From dde41f6225c5b5bf8320a87f0ee893e784a25b02 Mon Sep 17 00:00:00 2001
From: Kurt Carpenter <kurt@anthropic.com>
Date: Wed, 30 Jul 2025 10:54:05 -0700
Subject: [PATCH] fix: Handle missing Docker DNS rules gracefully in firewall
 script
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add error handling for grep when no Docker DNS rules exist, preventing
script failure on default Docker networks while still preserving DNS
functionality on custom networks.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .devcontainer/init-firewall.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.devcontainer/init-firewall.sh b/.devcontainer/init-firewall.sh
index a410c5c7..0b987171 100644
--- a/.devcontainer/init-firewall.sh
+++ b/.devcontainer/init-firewall.sh
@@ -3,7 +3,7 @@ set -euo pipefail  # Exit on error, undefined vars, and pipeline failures
 IFS=$'\n\t'       # Stricter word splitting
 
 # 1. Extract Docker DNS info BEFORE any flushing
-DOCKER_DNS_RULES=$(iptables-save -t nat | grep "127\.0\.0\.11")
+DOCKER_DNS_RULES=$(iptables-save -t nat | grep "127\.0\.0\.11" || true)
 
 # Flush existing rules and delete existing ipsets
 iptables -F