Refactor ensure_ip_rule function to remove duplicate ip rules and enforce route table entry

scripts/iptables-mihomo-setup.sh

@@ -20,13 +20,15 @@ EXCLUDE_IFACES=("tun0" "wg0")
 ipt() { iptables "$@"; }
 
 ensure_ip_rule() {
-  # Route marked traffic to local via custom table (idempotent-ish)
+  # Remove duplicates if any (doesn't error if absent)
-  ip rule list | grep -q "fwmark ${FW_MARK} lookup ${ROUTE_TABLE}" || \
+  while ip rule list | grep -q "fwmark ${FW_MARK} lookup ${ROUTE_TABLE}"; do
-    ip rule add fwmark ${FW_MARK} lookup ${ROUTE_TABLE}
+    ip rule del fwmark ${FW_MARK} lookup ${ROUTE_TABLE} || true
+  done
 
-  # Route everything in that table to local loopback so TPROXY can catch it
+  ip rule add fwmark ${FW_MARK} lookup ${ROUTE_TABLE}
-  ip route show table ${ROUTE_TABLE} | grep -q "^local 0.0.0.0/0 dev lo" || \
+
-    ip route add local 0.0.0.0/0 dev lo table ${ROUTE_TABLE}
+  # Route table entry, forced
+  ip route replace local 0.0.0.0/0 dev lo table ${ROUTE_TABLE}
 }
 
 # ----------------------------