avoid duplicating iptable rules

script.sh.template

@@ -2,6 +2,19 @@
 echo ============================== >> {{script_log_fp}}
 env >> {{script_log_fp}}
 
+iptable_check_add(){
+    local x="$@"
+    iptables -C $x 2>/dev/null || iptables -A $x
+}
+iptable_nat_check_add(){
+    local x="$@"
+    iptables -t nat -C $x 2>/dev/null || iptables -t nat -A $x
+}
+iptable_mangle_check_add(){
+    local x="$@"
+    iptables -t mangle -C $x 2>/dev/null || iptables -t mangle -A $x
+}
+
 # create route table if it does not exist
 if [ $(cat /etc/iproute2/rt_tables | grep {{route_table_name}} | wc -l) -eq 0 ]; then
     echo "{{route_table_id}}  {{route_table_name}}" >> /etc/iproute2/rt_tables
@@ -12,8 +25,8 @@ if [ $(getent group|grep {{route_table_name}} | wc -l) -eq 0 ]; then
     groupadd {{route_table_name}}
 fi
 
-iptables -t mangle -I OUTPUT -m owner --gid-owner {{route_table_name}} -j MARK --set-mark {{route_table_id}}
-iptables -t nat -I POSTROUTING -m owner --gid-owner {{route_table_name}} -o ${dev} -j MASQUERADE
+iptable_mangle_check_add -I OUTPUT -m owner --gid-owner {{route_table_name}} -j MARK --set-mark {{route_table_id}}
+iptable_nat_check_add -t nat -I POSTROUTING -m owner --gid-owner {{route_table_name}} -o ${dev} -j MASQUERADE
 # populate route table
 ip route flush table {{route_table_name}}
 ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local} table {{route_table_name}}
@@ -24,6 +37,6 @@ ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local}
 
 ip rule add fwmark {{route_table_id}} table {{route_table_name}} pref {{rule_pref}} 
 #ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}}
-iptables -I OUTPUT -m mark --mark {{route_table_id}} -j ACCEPT
+iptable_check_add -I OUTPUT -m mark --mark {{route_table_id}} -j ACCEPT
 
 exit 0

test.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+iptable_check_add(){
+    local x="$@"
+    iptables -C $x 2>/dev/null || iptables -A $x
+}