use -legacy variant of iptables

ipv4-rules.sh

@@ -229,13 +229,7 @@ export PATH=/usr/sbin:/usr/bin:/sbin/:/bin
 
 umask 066
 
-if type iptables-legacy 1>/dev/null; then
-  ipt="iptables-legacy"
-elif type iptables 1>/dev/null; then
-  ipt="iptables"
-else
-  echo "can't find iptables executable" >&1
-fi
+ipt="iptables-legacy"
 trustlist="tor-trust"      # Tor authorities and snowflake servers
 jobs=$((1 + $(nproc) / 2)) # parallel jobs of adding ips to an ipset
 prefix=32                  # any ipv4 address of this CIDR block is considered to belong to the same source/owner

ipv6-rules.sh

@@ -214,13 +214,7 @@ export PATH=/usr/sbin:/usr/bin:/sbin/:/bin
 
 umask 066
 
-if type ip6tables-legacy 1>/dev/null; then
-  ipt="ip6tables-legacy"
-elif type ip6tables 1>/dev/null; then
-  ipt="ip6tables"
-else
-  echo "can't find ip6tables executable" >&1
-fi
+ipt="ip6tables-legacy"
 trustlist="tor-trust6"     # Tor authorities and snowflake servers
 jobs=$((1 + $(nproc) / 2)) # parallel jobs of adding ips to an ipset
 prefix=80                  # any ipv6 address of this CIDR block is considered to belong to the same source/owner

metrics.sh

@@ -23,8 +23,8 @@ function printMetricsIptables() {
   local tables4
   local tables6
 
-  tables4=$(iptables -nvx -L INPUT -t filter) || return 1
-  tables6=$(ip6tables -nvx -L INPUT -t filter) || return 1
+  tables4=$(iptables-legacy -nvx -L INPUT -t filter) || return 1
+  tables6=$(ip6tables-legacy -nvx -L INPUT -t filter) || return 1
 
   var="torutils_dropped_state_packets"
   echo -e "# HELP $var Total number of dropped packets due to wrong TCP state\n# TYPE $var gauge"