From 57330764b45760cd6d4e0ecead5e2f9d31a96465 Mon Sep 17 00:00:00 2001 From: ImBenji Date: Tue, 5 Aug 2025 13:51:52 +0100 Subject: [PATCH] Clean existing iptables rules before marking traffic for peers --- lib/wireguard/traffic_control.dart | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/wireguard/traffic_control.dart b/lib/wireguard/traffic_control.dart index e48d36b..f88fa46 100644 --- a/lib/wireguard/traffic_control.dart +++ b/lib/wireguard/traffic_control.dart @@ -34,10 +34,18 @@ class TrafficControlService { final downloadMark = mark + 1000; // Offset to avoid conflicts print('Running iptables MARK commands for $peerIP...'); - // Mark upload traffic (FROM peer) with uploadMark - await _runIptablesCommand(['-I', 'FORWARD', '-s', peerIP, '-j', 'MARK', '--set-mark', uploadMark.toString()]); - // Mark download traffic (TO peer) with downloadMark - await _runIptablesCommand(['-I', 'FORWARD', '-d', peerIP, '-j', 'MARK', '--set-mark', downloadMark.toString()]); + // Clean existing rules for this peer first + try { + await _runIptablesCommand(['-D', 'FORWARD', '-s', peerIP, '-j', 'MARK', '--set-mark', uploadMark.toString()]); + } catch (e) { /* Rule doesn't exist, ignore */ } + try { + await _runIptablesCommand(['-D', 'FORWARD', '-d', peerIP, '-j', 'MARK', '--set-mark', downloadMark.toString()]); + } catch (e) { /* Rule doesn't exist, ignore */ } + + // Mark upload traffic (FROM peer) with uploadMark - use POSTROUTING for upload + await _runIptablesCommand(['-t', 'mangle', '-I', 'POSTROUTING', '-s', peerIP, '-j', 'MARK', '--set-mark', uploadMark.toString()]); + // Mark download traffic (TO peer) with downloadMark - use FORWARD for download + await _runIptablesCommand(['-t', 'mangle', '-I', 'FORWARD', '-d', peerIP, '-j', 'MARK', '--set-mark', downloadMark.toString()]); print('Running tc class add/change commands for upload and download...');