From ae544ec5801344ca73fe817114555a1b02f7fb16 Mon Sep 17 00:00:00 2001
From: iliajie <gpg@ilia.engineer>
Date: Sun, 7 May 2023 21:24:30 +0300
Subject: [PATCH] Add support for listing jail blocks 1/2
 https://forum.virtualmin.com/t/firewalld-module/116515/12

---
 fail2ban/fail2ban-lib.pl       | 11 +++++++
 fail2ban/jail_blocks.cgi       | 59 ++++++++++++++++++++++++++++++++++
 fail2ban/lang/en               | 16 ++++++---
 fail2ban/list_status.cgi       | 17 +++++-----
 fail2ban/unblock_jail.cgi      | 11 ++-----
 fail2ban/unblock_jailed_ip.cgi | 29 +++++++++++++++++
 6 files changed, 122 insertions(+), 21 deletions(-)
 create mode 100644 fail2ban/jail_blocks.cgi
 create mode 100644 fail2ban/unblock_jailed_ip.cgi

diff --git a/fail2ban/fail2ban-lib.pl b/fail2ban/fail2ban-lib.pl
index b1f58fcee..1c0c89bd8 100644
--- a/fail2ban/fail2ban-lib.pl
+++ b/fail2ban/fail2ban-lib.pl
@@ -566,4 +566,15 @@ if ($?) {
 	}
 }
 
+# Unblock all IPs in given jail
+sub unblock_jail
+{
+my ($jail) = @_;
+my $cmd = "$config{'client_cmd'} reload --unban ".quotemeta($jail)." 2>&1 </dev/null";
+my $out = &backquote_logged($cmd);
+if ($?) {
+	&error(&text('status_err_unbanjail', &html_escape($jail)) . " : $out");
+	}
+}
+
 1;
diff --git a/fail2ban/jail_blocks.cgi b/fail2ban/jail_blocks.cgi
new file mode 100644
index 000000000..58cb5559f
--- /dev/null
+++ b/fail2ban/jail_blocks.cgi
@@ -0,0 +1,59 @@
+#!/usr/local/bin/perl
+# Show a status of all active jails
+
+use strict;
+use warnings;
+no warnings 'redefine';
+no warnings 'uninitialized';
+require './fail2ban-lib.pl';
+our (%in, %text, %config);
+
+&ReadParse();
+
+my $jail = $in{'jail'};
+my $out = &backquote_logged("$config{'client_cmd'} status 2>&1 </dev/null");
+my ($jail_list) = $out =~ /jail\s+list:\s*(.*)/im;
+my @jails = split(/,\s*/, $jail_list);
+&indexof($jail, @jails) > -1 || error('Unknown jail');
+
+&ui_print_header("$jail", $text{'status_title3'}, "");
+my $fh = 'jailinfo';
+my @jail_blocks;
+&open_execute_command($fh, "$config{'client_cmd'} get @{[quotemeta($jail)]} banip --with-time 2>&1 </dev/null", 1);
+while(<$fh>) {
+	if (/^(?<ip>.*?)\s+(?<start>.*?\s+.*?)\s+.*?\s+.*?\s+=\s+(?<end>.*)$/) {
+		my $ip = $+{ip};
+		my $start = $+{start};
+		my $end = $+{end};
+		if ($ip && $start && $end) {
+			push(@jail_blocks, &ui_checked_columns_row([$ip, $start, $end], [ 'width=5' ], "ip", $ip));
+			}
+		}
+	}
+close($fh);
+
+if (@jail_blocks) {
+	my @links = ( &select_all_link("ip"),
+	              &select_invert_link("ip"));
+	print &ui_links_row(\@links);
+	print &ui_form_start("unblock_jailed_ip.cgi", "post");
+	print &ui_columns_start([ "",
+				  $text{'status_head_blocks_ip'},
+				  $text{'status_head_blocks_stime'},
+				  $text{'status_head_blocks_etime'} ]);
+	foreach my $r (@jail_blocks) {
+		print $r;
+		}
+	print &ui_columns_end();
+	print &ui_links_row(\@links);
+	print &ui_hidden("jail", $jail);
+	print &ui_hidden("return", 1);
+
+	print &ui_form_end([ [ undef, $text{'status_jail_unblock_ips'} ] ]);
+	}
+else {
+	print &text('status_jail_noactiveips', $jail);
+	}
+
+&ui_print_footer("list_status.cgi", $text{'status_return'},
+                 "", $text{'index_return'});
diff --git a/fail2ban/lang/en b/fail2ban/lang/en
index 9b78390a0..27bb96337 100644
--- a/fail2ban/lang/en
+++ b/fail2ban/lang/en
@@ -170,23 +170,31 @@ manual_efile=Selected file is not part of the Fail2Ban configuration!
 manual_err=Failed to edit config file
 manual_edata=No config file contents entered
 
-status_title=Jails Status And Actions
-status_title2=Jails Status
-status_head_jail_name=Jail name
+status_title=Jails Status
+status_title3=Jail Blocks
+status_return=jails status
+status_head_jail_blocks=Jail blocks
 status_head_currently_failed=Currently failed
 status_head_total_failed=Total failed
 status_head_file_list=File list
 status_head_currently_banned=Currently banned
 status_head_total_banned=Total banned
 status_head_banned_ip_list=Banned IP list
+status_head_blocks_ip=IP
+status_head_blocks_stime=Start time
+status_head_blocks_etime=End time
 status_rules_plus_more=+ $1 more
 status_jail_unblock_ip=Remove $1 from banned list
-status_jail_unblock=Unblock All IPs for Selected Jails
+status_jail_unblock=Unblock Selected Jails
+status_jail_unblock_ips=Unblock Selected IP
 status_jail_noactive=There are no active jails enabled yet.
+status_jail_noactiveips=There are no blocked entries in jail <tt>$1</tt> found.
 status_err_set=Failed set action
 status_err_unblock=Failed to unblock action
 status_err_nojail=No jails have been selected
+status_err_noips=No IP has been selected
 status_err_unban=Cannot un-ban $1 IP address
+status_err_unbanjail=Cannot un-ban $1 jail
 
 syslog_logtarget=Fail2Ban action log
 
diff --git a/fail2ban/list_status.cgi b/fail2ban/list_status.cgi
index b10ce741d..801315143 100755
--- a/fail2ban/list_status.cgi
+++ b/fail2ban/list_status.cgi
@@ -8,7 +8,7 @@ no warnings 'uninitialized';
 require './fail2ban-lib.pl';
 our (%in, %text, %config);
 
-&ui_print_header(undef, $text{'status_title2'}, "");
+&ui_print_header(undef, $text{'status_title'}, "");
 
 my $out = &backquote_logged("$config{'client_cmd'} status 2>&1 </dev/null");
 my ($jail_list) = $out =~ /jail\s+list:\s*(.*)/im;
@@ -25,13 +25,13 @@ if (@jails) {
 		my $fh = 'cmdjail';
 		my $cmd = "$config{'client_cmd'} status ".quotemeta($jail);
 		my $jcmd = "$cmd 2>&1 </dev/null";
-		my @head = (undef, $text{"status_head_jail_name"});
-		my @body = (&ui_link("edit_jail.cgi?name=".urlize($jail), "&nbsp;".&html_escape($jail)));
+		my @head = (undef, $text{"status_head_jail_blocks"});
+		my @body = (&ui_link("jail_blocks.cgi?jail=".urlize($jail), "&nbsp;".&html_escape($jail)));
 		my $br = '<br>';
 		my $nbsp = '&nbsp;';
 		my $ipslimit = sub {
 			my ($ips, $limit) = @_;
-			$limit ||= 15;
+			$limit ||= 10;
 			# Limit sanity check
 			$limit = 1 if ($limit < 1);
 			my $ipscount = () = $ips =~ /$br/g;
@@ -39,7 +39,9 @@ if (@jails) {
 				my @ips = split($br, $ips);
 				@ips = @ips[0 .. $limit];
 				$ips = join($br, @ips);
-				$ips .= "<small style='cursor: default;'>$br".&text('status_rules_plus_more', $ipscount-$limit)."</small>";
+				$ips .= "<small style='cursor: default;'>$br".
+					(&ui_link("jail_blocks.cgi?jail=".urlize($jail),
+						"&nbsp;".&text('status_rules_plus_more', $ipscount-$limit)))."</small>";
 				}
 			return $ips;
 		};
@@ -57,7 +59,7 @@ if (@jails) {
 					if ($col =~ /banned_ip_list/) {
 						$jips = $val;
 						my @ips = split(/\s+/, $val);
-						@ips = map { "<small $tal><tt><label $lwf>" . &ui_link("unblock_jail.cgi?unblock=1&jips-@{[&urlize($jail)]}=@{[&urlize($_)]}&jail=@{[&urlize($jail)]}", $_, undef,
+						@ips = map { "<small $tal><tt><label $lwf>" . &ui_link("unblock_jailed_ip.cgi?ip=@{[&urlize($_)]}&jail=@{[&urlize($jail)]}", $_, undef,
 							         "title=\"@{[&text('status_jail_unblock_ip', &quote_escape($_))]}\" onmouseover=\"this.style.textDecoration='line-through'\" onmouseout=\"this.style.textDecoration='none'\""
 							        ) . "</label></tt></small>" } @ips;
 						$val = "<br>" if ($val);
@@ -82,9 +84,6 @@ if (@jails) {
 	if ($head) {
 		print &ui_columns_end();
 		print &ui_links_row(\@links);
-		foreach my $j (@jipsall) {
-			print &ui_hidden("jips-$j->[0]", "$j->[1]");
-		}
 		print &ui_form_end([ [ 'unblock', $text{'status_jail_unblock'} ] ]);
 		}
 }
diff --git a/fail2ban/unblock_jail.cgi b/fail2ban/unblock_jail.cgi
index 3208905e4..a1c857737 100755
--- a/fail2ban/unblock_jail.cgi
+++ b/fail2ban/unblock_jail.cgi
@@ -1,5 +1,5 @@
 #!/usr/local/bin/perl
-# Create, update or delete a action
+# Unblock specific jail
 
 use strict;
 use warnings;
@@ -18,13 +18,8 @@ my @jails = split(/\0/, $in{'jail'});
 # Processes jails actions
 my @jailsmod;
 foreach my $jail (@jails) {
-	my @jailips = split(/\s+/, $in{"jips-$jail"});
-	if (@jailips) {
-		foreach my $ip (@jailips) {
-			&unblock_jailed_ip($jail, $ip);
-			push(@jailsmod, $jail);
-			}
-		}
+	&unblock_jail($jail);
+	push(@jailsmod, $jail);
 	}
 
 # Log and redirect
diff --git a/fail2ban/unblock_jailed_ip.cgi b/fail2ban/unblock_jailed_ip.cgi
new file mode 100644
index 000000000..82d768c5e
--- /dev/null
+++ b/fail2ban/unblock_jailed_ip.cgi
@@ -0,0 +1,29 @@
+#!/usr/local/bin/perl
+# Unblock specific IP in jail
+
+use strict;
+use warnings;
+no warnings 'redefine';
+no warnings 'uninitialized';
+require './fail2ban-lib.pl';
+our (%in, %text, %config);
+&ReadParse();
+&error_setup($text{'status_err_set'});
+
+my $jail = $in{'jail'};
+my @ips = split(/\0/, $in{'ip'});
+
+# Error checks
+$jail || &error($text{'status_err_nojail'});
+@ips || &error($text{'status_err_noips'});
+
+# Processes jails actions
+my @jailips;
+foreach my $ip (@ips) {
+		&unblock_jailed_ip($jail, $ip);
+		push(@jailips, $ip);
+	}
+
+# Log and redirect
+&webmin_log('update', 'jail', $jail) if (@jailips);
+&redirect($in{'return'} ? $ENV{'HTTP_REFERER'} : "list_status.cgi");