take care of /etc/ufw/before.rules nat section. safeguard against accidentally killing the file.

Signed-off-by: corbolais <corbolais@gmail.com>

auto_install/install.sh

@@ -1401,7 +1401,20 @@ confNetwork(){
 			USING_UFW=1
 			echo "::: Detected UFW is enabled."
 			echo "::: Adding UFW rules..."
+			### Basic safeguard: if file is empty, there's been something weird going on.
+			### Note: no safeguard against imcomplete content as a result of previous failures.
+			if test -s /etc/ufw/before.rules; then
+				$SUDO cp -f /etc/ufw/before.rules /etc/ufw/before.rules.pre-pivpn
+			else
+				echo "$0: ERR: Sorry, won't touch empty file \"/etc/ufw/before.rules\".";
+				exit 1;
+			fi
+			### If there is already a "*nat" section just add our POSTROUTING MASQUERADE
+			if grep -q "*nat" /etc/ufw/before.rules; then
+				$SUDO sed "/^*nat/{n;s/\(:POSTROUTING ACCEPT .*\)/\1\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE/}" -i /etc/ufw/before.rules
+			else
 				$SUDO sed "/delete these required/i *nat\n:POSTROUTING ACCEPT [0:0]\n-I POSTROUTING -s ${pivpnNET}\/24 -o ${IPv4dev} -j MASQUERADE\nCOMMIT\n" -i /etc/ufw/before.rules
+			fi
 			# Insert rules at the beginning of the chain (in case there are other rules that may drop the traffic)
 			$SUDO ufw insert 1 allow "${pivpnPORT}"/"${pivpnPROTO}" >/dev/null
 			$SUDO ufw route insert 1 allow in on "${pivpnDEV}" from "${pivpnNET}/24" out on "${IPv4dev}" to any >/dev/null