From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH v3 1/7] optionsfw.cgi: Fix bug12981 - Add option to log or not log dropped hostile traffic
Date: Sun, 21 Jan 2024 12:45:47 +0100 [thread overview]
Message-ID: <20240121114553.5182-1-adolf.belka@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 3131 bytes --]
- This v3 version has split the logging choice for drop hostile to separate the logging of
incoming drop hostile and outgoing drop hostile.
- The bug originator had no port forwards so all hostile would be dropped normally anyway.
However the logs were being swamped by the logging of drop hostile making analysis
difficult. So incoming drop hostile was desired to not be logged. However logging of
outgoing drop hostile was desired to identify if clients on the internal lan were
infected with malware trying to reach home.
- Added option with drop hostile section to decide if the dropped traffic should be
logged or not.
Fixes: bug12981
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
html/cgi-bin/optionsfw.cgi | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi
index fbff67b2f..52ac1b01e 100644
--- a/html/cgi-bin/optionsfw.cgi
+++ b/html/cgi-bin/optionsfw.cgi
@@ -94,6 +94,12 @@ if (!$settings{'DROPSPOOFEDMARTIAN'}) {
if (!$settings{'DROPHOSTILE'}) {
$settings{'DROPHOSTILE'} = 'off';
}
+if (!$settings{'LOGDROPHOSTILEIN'}) {
+ $settings{'LOGDROPHOSTILEIN'} = 'on';
+}
+if (!$settings{'LOGDROPHOSTILEOUT'}) {
+ $settings{'LOGDROPHOSTILEOUT'} = 'on';
+}
if (!$settings{'LOGDROPCTINVALID'}) {
$settings{'LOGDROPCTINVALID'} = 'on';
}
@@ -125,6 +131,12 @@ $checked{'DROPSPOOFEDMARTIAN'}{$settings{'DROPSPOOFEDMARTIAN'}} = "checked='chec
$checked{'DROPHOSTILE'}{'off'} = '';
$checked{'DROPHOSTILE'}{'on'} = '';
$checked{'DROPHOSTILE'}{$settings{'DROPHOSTILE'}} = "checked='checked'";
+$checked{'LOGDROPHOSTILEIN'}{'off'} = '';
+$checked{'LOGDROPHOSTILEIN'}{'on'} = '';
+$checked{'LOGDROPHOSTILEIN'}{$settings{'LOGDROPHOSTILEIN'}} = "checked='checked'";
+$checked{'LOGDROPHOSTILEOUT'}{'off'} = '';
+$checked{'LOGDROPHOSTILEOUT'}{'on'} = '';
+$checked{'LOGDROPHOSTILEOUT'}{$settings{'LOGDROPHOSTILEOUT'}} = "checked='checked'";
$checked{'LOGDROPCTINVALID'}{'off'} = '';
$checked{'LOGDROPCTINVALID'}{'on'} = '';
$checked{'LOGDROPCTINVALID'}{$settings{'LOGDROPCTINVALID'}} = "checked='checked'";
@@ -279,6 +291,20 @@ END
<input type='radio' name='DROPSPOOFEDMARTIAN' value='off' $checked{'DROPSPOOFEDMARTIAN'}{'off'} /> $Lang::tr{'off'}
</td>
</tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'log drop hostile in'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='LOGDROPHOSTILEIN' value='on' $checked{'LOGDROPHOSTILEIN'}{'on'} />/
+ <input type='radio' name='LOGDROPHOSTILEIN' value='off' $checked{'LOGDROPHOSTILEIN'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
+ <tr>
+ <td align='left' width='60%'>$Lang::tr{'log drop hostile out'}</td>
+ <td align='left'>
+ $Lang::tr{'on'} <input type='radio' name='LOGDROPHOSTILEOUT' value='on' $checked{'LOGDROPHOSTILEOUT'}{'on'} />/
+ <input type='radio' name='LOGDROPHOSTILEOUT' value='off' $checked{'LOGDROPHOSTILEOUT'}{'off'} /> $Lang::tr{'off'}
+ </td>
+ </tr>
</table>
<br/>
--
2.43.0
next reply other threads:[~2024-01-21 11:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-21 11:45 Adolf Belka [this message]
2024-01-21 11:45 ` [PATCH v3 2/7] rules.pl: Fixes bug12981 - Add in and out specific actions for drop hostile Adolf Belka
2024-01-22 10:48 ` Bernhard Bitsch
2024-01-21 11:45 ` [PATCH v3 3/7] firewall: Fixes bug12981 - add if loop to log or not log dropped hostile traffic Adolf Belka
2024-01-22 10:51 ` Bernhard Bitsch
2024-01-21 11:45 ` [PATCH v3 4/7] en.pl: Fixes bug12981 - adds english language input for choice of drop hostile logging Adolf Belka
2024-01-21 11:45 ` [PATCH v3 5/7] collectd.conf: Fix bug12981 - This creates in and out drop hostile data collection Adolf Belka
2024-01-21 11:45 ` [PATCH v3 6/7] graphs.pl: Fixes bug12981 - Creates in and outgoing drop hostile graph entries Adolf Belka
2024-01-21 11:45 ` [PATCH v3 7/7] optionsfw.cgi: Move Firewall Options Drop commands to before the logging section Adolf Belka
2024-01-22 13:43 ` [PATCH v3 1/7] optionsfw.cgi: Fix bug12981 - Add option to log or not log dropped hostile traffic Bernhard Bitsch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240121114553.5182-1-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox