gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Client Guardian remove_client_rules now uses section names (v0.6.0-r32)

Browse Source 
- Fix duplicate firewall rules issue by using section names instead of indices
- UCI section deletion now properly handles all rules for a MAC address
- Prevents index shifting problems when deleting multiple rules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
CyberMind-FR 2026-01-08 16:54:23 +01:00
parent 9c7bbe513c
commit d8f5fcd6e4
1 changed files with 12 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
package/secubox/luci-app-client-guardian/root/usr/libexec/rpcd/luci.client-guardian
View File

@ -1149,30 +1149,20 @@ remove_client_rules() {
log_event "debug" "Removing firewall rules for MAC: $mac (clean: $mac_clean)" log_event "debug" "Removing firewall rules for MAC: $mac (clean: $mac_clean)"
# Find and remove all CG_ prefixed rules for this MAC # Find all rule sections by name containing the MAC
local rules_to_delete="" local sections_to_delete=""
local idx=0 sections_to_delete=$(uci show firewall 2>/dev/null | grep "\.name='CG_.*${mac_clean}'" | cut -d. -f2 | cut -d= -f1)
while true; do
local name=$(uci -q get firewall.@rule[$idx].name 2>/dev/null)
if [ -z "$name" ] && [ $idx -gt 100 ]; then
break
fi
if echo "$name" | grep -q "CG_.*${mac_clean}"; then
rules_to_delete="$rules_to_delete firewall.@rule[$idx]"
fi
idx=$((idx + 1))
# Safety limit
[ $idx -gt 500 ] && break
done
# Delete rules in reverse order to maintain indices # Also find by src_mac
for rule in $(echo "$rules_to_delete" | tr ' ' '\n' | tac); do local mac_sections=$(uci show firewall 2>/dev/null | grep -i "\.src_mac='${mac_upper}'" | cut -d. -f2 | cut -d= -f1)
[ -n "$rule" ] && uci delete "$rule" 2>/dev/null sections_to_delete="$sections_to_delete $mac_sections"
done
# Also check by src_mac directly # Remove duplicates and delete each section
uci show firewall 2>/dev/null | grep -i "src_mac='$mac_upper'" | cut -d. -f1-2 | sort -u | while read rule; do for section in $(echo "$sections_to_delete" | tr ' ' '\n' | sort -u); do
[ -n "$rule" ] && uci delete "$rule" 2>/dev/null [ -n "$section" ] && [ "$section" != "" ] && {
log_event "debug" "Deleting firewall section: $section"
uci delete "firewall.$section" 2>/dev/null
}
done done
uci commit firewall 2>/dev/null uci commit firewall 2>/dev/null