From 145d124410bba76208afd2b5d13277d0ab780ecc Mon Sep 17 00:00:00 2001
From: Pablo Carranza Velez <pablo@resin.io>
Date: Tue, 16 Aug 2016 09:30:38 -0300
Subject: [PATCH] Check if rules exist before adding them

---
 src/utils.coffee | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/utils.coffee b/src/utils.coffee
index 6838988e..2c0512b7 100644
--- a/src/utils.coffee
+++ b/src/utils.coffee
@@ -281,9 +281,14 @@ exports.validateKeys = (options, validSet) ->
 		invalidKeys = _.keys(_.omit(options, validSet))
 		throw new Error("Using #{invalidKeys.join(', ')} is not allowed.") if !_.isEmpty(invalidKeys)
 
+checkAndAddIptablesRule = (rule) ->
+	execAsync("iptables -C #{rule}")
+	.catch ->
+		execAsync("iptables -A #{rule}")
+
 exports.createIpTablesRules = ->
 	allowedInterfaces = ['tun0', 'docker0', 'lo']
 	Promise.each allowedInterfaces, (iface) ->
-		execAsync("iptables -A INPUT -p tcp --dport #{config.listenPort} -i #{iface} -j ACCEPT")
+		checkAndAddIptablesRule("INPUT -p tcp --dport #{config.listenPort} -i #{iface} -j ACCEPT")
 	.then ->
-		execAsync("iptables -A INPUT -p tcp --dport #{config.listenPort} -j REJECT")
+		checkAndAddIptablesRule("INPUT -p tcp --dport #{config.listenPort} -j REJECT")