From 99dfc679841dc577aabfeef2afe9396ed5ca1489 Mon Sep 17 00:00:00 2001
From: kulikov-a <kulikov.a@gmail.com>
Date: Tue, 16 Sep 2025 15:56:04 +0300
Subject: [PATCH] www/nginx: 1.35_1 hotfix. change ban_ttl default (#4937)

---
 www/nginx/Makefile                            |  1 +
 www/nginx/pkg-descr                           |  4 ++
 .../OPNsense/Nginx/forms/settings.xml         |  2 +-
 .../OPNsense/Nginx/Migrations/M1_35_1.php     | 46 +++++++++++++++++++
 .../mvc/app/models/OPNsense/Nginx/Nginx.xml   |  4 +-
 5 files changed, 54 insertions(+), 3 deletions(-)
 create mode 100644 www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Migrations/M1_35_1.php

diff --git a/www/nginx/Makefile b/www/nginx/Makefile
index c16651e7d..87bdec7bb 100644
--- a/www/nginx/Makefile
+++ b/www/nginx/Makefile
@@ -1,5 +1,6 @@
 PLUGIN_NAME=		nginx
 PLUGIN_VERSION=		1.35
+PLUGIN_REVISION=	1
 PLUGIN_COMMENT=		Nginx HTTP server and reverse proxy
 PLUGIN_DEPENDS=		nginx
 PLUGIN_MAINTAINER=	franz.fabian.94@gmail.com
diff --git a/www/nginx/pkg-descr b/www/nginx/pkg-descr
index 20e6079f5..1e1b28218 100644
--- a/www/nginx/pkg-descr
+++ b/www/nginx/pkg-descr
@@ -10,6 +10,10 @@ WWW: https://nginx.org/
 Plugin Changelog
 ================
 
+1.35_1
+
+* Hotfix: change ban_ttl default value to avoid unintentional system slowdown
+
 1.35
 
 * Global options sendfile directive typo fix
diff --git a/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/forms/settings.xml b/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/forms/settings.xml
index 3afcab4c6..1fc2c9c9c 100644
--- a/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/forms/settings.xml
+++ b/www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/forms/settings.xml
@@ -11,7 +11,7 @@
                 <id>nginx.general.ban_ttl</id>
                 <label>Autoblock TTL (minutes)</label>
                 <type>text</type>
-                <help>Set autoblock lifetime in minutes. Set to 0 for infinite.</help>
+                <help>Set autoblock lifetime in minutes. 72 hours by default. Set to 0 for infinite. Please note that setting this to 0 may result in gradual system slowdown and the need to manually clear the entries.</help>
                 <advanced>true</advanced>
             </field>
         </subtab>
diff --git a/www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Migrations/M1_35_1.php b/www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Migrations/M1_35_1.php
new file mode 100644
index 000000000..cc243dc12
--- /dev/null
+++ b/www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Migrations/M1_35_1.php
@@ -0,0 +1,46 @@
+<?php
+
+/*
+ * Copyright (C) 2025 A. Kulikov <kulikov.a@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+namespace OPNsense\Nginx\Migrations;
+
+use OPNsense\Base\BaseModelMigration;
+
+class M1_35_1 extends BaseModelMigration
+{
+    // Rewrite default ban_ttl value
+    public function run($model)
+    {
+        $general_node = $model->getNodeByReference('general');
+
+        if ($general_node->ban_ttl->isEqual('0')) {
+            $general_node->ban_ttl = '4320';
+        }
+        // run default migration actions
+        parent::run($model);
+    }
+}
\ No newline at end of file
diff --git a/www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Nginx.xml b/www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Nginx.xml
index a6789150a..88d65ee88 100644
--- a/www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Nginx.xml
+++ b/www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Nginx.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/Nginx</mount>
-    <version>1.35</version>
+    <version>1.35.1</version>
     <description>nginx web server, reverse proxy and waf</description>
     <items>
         <general>
@@ -9,7 +9,7 @@
                 <Required>Y</Required>
             </enabled>
             <ban_ttl type="IntegerField">
-                <Default>0</Default>
+                <Default>4320</Default>
                 <MinimumValue>0</MinimumValue>
                 <Required>Y</Required>
             </ban_ttl>