Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Tested-by: Bernhard Bitsch <bbitsch(a)ipfire.org>


Am 21.01.2024 um 12:45 schrieb Adolf Belka:
> - This v3 version has split the logging choice for drop hostile to separate the logging of
>     incoming drop hostile and outgoing drop hostile.
> - The bug originator had no port forwards so all hostile would be dropped normally anyway.
>     However the logs were being swamped by the logging of drop hostile making analysis
>     difficult. So incoming drop hostile was desired to not be logged. However logging of
>     outgoing drop hostile was desired to identify if clients on the internal lan were
>     infected with malware trying to reach home.
> - Added option with drop hostile section to decide if the dropped traffic should be
>     logged or not.
> 
> Fixes: bug12981
> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>   html/cgi-bin/optionsfw.cgi | 26 ++++++++++++++++++++++++++
>   1 file changed, 26 insertions(+)
> 
> diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi
> index fbff67b2f..52ac1b01e 100644
> --- a/html/cgi-bin/optionsfw.cgi
> +++ b/html/cgi-bin/optionsfw.cgi
> @@ -94,6 +94,12 @@ if (!$settings{'DROPSPOOFEDMARTIAN'}) {
>   if (!$settings{'DROPHOSTILE'}) {
>   	$settings{'DROPHOSTILE'} = 'off';
>   }
> +if (!$settings{'LOGDROPHOSTILEIN'}) {
> +	$settings{'LOGDROPHOSTILEIN'} = 'on';
> +}
> +if (!$settings{'LOGDROPHOSTILEOUT'}) {
> +	$settings{'LOGDROPHOSTILEOUT'} = 'on';
> +}
>   if (!$settings{'LOGDROPCTINVALID'}) {
>   	$settings{'LOGDROPCTINVALID'} = 'on';
>   }
> @@ -125,6 +131,12 @@ $checked{'DROPSPOOFEDMARTIAN'}{$settings{'DROPSPOOFEDMARTIAN'}} = "checked='chec
>   $checked{'DROPHOSTILE'}{'off'} = '';
>   $checked{'DROPHOSTILE'}{'on'} = '';
>   $checked{'DROPHOSTILE'}{$settings{'DROPHOSTILE'}} = "checked='checked'";
> +$checked{'LOGDROPHOSTILEIN'}{'off'} = '';
> +$checked{'LOGDROPHOSTILEIN'}{'on'} = '';
> +$checked{'LOGDROPHOSTILEIN'}{$settings{'LOGDROPHOSTILEIN'}} = "checked='checked'";
> +$checked{'LOGDROPHOSTILEOUT'}{'off'} = '';
> +$checked{'LOGDROPHOSTILEOUT'}{'on'} = '';
> +$checked{'LOGDROPHOSTILEOUT'}{$settings{'LOGDROPHOSTILEOUT'}} = "checked='checked'";
>   $checked{'LOGDROPCTINVALID'}{'off'} = '';
>   $checked{'LOGDROPCTINVALID'}{'on'} = '';
>   $checked{'LOGDROPCTINVALID'}{$settings{'LOGDROPCTINVALID'}} = "checked='checked'";
> @@ -279,6 +291,20 @@ END
>   			<input type='radio' name='DROPSPOOFEDMARTIAN' value='off' $checked{'DROPSPOOFEDMARTIAN'}{'off'} /> $Lang::tr{'off'}
>   		</td>
>   	</tr>
> +	<tr>
> +		<td align='left' width='60%'>$Lang::tr{'log drop hostile in'}</td>
> +		<td align='left'>
> +			$Lang::tr{'on'} <input type='radio' name='LOGDROPHOSTILEIN' value='on' $checked{'LOGDROPHOSTILEIN'}{'on'} />/
> +			<input type='radio' name='LOGDROPHOSTILEIN' value='off' $checked{'LOGDROPHOSTILEIN'}{'off'} /> $Lang::tr{'off'}
> +		</td>
> +	</tr>
> +	<tr>
> +		<td align='left' width='60%'>$Lang::tr{'log drop hostile out'}</td>
> +		<td align='left'>
> +			$Lang::tr{'on'} <input type='radio' name='LOGDROPHOSTILEOUT' value='on' $checked{'LOGDROPHOSTILEOUT'}{'on'} />/
> +			<input type='radio' name='LOGDROPHOSTILEOUT' value='off' $checked{'LOGDROPHOSTILEOUT'}{'off'} /> $Lang::tr{'off'}
> +		</td>
> +	</tr>
>   </table>
>   <br/>
>