From 13a7357e12a5357a95b6fc8e65b44e7b6a13ee51 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Fri, 6 Mar 2026 22:32:05 -0500
Subject: [PATCH] FIX: Add word boundary matching to CSF/iptables IP grep
 checks

Apply consistent -w flag to grep commands in verify_ip_blocked()
to prevent partial IP matches (e.g., '1.1.1.1' matching '11.1.1.1').

Lines:
- 1175: csf -t grep check
- 1189: iptables -L grep check

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 modules/security/live-attack-monitor-v2.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/security/live-attack-monitor-v2.sh b/modules/security/live-attack-monitor-v2.sh
index b524602..5dc83b8 100755
--- a/modules/security/live-attack-monitor-v2.sh
+++ b/modules/security/live-attack-monitor-v2.sh
@@ -1172,7 +1172,8 @@ verify_ip_blocked() {
 
     # Check CSF temporary blocks
     if command -v csf &>/dev/null; then
-        if csf -t 2>/dev/null | grep -q "$ip"; then
+        # CRITICAL FIX: Use -w flag for word boundary matching
+        if csf -t 2>/dev/null | grep -q -w "$ip"; then
             return 0
         fi
 
@@ -1186,7 +1187,8 @@ verify_ip_blocked() {
 
     # Check iptables directly
     if command -v iptables &>/dev/null; then
-        if iptables -L INPUT -n 2>/dev/null | grep -q "$ip"; then
+        # CRITICAL FIX: Use -w flag for word boundary matching
+        if iptables -L INPUT -n 2>/dev/null | grep -q -w "$ip"; then
             return 0
         fi
     fi