From 56423b138e869b25228fc1294df9b9597c754db3 Mon Sep 17 00:00:00 2001
From: Ilia Ross <ilia@ross.gdn>
Date: Thu, 1 May 2025 01:37:27 +0300
Subject: [PATCH] Fix bug upon initial feature enrolment

We should always use `[Definition]` to add changes, with defaults simply hardcode rather than populated from the `[DEFAULT] section. This is how at least it was originally implemented.

Initial feature created in response to: https://forum.virtualmin.com/t/change-fail2ban-times/124311/3?u=ilia

This fix triggered by:
https://forum.virtualmin.com/t/fail2ban-intrusion-detector-firewalld-default-jail-options/133201/13?u=ilia
---
 fail2ban/edit_config.cgi | 13 ++++++++-----
 fail2ban/save_config.cgi |  5 ++---
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/fail2ban/edit_config.cgi b/fail2ban/edit_config.cgi
index c4e0acde5..69ebb7f6f 100755
--- a/fail2ban/edit_config.cgi
+++ b/fail2ban/edit_config.cgi
@@ -11,7 +11,6 @@ our (%in, %text);
 my $conf = &get_config();
 my ($def) = grep { $_->{'name'} eq 'Definition' } @$conf;
 $def || &error($text{'config_edef'});
-my ($DEF) = grep { $_->{'name'} eq 'DEFAULT' } @$conf;
 
 &ui_print_header(undef, $text{'config_title'}, "");
 
@@ -54,8 +53,9 @@ print &ui_table_row($text{'config_socket'},
 	&ui_opt_textbox("socket", $socket, 40, $text{'default'}));
 
 # DB Purge Age
-if ($DEF) {
-	my $dbpurgeage = &find_value("dbpurgeage", $DEF);
+if ($def) {
+	my $dbpurgeage = &find_value("dbpurgeage", $def);
+	$dbpurgeage ||= 86400;
 	my @dbpurgeages = (
 			[ '', '' ],
 			[ '900', $text{'config_dbpurgeage_15m'} ],
@@ -73,12 +73,15 @@ if ($DEF) {
 	my $time_in_seconds = &time_to_seconds($dbpurgeage);
 	my $dbpurgestd = grep { $_->[0] eq $time_in_seconds } @dbpurgeages;
 	my $dbpurge_def = $time_in_seconds == 86400 ? 1 : $dbpurgestd ? 0 : 2;
-	my $depurgeagelabeled = $dbpurge_def == 2 ? &seconds_to_time($dbpurgeage) : undef;
+	my $depurgeagelabeled = $dbpurge_def == 2
+		? &seconds_to_time($dbpurgeage) 
+		: undef;
 	print &ui_table_row($text{'config_dbpurgeage'},
 		&ui_radio_row('dbpurgeage', $dbpurge_def,
 		[ [ 1, [ $text{'config_dbpurgeagedef'} ] ],
 		  [ 0, [ $text{'config_dbpurgeagesel'},
-		  	 &ui_select("dbpurgeagesel", $time_in_seconds, \@dbpurgeages) ] ],
+		  	 &ui_select("dbpurgeagesel",
+			 	$time_in_seconds, \@dbpurgeages) ] ],
 		  [ 2, [ $text{'config_dbpurgeagecus'},
 		  	&ui_textbox("dbpurgeagecus", $depurgeagelabeled, 15) ] ]
 		]));
diff --git a/fail2ban/save_config.cgi b/fail2ban/save_config.cgi
index 17d6a76a2..059f30c29 100755
--- a/fail2ban/save_config.cgi
+++ b/fail2ban/save_config.cgi
@@ -13,7 +13,6 @@ our (%in, %text, %config);
 my $conf = &get_config();
 my ($def) = grep { $_->{'name'} eq 'Definition' } @$conf;
 $def || &error($text{'config_edef'});
-my ($DEF) = grep { $_->{'name'} eq 'DEFAULT' } @$conf;
 
 # Validate inputs
 if ($in{'logtarget_def'} eq 'file') {
@@ -32,13 +31,13 @@ if (!$in{'socket_def'}) {
 	$in{'logtarget_def'} eq 'file' ? $in{'logtarget'} :
 					 $in{'logtarget_def'}, $def);
 &save_directive("socket", $in{'socket_def'} ? undef : $in{'socket'}, $def);
-if ($DEF) {
+if ($def) {
 	my $time = $in{'dbpurgeage'} == 1 ? 86400 :
 			$in{'dbpurgeage'} == 2 ?
 				$in{'dbpurgeagecus'} : $in{'dbpurgeagesel'};
 	my $conf_time_error = &time_to_seconds_error($time);
 	&error($conf_time_error) if ($conf_time_error);
-	&save_directive("dbpurgeage", $time, $DEF);
+	&save_directive("dbpurgeage", $time, $def);
 	}
 
 &unlock_all_config_files();