From 3dd10c679b4c9a11aca14e10f4fee83c4b7ffc2f Mon Sep 17 00:00:00 2001
From: anten-ka <antenkamax@gmail.com>
Date: Sat, 7 Mar 2026 12:39:31 +0300
Subject: [PATCH] Fix UFW cleanup: close ports on rule delete, flush, and full
 uninstall

Made-with: Cursor
---
 install.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/install.sh b/install.sh
index a7374b3..a058d70 100644
--- a/install.sh
+++ b/install.sh
@@ -521,6 +521,9 @@ delete_single_rule() {
     iptables -t nat -D PREROUTING -p "$d_proto" --dport "$d_port" -j DNAT --to-destination "$d_dest" 2>/dev/null
     iptables -S INPUT 2>/dev/null | grep "kaskad:${d_port}:${d_proto}" | while read -r rule; do eval "iptables -D ${rule#-A }" 2>/dev/null; done
     iptables -S FORWARD 2>/dev/null | grep "kaskad:${d_port}:${d_proto}" | while read -r rule; do eval "iptables -D ${rule#-A }" 2>/dev/null; done
+    if command -v ufw &>/dev/null && ufw status 2>/dev/null | grep -q "Status: active"; then
+        ufw delete allow "$d_port/$d_proto" > /dev/null 2>&1
+    fi
     save_iptables
     log_action "DELETE rule: $d_proto :$d_port -> $d_dest"
     echo -e "${GREEN}[OK] Правило удалено.${NC}"; read -p "Нажмите Enter..."
@@ -531,6 +534,12 @@ flush_rules() {
     echo "Будут удалены только правила Kaskad."
     read -p "Уверены? (y/n): " confirm
     if [[ "$confirm" == "y" ]]; then
+        if command -v ufw &>/dev/null && ufw status 2>/dev/null | grep -q "Status: active"; then
+            iptables -S INPUT 2>/dev/null | grep "kaskad" | grep -oP '(?<=--dport )\d+' | while read -r p; do
+                local pr; pr=$(iptables -S INPUT 2>/dev/null | grep "kaskad" | grep "\b${p}\b" | grep -oP '(?<=-p )\w+' | head -1)
+                [ -n "$pr" ] && ufw delete allow "$p/$pr" > /dev/null 2>&1
+            done
+        fi
         while iptables -t nat -S PREROUTING 2>/dev/null | grep -q "DNAT"; do
             local rule; rule=$(iptables -t nat -S PREROUTING | grep "DNAT" | head -1)
             eval "iptables -t nat -D ${rule#-A }" 2>/dev/null
@@ -592,6 +601,13 @@ full_uninstall() {
     rm -f /etc/systemd/system/kaskad-monitor.service
     systemctl daemon-reload 2>/dev/null
     echo -e "  ${GREEN}✓${NC}  Мониторинг остановлен"
+    if command -v ufw &>/dev/null && ufw status 2>/dev/null | grep -q "Status: active"; then
+        iptables -S INPUT 2>/dev/null | grep "kaskad" | grep -oP '(?<=--dport )\d+' | while read -r p; do
+            local pr; pr=$(iptables -S INPUT 2>/dev/null | grep "kaskad" | grep "\b${p}\b" | grep -oP '(?<=-p )\w+' | head -1)
+            [ -n "$pr" ] && ufw delete allow "$p/$pr" > /dev/null 2>&1
+        done
+        echo -e "  ${GREEN}✓${NC}  Правила UFW очищены"
+    fi
     while iptables -t nat -S PREROUTING 2>/dev/null | grep -q "DNAT"; do
         local rule; rule=$(iptables -t nat -S PREROUTING | grep "DNAT" | head -1)
         eval "iptables -t nat -D ${rule#-A }" 2>/dev/null