Added nft_chain_exists() and fixed nft to use that

author: Haw Loeung <haw.loeung@canonical.com> 2020-02-03 10:37:02 +1100
committer: Brian May <brian@linuxpenguins.xyz> 2020-02-04 07:41:29 +1100
commit: 13db89916afdcea30fc3e275ec2654d8037f5934 (patch)
tree: 32719afc2b227d2a6ee7e7e5087f662b3261db02 /sshuttle/methods
parent: 84076f29fac33d06aaa4298a0ffb7b5468a995a4 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/sshuttle/methods/nft.py b/sshuttle/methods/nft.py
index 59266af..40f6f3b 100644
--- a/sshuttle/methods/nft.py
+++ b/sshuttle/methods/nft.py
@@ -1,7 +1,7 @@
 import socket
 from sshuttle.firewall import subnet_weight
 from sshuttle.helpers import Fatal, log
-from sshuttle.linux import nft, nft_get_handle, nonfatal
+from sshuttle.linux import nft, nft_get_handle, nft_chain_exists, nonfatal
 from sshuttle.methods import BaseMethod
 
 
@@ -28,10 +28,8 @@ class Method(BaseMethod):
         for chain in ['prerouting', 'postrouting', 'output']:
             rules = '{{ type nat hook {} priority -100; policy accept; }}' \
                     .format(chain)
-            try:
+            if not nft_chain_exists(family, table, chain):
                 _nft('add chain', chain, rules)
-            except Fatal:
-                log('Chain {} already exists, ignoring\n'.format(chain))
 
         chain = 'sshuttle-%s' % port
author	Haw Loeung <haw.loeung@canonical.com>	2020-02-03 10:37:02 +1100
committer	Brian May <brian@linuxpenguins.xyz>	2020-02-04 07:41:29 +1100
commit	13db89916afdcea30fc3e275ec2654d8037f5934 (patch)
tree	32719afc2b227d2a6ee7e7e5087f662b3261db02 /sshuttle/methods
parent	84076f29fac33d06aaa4298a0ffb7b5468a995a4 (diff)