From 16ca0a11b6a48d060727dc8a3883897b3cb5c963 Mon Sep 17 00:00:00 2001
From: DaTekShaman <datekshaman@yandex.ru>
Date: Sat, 27 Dec 2025 15:44:39 +0300
Subject: [PATCH] Refactor ensure_ip_rule function to remove duplicate ip rules
 and enforce route table entry

---
 scripts/iptables-mihomo-setup.sh | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/scripts/iptables-mihomo-setup.sh b/scripts/iptables-mihomo-setup.sh
index 09b0c71..df25d04 100644
--- a/scripts/iptables-mihomo-setup.sh
+++ b/scripts/iptables-mihomo-setup.sh
@@ -20,13 +20,15 @@ EXCLUDE_IFACES=("tun0" "wg0")
 ipt() { iptables "$@"; }
 
 ensure_ip_rule() {
-  # Route marked traffic to local via custom table (idempotent-ish)
-  ip rule list | grep -q "fwmark ${FW_MARK} lookup ${ROUTE_TABLE}" || \
-    ip rule add fwmark ${FW_MARK} lookup ${ROUTE_TABLE}
+  # Remove duplicates if any (doesn't error if absent)
+  while ip rule list | grep -q "fwmark ${FW_MARK} lookup ${ROUTE_TABLE}"; do
+    ip rule del fwmark ${FW_MARK} lookup ${ROUTE_TABLE} || true
+  done
 
-  # Route everything in that table to local loopback so TPROXY can catch it
-  ip route show table ${ROUTE_TABLE} | grep -q "^local 0.0.0.0/0 dev lo" || \
-    ip route add local 0.0.0.0/0 dev lo table ${ROUTE_TABLE}
+  ip rule add fwmark ${FW_MARK} lookup ${ROUTE_TABLE}
+
+  # Route table entry, forced
+  ip route replace local 0.0.0.0/0 dev lo table ${ROUTE_TABLE}
 }
 
 # ----------------------------