PostUp/PostDown should be idempotent #578
Description
I used reboot cmd just after installation and got doubled all iptables rules.
# Generated by iptables-save v1.8.10 (nf_tables) on Tue Oct 7 16:30:58 2025
*filter
:INPUT DROP [1403:210471]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [871:102012]
-A INPUT -p udp -m udp --dport 49885 -j ACCEPT
-A INPUT -p udp -m udp --dport 49885 -j ACCEPT
-A INPUT -i lo -m comment --comment host-setup -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment host-setup -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment host-setup -j ACCEPT
-A FORWARD -i wg100 -j ACCEPT
-A FORWARD -i ens3 -o wg100 -j ACCEPT
-A FORWARD -i wg100 -j ACCEPT
-A FORWARD -i ens3 -o wg100 -j ACCEPT
COMMIT
# Completed on Tue Oct 7 16:30:58 2025
# Generated by iptables-save v1.8.10 (nf_tables) on Tue Oct 7 16:30:58 2025
*nat
:PREROUTING ACCEPT [3298:447077]
:INPUT ACCEPT [12:724]
:OUTPUT ACCEPT [26:1618]
:POSTROUTING ACCEPT [22:1334]
-A POSTROUTING -o ens3 -j MASQUERADE
-A POSTROUTING -o ens3 -j MASQUERADE
COMMIT
# Completed on Tue Oct 7 16:30:58 2025
The fix should be:
PostUp = iptables -C FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT 2>/dev/null || iptables -I FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT
PostUp = iptables -C FORWARD -i ${SERVER_WG_NIC} -j ACCEPT 2>/dev/null || iptables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
PostUp = iptables -t nat -C POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE 2>/dev/null || iptables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE
PostUp = ip6tables -C FORWARD -i ${SERVER_WG_NIC} -j ACCEPT 2>/dev/null || ip6tables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
PostUp = ip6tables -t nat -C POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE 2>/dev/null || ip6tables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE