From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH v3 1/7] optionsfw.cgi: Fix bug12981 - Add option to log or not
 log dropped hostile traffic
Date: Sun, 21 Jan 2024 12:45:47 +0100
Message-ID: <20240121114553.5182-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0152859763702630620=="
List-Id: <development.lists.ipfire.org>

--===============0152859763702630620==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- This v3 version has split the logging choice for drop hostile to separate t=
he logging of
   incoming drop hostile and outgoing drop hostile.
- The bug originator had no port forwards so all hostile would be dropped nor=
mally anyway.
   However the logs were being swamped by the logging of drop hostile making =
analysis
   difficult. So incoming drop hostile was desired to not be logged. However =
logging of
   outgoing drop hostile was desired to identify if clients on the internal l=
an were
   infected with malware trying to reach home.
- Added option with drop hostile section to decide if the dropped traffic sho=
uld be
   logged or not.

Fixes: bug12981
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 html/cgi-bin/optionsfw.cgi | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi
index fbff67b2f..52ac1b01e 100644
--- a/html/cgi-bin/optionsfw.cgi
+++ b/html/cgi-bin/optionsfw.cgi
@@ -94,6 +94,12 @@ if (!$settings{'DROPSPOOFEDMARTIAN'}) {
 if (!$settings{'DROPHOSTILE'}) {
 	$settings{'DROPHOSTILE'} =3D 'off';
 }
+if (!$settings{'LOGDROPHOSTILEIN'}) {
+	$settings{'LOGDROPHOSTILEIN'} =3D 'on';
+}
+if (!$settings{'LOGDROPHOSTILEOUT'}) {
+	$settings{'LOGDROPHOSTILEOUT'} =3D 'on';
+}
 if (!$settings{'LOGDROPCTINVALID'}) {
 	$settings{'LOGDROPCTINVALID'} =3D 'on';
 }
@@ -125,6 +131,12 @@ $checked{'DROPSPOOFEDMARTIAN'}{$settings{'DROPSPOOFEDMAR=
TIAN'}} =3D "checked=3D'chec
 $checked{'DROPHOSTILE'}{'off'} =3D '';
 $checked{'DROPHOSTILE'}{'on'} =3D '';
 $checked{'DROPHOSTILE'}{$settings{'DROPHOSTILE'}} =3D "checked=3D'checked'";
+$checked{'LOGDROPHOSTILEIN'}{'off'} =3D '';
+$checked{'LOGDROPHOSTILEIN'}{'on'} =3D '';
+$checked{'LOGDROPHOSTILEIN'}{$settings{'LOGDROPHOSTILEIN'}} =3D "checked=3D'=
checked'";
+$checked{'LOGDROPHOSTILEOUT'}{'off'} =3D '';
+$checked{'LOGDROPHOSTILEOUT'}{'on'} =3D '';
+$checked{'LOGDROPHOSTILEOUT'}{$settings{'LOGDROPHOSTILEOUT'}} =3D "checked=
=3D'checked'";
 $checked{'LOGDROPCTINVALID'}{'off'} =3D '';
 $checked{'LOGDROPCTINVALID'}{'on'} =3D '';
 $checked{'LOGDROPCTINVALID'}{$settings{'LOGDROPCTINVALID'}} =3D "checked=3D'=
checked'";
@@ -279,6 +291,20 @@ END
 			<input type=3D'radio' name=3D'DROPSPOOFEDMARTIAN' value=3D'off' $checked{=
'DROPSPOOFEDMARTIAN'}{'off'} /> $Lang::tr{'off'}
 		</td>
 	</tr>
+	<tr>
+		<td align=3D'left' width=3D'60%'>$Lang::tr{'log drop hostile in'}</td>
+		<td align=3D'left'>
+			$Lang::tr{'on'} <input type=3D'radio' name=3D'LOGDROPHOSTILEIN' value=3D'=
on' $checked{'LOGDROPHOSTILEIN'}{'on'} />/
+			<input type=3D'radio' name=3D'LOGDROPHOSTILEIN' value=3D'off' $checked{'L=
OGDROPHOSTILEIN'}{'off'} /> $Lang::tr{'off'}
+		</td>
+	</tr>
+	<tr>
+		<td align=3D'left' width=3D'60%'>$Lang::tr{'log drop hostile out'}</td>
+		<td align=3D'left'>
+			$Lang::tr{'on'} <input type=3D'radio' name=3D'LOGDROPHOSTILEOUT' value=3D=
'on' $checked{'LOGDROPHOSTILEOUT'}{'on'} />/
+			<input type=3D'radio' name=3D'LOGDROPHOSTILEOUT' value=3D'off' $checked{'=
LOGDROPHOSTILEOUT'}{'off'} /> $Lang::tr{'off'}
+		</td>
+	</tr>
 </table>
 <br/>
=20
--=20
2.43.0


--===============0152859763702630620==--