From ee9af23dd04092819c94a78cf48644c0b18d1e70 Mon Sep 17 00:00:00 2001
From: mantaohuang <mantao@mit.edu>
Date: Sun, 12 Apr 2020 18:50:23 -0400
Subject: [PATCH] avoid duplicating iptable rules

---
 script.sh.template | 19 ++++++++++++++++---
 test.sh            |  6 ++++++
 2 files changed, 22 insertions(+), 3 deletions(-)
 create mode 100755 test.sh

diff --git a/script.sh.template b/script.sh.template
index 05144ad..05b7933 100644
--- a/script.sh.template
+++ b/script.sh.template
@@ -2,6 +2,19 @@
 echo ============================== >> {{script_log_fp}}
 env >> {{script_log_fp}}
 
+iptable_check_add(){
+    local x="$@"
+    iptables -C $x 2>/dev/null || iptables -A $x
+}
+iptable_nat_check_add(){
+    local x="$@"
+    iptables -t nat -C $x 2>/dev/null || iptables -t nat -A $x
+}
+iptable_mangle_check_add(){
+    local x="$@"
+    iptables -t mangle -C $x 2>/dev/null || iptables -t mangle -A $x
+}
+
 # create route table if it does not exist
 if [ $(cat /etc/iproute2/rt_tables | grep {{route_table_name}} | wc -l) -eq 0 ]; then
     echo "{{route_table_id}}  {{route_table_name}}" >> /etc/iproute2/rt_tables
@@ -12,8 +25,8 @@ if [ $(getent group|grep {{route_table_name}} | wc -l) -eq 0 ]; then
     groupadd {{route_table_name}}
 fi
 
-iptables -t mangle -I OUTPUT -m owner --gid-owner {{route_table_name}} -j MARK --set-mark {{route_table_id}}
-iptables -t nat -I POSTROUTING -m owner --gid-owner {{route_table_name}} -o ${dev} -j MASQUERADE
+iptable_mangle_check_add -I OUTPUT -m owner --gid-owner {{route_table_name}} -j MARK --set-mark {{route_table_id}}
+iptable_nat_check_add -t nat -I POSTROUTING -m owner --gid-owner {{route_table_name}} -o ${dev} -j MASQUERADE
 # populate route table
 ip route flush table {{route_table_name}}
 ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local} table {{route_table_name}}
@@ -24,6 +37,6 @@ ip route add ${route_vpn_gateway} dev ${dev} src ${ifconfig_local}
 
 ip rule add fwmark {{route_table_id}} table {{route_table_name}} pref {{rule_pref}} 
 #ip rule add from ${ifconfig_local} table {{route_table_name}} pref {{rule_pref}}
-iptables -I OUTPUT -m mark --mark {{route_table_id}} -j ACCEPT
+iptable_check_add -I OUTPUT -m mark --mark {{route_table_id}} -j ACCEPT
 
 exit 0
diff --git a/test.sh b/test.sh
new file mode 100755
index 0000000..2b532e4
--- /dev/null
+++ b/test.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+iptable_check_add(){
+    local x="$@"
+    iptables -C $x 2>/dev/null || iptables -A $x
+}