From d56326855033fb4130e2a959a0e0650cda620891 Mon Sep 17 00:00:00 2001
From: Brian Cornally <93508235+brian-cornally@users.noreply.github.com>
Date: Fri, 17 Apr 2026 23:06:22 -0700
Subject: [PATCH] fix: use -exist flag in ipset add to prevent duplicate entry
 errors

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .devcontainer/init-firewall.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.devcontainer/init-firewall.sh b/.devcontainer/init-firewall.sh
index 16d492dd26..37770b3a23 100644
--- a/.devcontainer/init-firewall.sh
+++ b/.devcontainer/init-firewall.sh
@@ -60,7 +60,7 @@ while read -r cidr; do
         exit 1
     fi
     echo "Adding GitHub range $cidr"
-    ipset add allowed-domains "$cidr"
+    ipset add -exist allowed-domains "$cidr"
 done < <(echo "$gh_ranges" | jq -r '(.web + .api + .git)[]' | aggregate -q)
 
 # Resolve and add other allowed domains
@@ -79,14 +79,14 @@ for domain in \
         echo "ERROR: Failed to resolve $domain"
         exit 1
     fi
-    
+
     while read -r ip; do
         if [[ ! "$ip" =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
             echo "ERROR: Invalid IP from DNS for $domain: $ip"
             exit 1
         fi
         echo "Adding $ip for $domain"
-        ipset add allowed-domains "$ip"
+        ipset add -exist allowed-domains "$ip"
     done < <(echo "$ips")
 done