From bb4ba0e2174587255a45ced7dc2f3b93759168b2 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Thu, 8 Jan 2026 17:34:38 +0100 Subject: [PATCH] fix: Fix UCI rule deletion to handle index shifting in WAN access When deleting multiple UCI firewall rules by index, the indices shift after each deletion. The previous method using section names didn't work reliably with fw4's anonymous rules. New approach uses a while loop that: - Iterates through rules by index - Deletes matching rule and restarts from beginning - Continues until no matching rules found This ensures all secubox_wan_* rules are properly removed before reapplying new ones. Co-Authored-By: Claude Opus 4.5 --- .../root/usr/sbin/secubox-wan-access | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access b/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access index b1000247..334a47ba 100644 --- a/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access +++ b/package/secubox/secubox-core/root/usr/sbin/secubox-wan-access @@ -12,16 +12,24 @@ RULE_PREFIX="secubox_wan" # Remove all SecuBox WAN access rules from UCI remove_uci_rules() { local changed=0 - local sections="" - # Find all secubox_wan rules by name - sections=$(uci show firewall 2>/dev/null | grep "\.name='${RULE_PREFIX}" | cut -d. -f2 | cut -d= -f1) + # Keep removing rules until none left (indices shift after each delete) + while true; do + local found=0 + local i=0 + while true; do + local name=$(uci -q get firewall.@rule[$i].name 2>/dev/null) + [ -z "$name" ] && break - for section in $sections; do - [ -n "$section" ] && { - uci delete "firewall.$section" 2>/dev/null - changed=1 - } + if echo "$name" | grep -q "^${RULE_PREFIX}"; then + uci delete "firewall.@rule[$i]" 2>/dev/null + changed=1 + found=1 + break # Restart from beginning since indices shifted + fi + i=$((i + 1)) + done + [ "$found" -eq 0 ] && break done [ "$changed" -eq 1 ] && uci commit firewall