fix-host-connectivity: don't add rule if it already exist

cmj2002 · Aug 15, 2024 · f1e1a49 · f1e1a49
1 parent 2ffe606
commit f1e1a49
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/healthcheck/fix-host-connectivity.sh b/healthcheck/fix-host-connectivity.sh
@@ -38,8 +38,17 @@ fi
 
 # add excluded networks to nft table cloudflare-warp and routing table
 for network in $networks; do
+  if ! sudo nft list table inet cloudflare-warp | grep -q "saddr $network accept"; then
+    echo "[fix-host-connectivity] Adding $network to input chain of nft table cloudflare-warp ."
     sudo nft add rule inet cloudflare-warp input ip saddr $network accept
+  fi
+  if ! sudo nft list table inet cloudflare-warp | grep -q "daddr $network accept"; then
+    echo "[fix-host-connectivity] Adding $network to output chain of nft table cloudflare-warp ."
     sudo nft add rule inet cloudflare-warp output ip daddr $network accept
+  fi
+  if ! ip rule list | grep -q "$network lookup main"; then
     # stop packet from using routing table created by CloudflareWARP
+    echo "[fix-host-connectivity] Adding routing rule for $network."
     sudo ip rule add to $network lookup main priority 10
+  fi
 done