From 0104b4533115056de0b433278f937fab939e0f38 Mon Sep 17 00:00:00 2001
From: alexz <me@alexzaw.dev>
Date: Wed, 4 Feb 2026 21:11:25 +0000
Subject: [PATCH] rego-tunnel: fix pipefail crash in host-routing.sh
 remove_all()

The nft|grep|grep|head pipeline fails when no masquerade rule exists,
causing the script to exit under set -euo pipefail. Add || true to
match the cistech-tunnel version.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 apps/rego-tunnel/shared/host-routing.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/rego-tunnel/shared/host-routing.sh b/apps/rego-tunnel/shared/host-routing.sh
index be818f9..22ec9a7 100644
--- a/apps/rego-tunnel/shared/host-routing.sh
+++ b/apps/rego-tunnel/shared/host-routing.sh
@@ -94,7 +94,7 @@ remove_all() {
 
     # Remove masquerade rule (using nft)
     local handle
-    handle=$(nft -a list chain ip nat POSTROUTING 2>/dev/null | grep "saddr $LAN_SUBNET.*oifname.*$BRIDGE_NAME.*masquerade" | grep -oP 'handle \K\d+' | head -1)
+    handle=$(nft -a list chain ip nat POSTROUTING 2>/dev/null | grep "saddr $LAN_SUBNET.*oifname.*$BRIDGE_NAME.*masquerade" | grep -oP 'handle \K\d+' | head -1 || true)
     if [ -n "$handle" ]; then
         nft delete rule ip nat POSTROUTING handle "$handle" 2>/dev/null || true
     fi