parental-control: only flush relevant connections using conntrack

parental-control/files/etc/init.d/parentalcontrol

@@ -48,7 +48,7 @@ configure_fw_rules() {
 				hw_nat -! > /dev/null 2>&1
 			fi
 			if which conntrack > /dev/null 2>&1; then
-				conntrack -F > /dev/null 2>&1
+				flush_conntrack_for_hosts
 			fi
 
 			# this is for urlfilter daemon

parental-control/files/lib/parentalcontrol/parentalcontrol.sh

@@ -551,6 +551,62 @@ remove_internet_schedule_rules() {
 	fi
 }
 
+# Global array for resolved IPs
+URLFILTER_IPS=""
+
+# Resolve hostname or MAC to IP from lease_file
+get_host_ip() {
+	local host="$1"
+	local ip
+	local lease_file="/tmp/dhcp.leases"
+
+	[ -f "$lease_file" ] || lease_file="/etc/parentalcontrol/dhcp.leases"
+	[ -f "$lease_file" ] || { log "Error: get_host_ip(): No DHCP lease file found."; return 1; }
+
+	# try DHCP lease lookup
+	ip="$(awk -v h="$host" '
+	{
+		mac=$2; ipaddr=$3; name=$4
+		if (h == name || h == mac) { print ipaddr; exit }
+	}' "$lease_file")"
+
+	[ -n "$ip" ] && URLFILTER_IPS="$URLFILTER_IPS $ip"
+}
+
+# Process each profile section
+resolve_profile_hosts() {
+	local section="$1"
+	local hostlist
+
+	config_get hostlist "$section" host
+	[ -z "$hostlist" ] && return
+
+	for h in $hostlist; do
+		get_host_ip "$h"
+	done
+}
+
+# Main function to collect IPs and delete conntrack entries
+flush_conntrack_for_hosts() {
+	URLFILTER_IPS=""
+	local count max
+
+	config_foreach resolve_profile_hosts profile
+
+	URLFILTER_IPS="$(echo "$URLFILTER_IPS" | tr ' ' '\n' | sort -u | xargs)"
+	for ip in $URLFILTER_IPS; do
+		count=0
+		max=1000
+		while conntrack -D -s "$ip" >/dev/null 2>&1; do
+			count=$((count+1))
+			if [ $count -ge $max ]; then
+				log "Warning: Forced to stop conntrack delete after $max deletions for $ip (possible loop)"
+				break
+			fi
+		done
+	done
+}
+
 OVERRIDE_JSON="/etc/parentalcontrol/urlbundle_override.json"
 DM_PLUGIN_PATH="/usr/share/bbfdm/micro_services/parentalcontrol/urlbundle_override.json"