fallback to -legacy only if needed

README.md

@@ -88,10 +88,10 @@ and create cron jobs (via `crontab -e`) like these:
 @daily  /root/ipv4-rules.sh update; /root/ipv6-rules.sh update
 ```
 
-That's all.
-
 Ensure, that the package _iptables-persistent_ is either not installed or disabled.
 
+That's all.
+
 More hints are in the [Installation](#installation) section.
 I do appreciate [issue](https://github.com/toralf/torutils/issues) reports
 and GitHub [PR](https://github.com/toralf/torutils/pulls).

ipv4-rules.sh

@@ -229,7 +229,23 @@ export PATH=/usr/sbin:/usr/bin:/sbin/:/bin
 
 umask 066
 
+# check if regular iptables works or if the legacy variant is explicitly needed
 ipt="iptables"
+set +e
+$ipt -nv -L INPUT &>/dev/null
+rc=$?
+if [[ $rc -ne 0 ]]; then
+  if [[ $rc -eq 4 ]]; then
+    ipt+="-legacy"
+  fi
+  $ipt -nv -L INPUT &>/dev/null
+  rc=$?
+  if [[ $rc -ne 0 ]]; then
+    echo " $ipt is not working as expected" >&2
+  fi
+fi
+set -e
+
 trustlist="tor-trust"      # Tor authorities and snowflake servers
 jobs=$((1 + $(nproc) / 2)) # parallel jobs of adding ips to an ipset
 prefix=32                  # any ipv4 address of this CIDR block is considered to belong to the same source/owner

ipv6-rules.sh

@@ -214,7 +214,23 @@ export PATH=/usr/sbin:/usr/bin:/sbin/:/bin
 
 umask 066
 
+# check if regular iptables works or if the legacy variant is explicitly needed
 ipt="ip6tables"
+set +e
+$ipt -nv -L INPUT &>/dev/null
+rc=$?
+if [[ $rc -ne 0 ]]; then
+  if [[ $rc -eq 4 ]]; then
+    ipt+="-legacy"
+  fi
+  $ipt -nv -L INPUT &>/dev/null
+  rc=$?
+  if [[ $rc -ne 0 ]]; then
+    echo " $ipt is not working as expected" >&2
+  fi
+fi
+set -e
+
 trustlist="tor-trust6"     # Tor authorities and snowflake servers
 jobs=$((1 + $(nproc) / 2)) # parallel jobs of adding ips to an ipset
 prefix=80                  # any ipv6 address of this CIDR block is considered to belong to the same source/owner