From 3d947e6e6b9f492fa0a12b40db0495b6eac6d967 Mon Sep 17 00:00:00 2001
From: Adolf Belka <adolf.belka@ipfire.org>
Date: Mon, 25 Mar 2024 18:44:56 +0100
Subject: [PATCH 1/3] CU185-update.sh: Add drop hostile in & out logging
 entries if not already present

- This v2 patch corrects that the previous script was looking for =on. If a user had
   modified the preferences to change it to =off then the script would have resulted in
   both =on and =off versions being in the settings file.
- This patch ensures that those people who updated to CU184 before the CU184-update.sh
   patch fix to add the logging entries was added will get their optionsfw settings file
   correctly updated with CU185
- This only adds the LOGDROPHOSTILEIN & LOGDROPHOSTILEOUT entries if they do not already
   exist in the optionsfw settings file.
- This change also does the check for LOGDROPHOSTILEIN and LOGDROPHOSTILEOUT as two
   separate checks and then runs the firewall update command

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/core/185/update.sh | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh
index ec4d8ab82..002f92bbb 100644
--- a/config/rootfiles/core/185/update.sh
+++ b/config/rootfiles/core/185/update.sh
@@ -117,11 +117,17 @@ chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
 
 # Check if the drop hostile in and out logging options need to be added
 # into the optionsfw settings file and apply to firewall
-if ! [ $(grep "LOGDROPHOSTILEIN=on" /var/ipfire/optionsfw/settings) ] && \
-   ! [ $(grep "LOGDROPHOSTILEOUT=on" /var/ipfire/optionsfw/settings) ]; then
-        sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
-        sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
-        /usr/local/bin/firewallctrl
+optionsfw=""
+if ! [ $(grep "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings) ]; then
+    sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
+    optionsfw="updated"
+fi
+if ! [ $(grep "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings) ]; then
+    sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
+    optionsfw="updated"
+fi
+if ! [ -z "$optionsfw" ]; then
+    /usr/local/bin/firewallctrl
 fi
 
 # Rebuild initial ramdisks

From c2df627c8c29d43d1acfbdf60878f6a3339151e1 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 26 Mar 2024 14:43:39 +0000
Subject: [PATCH 2/3] core185: Fix update.sh syntax issues

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/core/185/update.sh | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/config/rootfiles/core/185/update.sh b/config/rootfiles/core/185/update.sh
index 002f92bbb..f86013c0d 100644
--- a/config/rootfiles/core/185/update.sh
+++ b/config/rootfiles/core/185/update.sh
@@ -117,19 +117,17 @@ chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
 
 # Check if the drop hostile in and out logging options need to be added
 # into the optionsfw settings file and apply to firewall
-optionsfw=""
-if ! [ $(grep "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings) ]; then
-    sed -i '$ a\LOGDROPHOSTILEIN=on' /var/ipfire/optionsfw/settings
-    optionsfw="updated"
+if ! grep -q "^LOGDROPHOSTILEIN=" /var/ipfire/optionsfw/settings; then
+	echo "LOGDROPHOSTILEIN=on" >> /var/ipfire/optionsfw/settings
 fi
-if ! [ $(grep "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings) ]; then
-    sed -i '$ a\LOGDROPHOSTILEOUT=on' /var/ipfire/optionsfw/settings
-    optionsfw="updated"
-fi
-if ! [ -z "$optionsfw" ]; then
-    /usr/local/bin/firewallctrl
+
+if ! grep -q "^LOGDROPHOSTILEOUT=" /var/ipfire/optionsfw/settings; then
+	echo "LOGDROPHOSTILEOUT=on" >> /var/ipfire/optionsfw/settings
 fi
 
+# Reload all firewall rules
+/usr/local/bin/firewallctrl
+
 # Rebuild initial ramdisks
 dracut --regenerate-all --force
 KVER="xxxKVERxxx"

From 9dd2a4635fbc9d3da96c7916cd0bf2d5cd24d145 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 26 Mar 2024 15:08:01 +0000
Subject: [PATCH 3/3] IPS: Fix how we show EOL providers

There is no need to add a legend as I find it confusing. The change that
people are using an EOL is rather slim and so I don't to waste space.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de |  2 ++
 doc/language_issues.en |  1 +
 doc/language_issues.es |  1 +
 doc/language_issues.fr |  1 +
 doc/language_issues.it |  1 +
 doc/language_issues.nl |  1 +
 doc/language_issues.pl |  1 +
 doc/language_issues.ru |  1 +
 doc/language_issues.tr |  1 +
 doc/language_missings  | 15 +++++++++++++++
 html/cgi-bin/ids.cgi   | 36 ++++++++++++++----------------------
 langs/en/cgi-bin/en.pl |  1 +
 12 files changed, 40 insertions(+), 22 deletions(-)

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 46fb9ee5a..1ba77c94d 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -384,6 +384,7 @@ WARNING: translation string unused: icmp type
 WARNING: translation string unused: id
 WARNING: translation string unused: ids oinkcode required
 WARNING: translation string unused: ids rules update
+WARNING: translation string unused: ids unsupported provider
 WARNING: translation string unused: ike encryption
 WARNING: translation string unused: ike grouptype
 WARNING: translation string unused: ike integrity
@@ -927,6 +928,7 @@ WARNING: untranslated string: guardian service = unknown string
 WARNING: untranslated string: hostile networks in = From Hostile Networks
 WARNING: untranslated string: hostile networks out = To Hostile Networks
 WARNING: untranslated string: hostile networks total = Total Hostile Networks
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: ids subscription code required = The selected ruleset requires a subscription code
 WARNING: untranslated string: invalid input for subscription code = Invalid input for subscription code
 WARNING: untranslated string: ipsec dns server address is invalid = Invalid DNS server IP address(es)
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 2eca62e60..84bc8cdb0 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1079,6 +1079,7 @@ WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
 WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first.
 WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
 WARNING: untranslated string: ids provider = Provider
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: ids provider settings = Provider settings
 WARNING: untranslated string: ids remove rule structures = Remove old rule structures...
 WARNING: untranslated string: ids reset provider = Reset provider
diff --git a/doc/language_issues.es b/doc/language_issues.es
index ff5434e05..25ef7f9c5 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -993,6 +993,7 @@ WARNING: untranslated string: hardware vulnerabilities = Hardware Vulnerabilitie
 WARNING: untranslated string: hostile networks in = From Hostile Networks
 WARNING: untranslated string: hostile networks out = To Hostile Networks
 WARNING: untranslated string: hostile networks total = Total Hostile Networks
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: info messages = unknown string
 WARNING: untranslated string: invalid ip or hostname = Invalid IP Address or Hostname
 WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 395afd998..7aafc3053 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -944,6 +944,7 @@ WARNING: untranslated string: guardian logtarget_syslog = unknown string
 WARNING: untranslated string: guardian no entries = unknown string
 WARNING: untranslated string: guardian service = unknown string
 WARNING: untranslated string: hostile networks total = Total Hostile Networks
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: pakfire ago = ago.
 WARNING: untranslated string: routing config added = unknown string
 WARNING: untranslated string: routing config changed = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index d9bad7f14..7498e2af1 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1095,6 +1095,7 @@ WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
 WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first.
 WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
 WARNING: untranslated string: ids provider = Provider
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: ids provider settings = Provider settings
 WARNING: untranslated string: ids remove rule structures = Remove old rule structures...
 WARNING: untranslated string: ids reset provider = Reset provider
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index b93cc1cd1..16e69bf27 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1100,6 +1100,7 @@ WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
 WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first.
 WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
 WARNING: untranslated string: ids provider = Provider
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: ids provider settings = Provider settings
 WARNING: untranslated string: ids remove rule structures = Remove old rule structures...
 WARNING: untranslated string: ids reset provider = Reset provider
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index ab220103f..31c64c164 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1240,6 +1240,7 @@ WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
 WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first.
 WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
 WARNING: untranslated string: ids provider = Provider
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: ids provider settings = Provider settings
 WARNING: untranslated string: ids remove rule structures = Remove old rule structures...
 WARNING: untranslated string: ids reset provider = Reset provider
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 533b21a0d..9495d951e 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1237,6 +1237,7 @@ WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
 WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first.
 WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
 WARNING: untranslated string: ids provider = Provider
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: ids provider settings = Provider settings
 WARNING: untranslated string: ids remove rule structures = Remove old rule structures...
 WARNING: untranslated string: ids reset provider = Reset provider
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index d9caa290e..a2c134a2a 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1037,6 +1037,7 @@ WARNING: untranslated string: ids monitored interfaces = Monitored Interfaces
 WARNING: untranslated string: ids no enabled ruleset provider = No enabled ruleset is available. Please activate or add one first.
 WARNING: untranslated string: ids no network zone = Please select at least one network zone to be monitored
 WARNING: untranslated string: ids provider = Provider
+WARNING: untranslated string: ids provider eol = (EOL)
 WARNING: untranslated string: ids provider settings = Provider settings
 WARNING: untranslated string: ids remove rule structures = Remove old rule structures...
 WARNING: untranslated string: ids reset provider = Reset provider
diff --git a/doc/language_missings b/doc/language_missings
index 65d69daee..44d79f352 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -62,6 +62,7 @@
 < hostile networks out
 < hostile networks total
 < ids automatic rules update
+< ids provider eol
 < ids subscription code required
 < insert removable device
 < invalid input for subscription code
@@ -123,6 +124,8 @@
 < hostile networks in
 < hostile networks out
 < hostile networks total
+< ids provider eol
+< ids unsupported provider
 < invalid ip or hostname
 < log drop hostile in
 < log drop hostile out
@@ -148,6 +151,8 @@
 < g.dtm
 < g.lite
 < hostile networks total
+< ids provider eol
+< ids unsupported provider
 < system time
 < timeformat
 < upload fcdsl.o
@@ -398,6 +403,7 @@
 < ids no enabled ruleset provider
 < ids no network zone
 < ids provider
+< ids provider eol
 < ids provider settings
 < ids remove rule structures
 < ids reset provider
@@ -408,6 +414,7 @@
 < ids subscription code required
 < ids the choosen provider is already in use
 < ids unable to download the ruleset
+< ids unsupported provider
 < ids visit provider website
 < ids working
 < incoming compression in bytes per second
@@ -924,6 +931,7 @@
 < ids no enabled ruleset provider
 < ids no network zone
 < ids provider
+< ids provider eol
 < ids provider settings
 < ids remove rule structures
 < ids reset provider
@@ -934,6 +942,7 @@
 < ids subscription code required
 < ids the choosen provider is already in use
 < ids unable to download the ruleset
+< ids unsupported provider
 < ids visit provider website
 < ids working
 < imei
@@ -1755,6 +1764,7 @@
 < ids no enabled ruleset provider
 < ids no network zone
 < ids provider
+< ids provider eol
 < ids provider settings
 < ids remove rule structures
 < ids reset provider
@@ -1765,6 +1775,7 @@
 < ids subscription code required
 < ids the choosen provider is already in use
 < ids unable to download the ruleset
+< ids unsupported provider
 < ids visit provider website
 < ids working
 < imei
@@ -2754,6 +2765,7 @@
 < ids no enabled ruleset provider
 < ids no network zone
 < ids provider
+< ids provider eol
 < ids provider settings
 < ids remove rule structures
 < ids reset provider
@@ -2764,6 +2776,7 @@
 < ids subscription code required
 < ids the choosen provider is already in use
 < ids unable to download the ruleset
+< ids unsupported provider
 < ids visit provider website
 < ids working
 < imei
@@ -3345,6 +3358,7 @@
 < ids no enabled ruleset provider
 < ids no network zone
 < ids provider
+< ids provider eol
 < ids provider settings
 < ids remove rule structures
 < ids reset provider
@@ -3355,6 +3369,7 @@
 < ids subscription code required
 < ids the choosen provider is already in use
 < ids unable to download the ruleset
+< ids unsupported provider
 < ids visit provider website
 < ids working
 < inodes
diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index edab97195..8ace30b02 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1173,8 +1173,8 @@ END
 
 				# Handle providers which are not longer supported.
 				unless ($IDS::Ruleset::Providers{$provider}{'dl_url'}) {
-					# Mark this provider as unsupported.
-					$unsupported = "<img src='/blob.gif' alt='*'>";
+					$col = "bgcolor='$Header::colouryellow'";
+					$unsupported = $Lang::tr{'ids provider eol'};
 				}
 
 				# Choose icons for the checkboxes.
@@ -1203,7 +1203,7 @@ END
 
 print <<END;
 				<tr>
-					<td width='33%' class='base' $col>$provider_name$unsupported</td>
+					<td width='33%' class='base' $col>$provider_name $unsupported</td>
 					<td width='30%' class='base' $col>$rulesetdate</td>
 
 					<td align='center' $col>
@@ -1254,32 +1254,24 @@ END
 	print "</table>\n";
 
 	# Section to add new elements or edit existing ones.
-print <<END;
+	print <<END;
 	<br>
 	<hr>
 	<br>
 
-	<table width='100%'>
-		<form method='post' action='$ENV{'SCRIPT_NAME'}'>
-			<tr>
-				<td>
-END
-					print "<img src='/blob.gif' alt='*'> $Lang::tr{'ids unsupported provider'}\n";
-print <<END;
-				</td>
-				<td><div align='right'>
+	<form method='post' action='$ENV{'SCRIPT_NAME'}'>
+		<div align='right'>
 END
 
-					# Only show this button if a ruleset provider is configured.
-					if (%used_providers) {
-						print "<input type='submit' name='RULESET' value='$Lang::tr{'ids customize ruleset'}'>\n";
-					}
+	# Only show this button if a ruleset provider is configured.
+	if (%used_providers) {
+		print "<input type='submit' name='RULESET' value='$Lang::tr{'ids customize ruleset'}'>\n";
+	}
+
 print <<END;
-					<input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
-					</div></td>
-			</tr>
-		</form>
-	</table>
+			<input type='submit' name='PROVIDERS' value='$Lang::tr{'ids add provider'}'>
+		</div>
+	</form>
 END
 
 	&Header::closebox();
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 8e50aba76..878c8baaa 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1456,6 +1456,7 @@
 'ids no enabled ruleset provider' => 'No enabled ruleset is available. Please activate or add one first.',
 'ids no network zone' => 'Please select at least one network zone to be monitored',
 'ids provider' => 'Provider',
+'ids provider eol' => '(EOL)',
 'ids provider settings' => 'Provider settings',
 'ids remove rule structures' => 'Remove old rule structures...',
 'ids reset provider' => 'Reset provider',