From 92c53b3e0a7d772498ff0b1e91078152910e92b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Sat, 29 Jan 2022 15:56:54 +0000
Subject: [PATCH 1/5] firewall: Always initialise DROP_HOSTILE chain, even if
 it's unused
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This ensures collectd can keep track of it, and generate the RRD graphs
correctly.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 src/initscripts/system/firewall | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index ebc8168ae..1effbf51e 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -141,8 +141,8 @@ iptables_init() {
 
 	# Log and drop any traffic from and to networks known as being hostile, posing
 	# a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
+	iptables -N DROP_HOSTILE
 	if [ "$DROPHOSTILE" == "on" ]; then
-		iptables -N DROP_HOSTILE
 		iptables -A DROP_HOSTILE  -m limit --limit 10/second -j LOG  --log-prefix "DROP_HOSTILE "
 
 		iptables -A INPUT   -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE

From 1b939d0ecc1c9e0551a5f926e2810ae03bca5f8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Sat, 29 Jan 2022 17:07:34 +0000
Subject: [PATCH 2/5] ids.cgi: Fix unmatched curly bracket and trailing
 whitespaces
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The former causes this CGI to crash with an HTTP error 500.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 html/cgi-bin/ids.cgi | 163 +++++++++++++++++++++----------------------
 1 file changed, 81 insertions(+), 82 deletions(-)

diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi
index 161464d0d..27e61e9bb 100644
--- a/html/cgi-bin/ids.cgi
+++ b/html/cgi-bin/ids.cgi
@@ -1019,7 +1019,7 @@ if ($cgiparams{'RULESET'} eq $Lang::tr{'ids apply'}) {
 			&IDS::call_suricatactrl("stop");
 		}
 	}
-	
+
 	# Undefine providers flag.
 	undef($cgiparams{'PROVIDERS'});
 
@@ -1468,7 +1468,7 @@ print <<END;
 		<br>
 		<hr>
 		<br>
-	
+
 		<div align='center'>
 			<table width='100%'>
 END
@@ -1522,7 +1522,7 @@ sub show_customize_ruleset() {
 	print"var hide = \"$Lang::tr{'ids hide'}\"\;\n";
 
 print <<END
-	// Tiny java script function to show/hide the rules
+	// Tiny javascript function to show/hide the rules
 	// of a given category.
 	function showhide(tblname) {
 		\$("#" + tblname).toggle();
@@ -1540,97 +1540,97 @@ print <<END
 END
 ;
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'intrusion detection system rules'}" );
-		print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
+	print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
 
-		# Output display table for rule files
+	# Output display table for rule files
+	print "<table width='100%'>\n";
+
+	# Loop over each rule file
+	foreach my $rulefile (sort keys(%idsrules)) {
+		my $rulechecked = '';
+
+		# Check if rule file is enabled
+		if ($idsrules{$rulefile}{'Rulefile'}{'State'} eq 'on') {
+			$rulechecked = 'CHECKED';
+		}
+
+		# Convert rulefile name into category name.
+		my $categoryname = &_rulefile_to_category($rulefile);
+
+		# Table and rows for the rule files.
+		print"<tr>\n";
+		print"<td class='base' width='5%'>\n";
+		print"<input type='checkbox' name='$rulefile' $rulechecked>\n";
+		print"</td>\n";
+		print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
+		print"<td class='base' width='5%' align='right'>\n";
+		print"<a href=\"javascript:showhide('$categoryname')\"><span id='span_$categoryname'>$Lang::tr{'ids show'}</span></a>\n";
+		print"</td>\n";
+		print"</tr>\n";
+
+		# Rows which will be hidden per default and will contain the single rules.
+		print"<tr  style='display:none' id='$categoryname'>\n";
+		print"<td colspan='3'>\n";
+
+		# Local vars
+		my $lines;
+		my $rows;
+		my $col;
+
+		# New table for the single rules.
 		print "<table width='100%'>\n";
 
-		# Loop over each rule file
-		foreach my $rulefile (sort keys(%idsrules)) {
-			my $rulechecked = '';
-
-			# Check if rule file is enabled
-			if ($idsrules{$rulefile}{'Rulefile'}{'State'} eq 'on') {
-				$rulechecked = 'CHECKED';
-			}
-
-			# Convert rulefile name into category name.
-			my $categoryname = &_rulefile_to_category($rulefile);
-
-			# Table and rows for the rule files.
-			print"<tr>\n";
-			print"<td class='base' width='5%'>\n";
-			print"<input type='checkbox' name='$rulefile' $rulechecked>\n";
-			print"</td>\n";
-			print"<td class='base' width='90%'><b>$rulefile</b></td>\n";
-			print"<td class='base' width='5%' align='right'>\n";
-			print"<a href=\"javascript:showhide('$categoryname')\"><span id='span_$categoryname'>$Lang::tr{'ids show'}</span></a>\n";
-			print"</td>\n";
-			print"</tr>\n";
-
-			# Rows which will be hidden per default and will contain the single rules.
-			print"<tr  style='display:none' id='$categoryname'>\n";
-			print"<td colspan='3'>\n";
-
+		# Loop over rule file rules
+		foreach my $sid (sort {$a <=> $b} keys(%{$idsrules{$rulefile}})) {
 			# Local vars
-			my $lines;
-			my $rows;
-			my $col;
+			my $ruledefchecked = '';
 
-			# New table for the single rules.
-			print "<table width='100%'>\n";
+			# Skip rulefile itself.
+			next if ($sid eq "Rulefile");
 
-			# Loop over rule file rules
-			foreach my $sid (sort {$a <=> $b} keys(%{$idsrules{$rulefile}})) {
-				# Local vars
-				my $ruledefchecked = '';
+			# If 2 rules have been displayed, start a new row
+			if (($lines % 2) == 0) {
+				print "</tr><tr>\n";
 
-				# Skip rulefile itself.
-				next if ($sid eq "Rulefile");
-
-				# If 2 rules have been displayed, start a new row
-				if (($lines % 2) == 0) {
-					print "</tr><tr>\n";
-
-					# Increase rows by once.
-					$rows++;
-				}
-
-				# Colour lines.
-				if ($rows % 2) {
-					$col="bgcolor='$color{'color20'}'";
-				} else {
-					$col="bgcolor='$color{'color22'}'";
-				}
-
-				# Set rule state
-				if ($idsrules{$rulefile}{$sid}{'State'} eq 'on') {
-					$ruledefchecked = 'CHECKED';
-				}
-
-				# Create rule checkbox and display rule description
-				print "<td class='base' width='5%' align='right' $col>\n";
-				print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
-				print "</td>\n";
-				print "<td class='base' width='45%' $col>$idsrules{$rulefile}{$sid}{'Description'}</td>";
-
-				# Increment rule count
-				$lines++;
+				# Increase rows by once.
+				$rows++;
 			}
 
-			# If do not have a second rule for row, create empty cell
-			if (($lines % 2) != 0) {
-				print "<td class='base'></td>";
+			# Colour lines.
+			if ($rows % 2) {
+				$col="bgcolor='$color{'color20'}'";
+			} else {
+				$col="bgcolor='$color{'color22'}'";
 			}
 
-			# Close display table
-			print "</tr></table></td></tr>";
+			# Set rule state
+			if ($idsrules{$rulefile}{$sid}{'State'} eq 'on') {
+				$ruledefchecked = 'CHECKED';
+			}
+
+			# Create rule checkbox and display rule description
+			print "<td class='base' width='5%' align='right' $col>\n";
+			print "<input type='checkbox' NAME='$sid' $ruledefchecked>\n";
+			print "</td>\n";
+			print "<td class='base' width='45%' $col>$idsrules{$rulefile}{$sid}{'Description'}</td>";
+
+			# Increment rule count
+			$lines++;
+		}
+
+		# If do not have a second rule for row, create empty cell
+		if (($lines % 2) != 0) {
+			print "<td class='base'></td>";
 		}
 
 		# Close display table
-		print "</table>";
+		print "</tr></table></td></tr>";
+	}
 
-		print <<END
+	# Close display table
+	print "</table>";
+
+	print <<END
 <table width='100%'>
 <tr>
 	<td width='100%' align='right'>
@@ -1642,8 +1642,7 @@ END
 </form>
 END
 ;
-		&Header::closebox();
-	}
+	&Header::closebox();
 }
 
 #
@@ -1905,7 +1904,7 @@ sub show_additional_provider_actions() {
 					</td>
 				</tr>
 			</table>
-		</form>			
+		</form>
 END
 ;
 	&Header::closebox();

From 37a9a0ba036af3cbca761e86e25bd808e20abbe6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Sat, 29 Jan 2022 17:59:31 +0000
Subject: [PATCH 3/5] firewall: Align chain name to Collectd configuration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This fixes broken firewall hits graphs.

Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 src/initscripts/system/firewall | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 1effbf51e..7d081bbc3 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -141,17 +141,15 @@ iptables_init() {
 
 	# Log and drop any traffic from and to networks known as being hostile, posing
 	# a technical threat to our users (i. e. listed at Spamhaus DROP et al.)
-	iptables -N DROP_HOSTILE
+	iptables -N HOSTILE
 	if [ "$DROPHOSTILE" == "on" ]; then
-		iptables -A DROP_HOSTILE  -m limit --limit 10/second -j LOG  --log-prefix "DROP_HOSTILE "
-
-		iptables -A INPUT   -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
-		iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
-		iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j DROP_HOSTILE
-		iptables -A OUTPUT  -o $IFACE -m geoip --src-cc XD -j DROP_HOSTILE
-
-		iptables -A DROP_HOSTILE -j DROP -m comment --comment "DROP_HOSTILE"
+		iptables -A HOSTILE -m limit --limit 10/second -j LOG  --log-prefix "DROP_HOSTILE "
+		iptables -A INPUT   -i $IFACE -m geoip --src-cc XD -j HOSTILE
+		iptables -A FORWARD -i $IFACE -m geoip --src-cc XD -j HOSTILE
+		iptables -A FORWARD -o $IFACE -m geoip --dst-cc XD -j HOSTILE
+		iptables -A OUTPUT  -o $IFACE -m geoip --src-cc XD -j HOSTILE
 	fi
+	iptables -A HOSTILE -j DROP -m comment --comment "DROP_HOSTILE"
 
 	# P2PBLOCK
 	iptables -N P2PBLOCK

From a06a552ccf0cfcc0df0ebb04a5ba0346897aa42e Mon Sep 17 00:00:00 2001
From: Robin Roevens <robin.roevens@disroot.org>
Date: Fri, 25 Jun 2021 00:07:00 +0200
Subject: [PATCH 4/5] pakfire: Fix small bug: wrong pak count on list

Fixes pakfire list installed/notinstalled command displaying the
count of all available paks instead of the count of actual installed
respectively not installed paks.

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/pakfire/lib/functions.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pakfire/lib/functions.pl b/src/pakfire/lib/functions.pl
index 2f34763d5..cb448a766 100644
--- a/src/pakfire/lib/functions.pl
+++ b/src/pakfire/lib/functions.pl
@@ -524,13 +524,13 @@ sub dblist {
 		foreach $line (sort @db) {
 			next unless ($line =~ /.*;.*;.*;/ );
 			$use_color = "";
-			$count++;
 			@templine = split(/\;/,$line);
 			if ("$filter" eq "notinstalled") {
 				next if ( -e "$Conf::dbdir/installed/meta-$templine[0]" );
 			} elsif ("$filter" eq "installed") {
 				next unless ( -e "$Conf::dbdir/installed/meta-$templine[0]" );
 			}
+			$count++;
 			if ("$forweb" eq "forweb")
 			 {
 				if ("$filter" eq "notinstalled") {

From 0c8888da2451ae644f89acf1a33a847bfa6ed87f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Mon, 31 Jan 2022 17:38:01 +0000
Subject: [PATCH 5/5] Core Update 164: Ship Pakfire functions.pl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/rootfiles/core/164/filelists/files | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/rootfiles/core/164/filelists/files b/config/rootfiles/core/164/filelists/files
index e774b116b..278dc20a6 100644
--- a/config/rootfiles/core/164/filelists/files
+++ b/config/rootfiles/core/164/filelists/files
@@ -5,6 +5,7 @@ etc/rc.d/init.d/partresize
 etc/rc.d/init.d/squid
 etc/suricata/suricata.yaml
 etc/sysctl.conf
+opt/pakfire/lib/functions.pl
 srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/logs.cgi/log.dat
 srv/web/ipfire/cgi-bin/optionsfw.cgi