From 512ed12178ebf80f01b4a60196137b5efdb95505 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Thu, 8 Jan 2026 17:27:09 +0100 Subject: [PATCH] fix: Prevent infinite loop in secubox-wan-access (v0.6.0-r35) - Add apply-noreload command that skips firewall reload - Firewall include now uses apply-noreload to avoid loop - apply command still reloads firewall for manual use Co-Authored-By: Claude Opus 4.5 --- .../secubox-core/root/etc/firewall.secubox-wan | 4 ++-- .../secubox-core/root/usr/sbin/secubox-wan-access | 15 +++++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/package/secubox/secubox-core/root/etc/firewall.secubox-wan b/package/secubox/secubox-core/root/etc/firewall.secubox-wan index 96faba2a..ab580ef3 100644 --- a/package/secubox/secubox-core/root/etc/firewall.secubox-wan +++ b/package/secubox/secubox-core/root/etc/firewall.secubox-wan @@ -10,7 +10,7 @@ # Log the reload logger -t secubox-wan "Firewall reload detected - reapplying WAN access rules" -# Apply WAN access rules from UCI config -/usr/sbin/secubox-wan-access apply >/dev/null 2>&1 +# Apply WAN access rules from UCI config (noreload to avoid infinite loop) +/usr/sbin/secubox-wan-access apply-noreload >/dev/null 2>&1 exit 0 diff --git a/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access b/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access index 595e7cac..222f121f 100644 --- a/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access +++ b/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access @@ -84,7 +84,10 @@ add_rule() { } # Apply rules based on secubox config +# Note: noreload parameter skips firewall reload (used by firewall include to avoid loops) apply_rules() { + local noreload="$1" + config_load secubox local enabled https_enabled https_port http_enabled http_port ssh_enabled ssh_port @@ -122,7 +125,11 @@ apply_rules() { fi uci commit firewall - /etc/init.d/firewall reload >/dev/null 2>&1 + + # Only reload firewall if not called from firewall include (avoid infinite loop) + if [ "$noreload" != "noreload" ]; then + /etc/init.d/firewall reload >/dev/null 2>&1 + fi echo "WAN access rules applied" } @@ -210,6 +217,10 @@ case "$1" in apply) apply_rules ;; + apply-noreload) + # Called from firewall include - skip firewall reload to avoid loop + apply_rules "noreload" + ;; remove) remove_rules uci commit firewall @@ -229,7 +240,7 @@ case "$1" in json_status ;; *) - echo "Usage: $0 {apply|remove|enable|disable|status|json}" + echo "Usage: $0 {apply|apply-noreload|remove|enable|disable|status|json}" exit 1 ;; esac