fix(crowdsec): Fix firewall health sync detection for CAPI blocklists

- Consider sync OK when CAPI blocklists are active (capi_elements > 0) even if local decisions = 0 - Add capi_elements_count to health response - Fixes false "Out of sync" warning when using community blocklists Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-21 06:52:31 +01:00 · 2026-01-21 06:52:31 +01:00 · a960c20124
commit a960c20124
parent 5d3222e26e
1 changed files with 8 additions and 1 deletions
--- a/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
+++ b/package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard
@ -987,16 +987,23 @@ get_nftables_stats() {
 	# Check decisions sync (compare cscli decisions count vs nftables)
 	local cscli_decisions=0
 	local nft_elements=0
+	local capi_elements=0
 	local sync_ok=0
 	if command -v cscli >/dev/null 2>&1; then
 		cscli_decisions=$(cscli decisions list -o json 2>/dev/null | jsonfilter -e '@[*]' 2>/dev/null | wc -l || echo "0")
 	fi
 	nft_elements=$((ipv4_capi + ipv4_cscli + ipv4_other + ipv6_capi + ipv6_cscli))
-	# Sync is OK if nft has at least some elements when decisions exist
+	capi_elements=$((ipv4_capi + ipv6_capi))
+	# Sync is OK if:
+	# - Local decisions exist and firewall has entries
+	# - No local decisions but CAPI blocklists are active
+	# - Both local decisions and firewall are empty
 	[ "$cscli_decisions" -gt 0 ] && [ "$nft_elements" -gt 0 ] && sync_ok=1
+	[ "$cscli_decisions" -eq 0 ] && [ "$capi_elements" -gt 0 ] && sync_ok=1
 	[ "$cscli_decisions" -eq 0 ] && [ "$nft_elements" -eq 0 ] && sync_ok=1
 	json_add_int "cscli_decisions_count" "$cscli_decisions"
 	json_add_int "nft_elements_count" "$nft_elements"
+	json_add_int "capi_elements_count" "$capi_elements"
 	json_add_boolean "decisions_synced" "$sync_ok"

 	# Overall health status