Option to disable iptable REJECT target

New UFW_DISABLE_IPTABLES_REJECT option that hacks ufw to allow the
prevention of the use of the REJECT iptables target, as this is not
available on some NAS platforms (such as the Synology).

DockerEnv

@@ -8,6 +8,7 @@
 #ENABLE_UFW=false
 #UFW_ALLOW_GW_NET=false
 #UFW_EXTRA_PORTS=
+#UFW_DISABLE_IPTABLES_REJECT=false
 #TRANSMISSION_ALT_SPEED_DOWN=50 
 #TRANSMISSION_ALT_SPEED_ENABLED=false 
 #TRANSMISSION_ALT_SPEED_TIME_BEGIN=540 

Dockerfile

@@ -116,6 +116,7 @@ ENV OPENVPN_USERNAME=**None** \
     ENABLE_UFW=false \
     UFW_ALLOW_GW_NET=false \
     UFW_EXTRA_PORTS= \
+    UFW_DISABLE_IPTABLES_REJECT=false \
     TRANSMISSION_WEB_UI= \
     PUID= \
     PGID= \

Dockerfile.alpine

@@ -106,6 +106,7 @@ ENV OPENVPN_USERNAME=**None** \
     ENABLE_UFW=false \
     UFW_ALLOW_GW_NET=false \
     UFW_EXTRA_PORTS= \
+    UFW_DISABLE_IPTABLES_REJECT=false \
     TRANSMISSION_WEB_UI= \
     PUID= \
     PGID= \

Dockerfile.armhf

@@ -109,6 +109,7 @@ ENV OPENVPN_USERNAME=**None** \
     ENABLE_UFW=false \
     UFW_ALLOW_GW_NET=false \
     UFW_EXTRA_PORTS= \
+    UFW_DISABLE_IPTABLES_REJECT=false \
     TRANSMISSION_WEB_UI=\
     PUID=\
     PGID=\

README.md

@@ -150,6 +150,7 @@ If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to t
 |`ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true`|
 |`UFW_ALLOW_GW_NET` | Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | `UFW_ALLOW_GW_NET=true`|
 |`UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respsects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443`|
+|`UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true`|
 
 ### Alternative web UIs
 You can override the default web UI by setting the ```TRANSMISSION_WEB_HOME``` environment variable. If set, Transmission will look there for the Web Interface files, such as the javascript, html, and graphics files.

openvpn/start.sh

@@ -92,9 +92,18 @@ function ufwAllowPortLong {
 }
 
 if [[ "${ENABLE_UFW,,}" == "true" ]]; then
+  if [[ "${UFW_DISABLE_IPTABLES_REJECT,,}" == "true" ]]; then
+    # A horrible hack to ufw to prevent it detecting the ability to limit and REJECT traffic
+    sed -i 's/return caps/return []/g' /usr/lib/python3/dist-packages/ufw/util.py
+    # force a rewrite on the enable below
+    echo "Disable and blank firewall"
+    ufw disable
+    echo "" > /etc/ufw/user.rules
+  fi
   # Enable firewall
   echo "enabling firewall"
   sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
+  sed -i -e s/MANAGE_BUILTINS=no/MANAGE_BUILTINS=yes/ /etc/default/ufw
   ufw enable
 
   if [[ "${TRANSMISSION_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then