On systems with multiple default routes, the host_ip function misbehaved and passed garbage to iptables.
Add a | head -n1 at the end of the interface query command to only look at the first default route (which should have the highest metric in ip route's output).
On systems with multiple default routes, the
host_ipfunction misbehaved and passed garbage to iptables.Add a
| head -n1at the end of the interface query command to only look at the first default route (which should have the highest metric inip route's output).