diff --git a/parental-control/files/etc/init.d/parentalcontrol b/parental-control/files/etc/init.d/parentalcontrol index bd90c0ac9..92bc23cda 100755 --- a/parental-control/files/etc/init.d/parentalcontrol +++ b/parental-control/files/etc/init.d/parentalcontrol @@ -48,7 +48,7 @@ configure_fw_rules() { hw_nat -! > /dev/null 2>&1 fi if which conntrack > /dev/null 2>&1; then - conntrack -F > /dev/null 2>&1 + flush_conntrack_for_hosts fi # this is for urlfilter daemon diff --git a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh index d9d629e5c..13452cdf0 100644 --- a/parental-control/files/lib/parentalcontrol/parentalcontrol.sh +++ b/parental-control/files/lib/parentalcontrol/parentalcontrol.sh @@ -551,6 +551,62 @@ remove_internet_schedule_rules() { fi } +# Global array for resolved IPs +URLFILTER_IPS="" + +# Resolve hostname or MAC to IP from lease_file +get_host_ip() { + local host="$1" + local ip + local lease_file="/tmp/dhcp.leases" + + [ -f "$lease_file" ] || lease_file="/etc/parentalcontrol/dhcp.leases" + [ -f "$lease_file" ] || { log "Error: get_host_ip(): No DHCP lease file found."; return 1; } + + # try DHCP lease lookup + ip="$(awk -v h="$host" ' + { + mac=$2; ipaddr=$3; name=$4 + if (h == name || h == mac) { print ipaddr; exit } + }' "$lease_file")" + + [ -n "$ip" ] && URLFILTER_IPS="$URLFILTER_IPS $ip" +} + +# Process each profile section +resolve_profile_hosts() { + local section="$1" + local hostlist + + config_get hostlist "$section" host + [ -z "$hostlist" ] && return + + for h in $hostlist; do + get_host_ip "$h" + done +} + +# Main function to collect IPs and delete conntrack entries +flush_conntrack_for_hosts() { + URLFILTER_IPS="" + local count max + + config_foreach resolve_profile_hosts profile + + URLFILTER_IPS="$(echo "$URLFILTER_IPS" | tr ' ' '\n' | sort -u | xargs)" + for ip in $URLFILTER_IPS; do + count=0 + max=1000 + while conntrack -D -s "$ip" >/dev/null 2>&1; do + count=$((count+1)) + if [ $count -ge $max ]; then + log "Warning: Forced to stop conntrack delete after $max deletions for $ip (possible loop)" + break + fi + done + done +} + OVERRIDE_JSON="/etc/parentalcontrol/urlbundle_override.json" DM_PLUGIN_PATH="/usr/share/bbfdm/micro_services/parentalcontrol/urlbundle_override.json"