LibrePortal/scripts/network/firewall/rules/firewall_clear_rules.sh
librelad 053a620e22 fix(reliability): split local result=$(cmd) so $? survives for checkSuccess
'local result=$(cmd)' resets $? to 0 (the local builtin's own exit), so the
following checkSuccess always saw success regardless of cmd's real exit — the
mechanism that masked the de-sudo write failures. Split declaration from
assignment ('local result; result=$(cmd)') across all 235 active-code sites
(84 files) so the command's exit reaches checkSuccess. No behaviour change
beyond $? now being accurate (no set -e in runtime code; multi-line
assignments transform safely).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-31 03:09:25 +01:00

61 lines
2.6 KiB
Bash
Executable File

#!/bin/bash
# Clear all LibrePortal-managed firewall rules
firewallClearLibrePortalRules()
{
local total_cleared=0
if [[ $EUID -eq 0 ]] && command -v ufw-docker &> /dev/null; then
local libreportal_rules=$(runSystem ufw-docker list 2>/dev/null | grep -E "(allow|deny)" || echo "")
if [[ -n "$libreportal_rules" ]]; then
echo "$libreportal_rules" | while read -r rule_line; do
if [[ $rule_line =~ (allow|deny)\ ([^[:space:]]+)\ ([^[:space:]]+) ]]; then
local action="${BASH_REMATCH[1]}"
local container="${BASH_REMATCH[2]}"
local port_spec="${BASH_REMATCH[3]}"
# Only clear LibrePortal app rules (not system rules)
if [[ -d "$containers_dir/$container" ]]; then
local result; result=$(runSystem ufw-docker delete "$action" "$container" "$port_spec" 2>&1)
if [[ $? -eq 0 ]]; then
((total_cleared++))
isSuccessful "Cleared: $action $container $port_spec"
else
isNotice "Failed to clear: $action $container $port_spec"
fi
fi
fi
done
else
isSuccessful "No UFW-Docker rules found"
fi
elif command -v ufw &> /dev/null; then
local libreportal_rules=$(runSystem ufw status numbered 2>/dev/null | grep -E "ALLOW.*LibrePortal" || echo "")
if [[ -n "$libreportal_rules" ]]; then
echo "$libreportal_rules" | while read -r rule_line; do
if [[ $rule_line =~ ^\[([0-9]+)\]\ (ALLOW|DENY)\ (.*)\ \(LibrePortal\)$ ]]; then
local rule_num="${BASH_REMATCH[1]}"
local action="${BASH_REMATCH[2]}"
local port_spec="${BASH_REMATCH[3]}"
local result; result=$(runSystem ufw --force delete "$rule_num" 2>&1)
if [[ $? -eq 0 ]]; then
((total_cleared++))
isNotice "Cleared rule #$rule_num: $action $port_spec"
else
isNotice "Failed to clear rule #$rule_num: $action $port_spec"
fi
fi
done
else
isSuccessful "No LibrePortal UFW rules found"
fi
else
isNotice "No firewall management available"
fi
isSuccessful "Cleared $total_cleared LibrePortal firewall rules"
}