wireguard-install PostUp/PostDown should be idempotent

I used reboot cmd just after installation and got doubled all iptables rules.

# Generated by iptables-save v1.8.10 (nf_tables) on Tue Oct  7 16:30:58 2025
*filter
:INPUT DROP [1403:210471]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [871:102012]
-A INPUT -p udp -m udp --dport 49885 -j ACCEPT
-A INPUT -p udp -m udp --dport 49885 -j ACCEPT
-A INPUT -i lo -m comment --comment host-setup -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment host-setup -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment host-setup -j ACCEPT
-A FORWARD -i wg100 -j ACCEPT
-A FORWARD -i ens3 -o wg100 -j ACCEPT
-A FORWARD -i wg100 -j ACCEPT
-A FORWARD -i ens3 -o wg100 -j ACCEPT
COMMIT
# Completed on Tue Oct  7 16:30:58 2025
# Generated by iptables-save v1.8.10 (nf_tables) on Tue Oct  7 16:30:58 2025
*nat
:PREROUTING ACCEPT [3298:447077]
:INPUT ACCEPT [12:724]
:OUTPUT ACCEPT [26:1618]
:POSTROUTING ACCEPT [22:1334]
-A POSTROUTING -o ens3 -j MASQUERADE
-A POSTROUTING -o ens3 -j MASQUERADE
COMMIT
# Completed on Tue Oct  7 16:30:58 2025

The fix should be:

PostUp   = iptables -C FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT 2>/dev/null || iptables -I FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT
PostUp   = iptables -C FORWARD -i ${SERVER_WG_NIC} -j ACCEPT 2>/dev/null || iptables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
PostUp   = iptables -t nat -C POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE 2>/dev/null || iptables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE
PostUp   = ip6tables -C FORWARD -i ${SERVER_WG_NIC} -j ACCEPT 2>/dev/null || ip6tables -I FORWARD -i ${SERVER_WG_NIC} -j ACCEPT
PostUp   = ip6tables -t nat -C POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE 2>/dev/null || ip6tables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE

Oct 07 '25 13:10 a0s

The site name I understand...

But for the site_status I'm worried more about people not realizing their site is unavailable to anonymous users because they don't realize they unchecked a box weeks ago when they first installed MODX, than people having unfinished sites accidentally indexed. Does the config check currently show a warning if the site is deactivated that way?

Mar 12 '21 19:03 Mark-H

Does the config check currently show a warning if the site is deactivated that way?

In my opinion, no. Is it possible somehow to disable the site during the installation process?

Mar 12 '21 19:03 Ruslan-Aleev

Related https://github.com/modxcms/revolution/issues/13876

Mar 15 '21 07:03 Ibochkarev