbin/iptables -A INPUT -i ${VPN_IF_NAME} -p tcp --dport ${active_port} -j ACCEPT
-            docker exec ${VPN_CT_NAME} /sbin/iptables -A INPUT -i ${VPN_IF_NAME} -p udp --dport ${active_port} -j ACCEPT
-            if docker exec ${VPN_CT_NAME} /sbin/iptables -L INPUT -n | grep -qP "^ACCEPT.*${configured_port}.*"; then
-                docker exec ${VPN_CT_NAME} /sbin/iptables -D INPUT -i ${VPN_IF_NAME} -p tcp --dport ${configured_port} -j ACCEPT
-                docker exec ${VPN_CT_NAME} /sbin/iptables -D INPUT -i ${VPN_IF_NAME} -p udp --dport ${configured_port} -j ACCEPT
-            fi
-            if docker exec ${VPN_CT_NAME} /sbin/iptables -L INPUT -n | grep -qP "^ACCEPT.*${active_port}.*"; then
-                echo "$(timestamp) | IPTables rule added for port ${active_port} on ${VPN_CT_NAME} container"
+            if fw_delrule; then
+                echo "$(timestamp) | IPTables rule deleted for port ${configured_port} on ${VPN_CT_NAME} container"
             fi
             echo "$(timestamp) | Port Changed to: $(findconfiguredport ${qbt_sid})"
         else
@@ -77,6 +87,10 @@ get_portmap() {
         echo "$(timestamp) | Port OK (Act: ${active_port} Cfg: ${configured_port})"
     fi
 
+    if fw_addrule; then
+        echo "$(timestamp) | IPTables rule added for port ${active_port} on ${VPN_CT_NAME} container"
+    fi
+
     return $res
 }