fix: Fix UCI rule deletion to handle index shifting in WAN access

When deleting multiple UCI firewall rules by index, the indices shift after each deletion. The previous method using section names didn't work reliably with fw4's anonymous rules. New approach uses a while loop that: - Iterates through rules by index - Deletes matching rule and restarts from beginning - Continues until no matching rules found This ensures all secubox_wan_* rules are properly removed before reapplying new ones. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-08 17:34:38 +01:00 · 2026-01-08 17:34:38 +01:00 · bb4ba0e217
commit bb4ba0e217
parent 4eaf1cb27f
1 changed files with 16 additions and 8 deletions
--- a/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access
+++ b/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access
@ -12,16 +12,24 @@ RULE_PREFIX="secubox_wan"
 # Remove all SecuBox WAN access rules from UCI
 remove_uci_rules() {
 	local changed=0
-	local sections=""

-	# Find all secubox_wan rules by name
-	sections=$(uci show firewall 2>/dev/null | grep "\.name='${RULE_PREFIX}" | cut -d. -f2 | cut -d= -f1)
+	# Keep removing rules until none left (indices shift after each delete)
+	while true; do
+		local found=0
+		local i=0
+		while true; do
+			local name=$(uci -q get firewall.@rule[$i].name 2>/dev/null)
+			[ -z "$name" ] && break

-	for section in $sections; do
-		[ -n "$section" ] && {
-			uci delete "firewall.$section" 2>/dev/null
-			changed=1
-		}
+			if echo "$name" | grep -q "^${RULE_PREFIX}"; then
+				uci delete "firewall.@rule[$i]" 2>/dev/null
+				changed=1
+				found=1
+				break  # Restart from beginning since indices shifted
+			fi
+			i=$((i + 1))
+		done
+		[ "$found" -eq 0 ] && break
 	done

 	[ "$changed" -eq 1 ] && uci commit firewall