From f1e1a4943d0e1290487b7d58b5c428fdbdbc73de Mon Sep 17 00:00:00 2001
From: Cao Mingjun <me@caomingjun.com>
Date: Thu, 15 Aug 2024 18:10:43 +0800
Subject: [PATCH] fix-host-connectivity: don't add rule if it already exist

---
 healthcheck/fix-host-connectivity.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/healthcheck/fix-host-connectivity.sh b/healthcheck/fix-host-connectivity.sh
index e16356f..bc10cf4 100644
--- a/healthcheck/fix-host-connectivity.sh
+++ b/healthcheck/fix-host-connectivity.sh
@@ -38,8 +38,17 @@ fi
 
 # add excluded networks to nft table cloudflare-warp and routing table
 for network in $networks; do
+  if ! sudo nft list table inet cloudflare-warp | grep -q "saddr $network accept"; then
+    echo "[fix-host-connectivity] Adding $network to input chain of nft table cloudflare-warp ."
     sudo nft add rule inet cloudflare-warp input ip saddr $network accept
+  fi
+  if ! sudo nft list table inet cloudflare-warp | grep -q "daddr $network accept"; then
+    echo "[fix-host-connectivity] Adding $network to output chain of nft table cloudflare-warp ."
     sudo nft add rule inet cloudflare-warp output ip daddr $network accept
+  fi
+  if ! ip rule list | grep -q "$network lookup main"; then
     # stop packet from using routing table created by CloudflareWARP
+    echo "[fix-host-connectivity] Adding routing rule for $network."
     sudo ip rule add to $network lookup main priority 10
+  fi
 done