From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: GeoIP Blocked IPs not being logged
Date: Wed, 06 Feb 2019 17:18:34 +0000
Message-ID: <2963A1FF-496E-44EE-9F79-B4CBAFE799F2@ipfire.org>
In-Reply-To: <q3a9k5$ugk$1@tuscan3.grantura.co.uk>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0400335029044104463=="
List-Id: <development.lists.ipfire.org>

--===============0400335029044104463==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello Rob,

Thank you for submitting this patch.

There are several issues with this patch:

* It has been line-wrapped and therefore does not apply

* It is actually intended behaviour of the GeoIP filter to not log those. Man=
y systems are flooded with log messages and this filter is supposed to skim s=
ome things out entirely.

However, I do not think that this is a bad idea, but it should be configurabl=
e on the firewall options page.

-Michael

> On 4 Feb 2019, at 21:08, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>=20
> Hi
>=20
> After adding a few country codes with the GeoIP Configuration page, Geo=20
> blocked IPs no longer appear in the Firewall Logs.
>=20
> This might be the intended operation but for me I would like to log these=20
> blocked IPs and have added a logging rule to /usr/lib/firewall/rules.pl
>=20
> This is my patch for rules.pl which I have tested on my live IPFire and is =

> working OK.
>=20
> diff -u build/usr/lib/firewall/rules.pl.orig build/usr/lib/firewall/rules.pl
> --- build/usr/lib/firewall/rules.pl.orig        2019-02-04=20
> 20:59:34.677143496 +0000
> +++ build/usr/lib/firewall/rules.pl     2019-02-04 21:01:59.445137411 +0000
> @@ -609,6 +609,8 @@
>        # is enabled.
>        foreach my $location (@locations) {
>                if(exists $geoipsettings{$location} &&=20
> $geoipsettings{$location} eq "on") {
> +      # add logging for geoip rwb 4/2/19
> +                        run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc=20
> $location -j LOG --log-prefix 'GEOIPBLOCK-$location '");
>                        run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc=20
> $location -j DROP");
>                }
>        }
>=20
>=20
> Regards
>=20
> Rob
>=20
>=20


--===============0400335029044104463==--