diff --git a/scripts/iptables-mihomo-setup.sh b/scripts/iptables-mihomo-setup.sh
index 09b0c71..df25d04 100644
--- a/scripts/iptables-mihomo-setup.sh
+++ b/scripts/iptables-mihomo-setup.sh
@@ -20,13 +20,15 @@ EXCLUDE_IFACES=("tun0" "wg0")
 ipt() { iptables "$@"; }
 
 ensure_ip_rule() {
-  # Route marked traffic to local via custom table (idempotent-ish)
-  ip rule list | grep -q "fwmark ${FW_MARK} lookup ${ROUTE_TABLE}" || \
-    ip rule add fwmark ${FW_MARK} lookup ${ROUTE_TABLE}
+  # Remove duplicates if any (doesn't error if absent)
+  while ip rule list | grep -q "fwmark ${FW_MARK} lookup ${ROUTE_TABLE}"; do
+    ip rule del fwmark ${FW_MARK} lookup ${ROUTE_TABLE} || true
+  done
 
-  # Route everything in that table to local loopback so TPROXY can catch it
-  ip route show table ${ROUTE_TABLE} | grep -q "^local 0.0.0.0/0 dev lo" || \
-    ip route add local 0.0.0.0/0 dev lo table ${ROUTE_TABLE}
+  ip rule add fwmark ${FW_MARK} lookup ${ROUTE_TABLE}
+
+  # Route table entry, forced
+  ip route replace local 0.0.0.0/0 dev lo table ${ROUTE_TABLE}
 }
 
 # ----------------------------