From mboxrd@z Thu Jan 1 00:00:00 1970 From: Bernhard Bitsch To: development@lists.ipfire.org Subject: Re: [PATCH v3 1/7] optionsfw.cgi: Fix bug12981 - Add option to log or not log dropped hostile traffic Date: Mon, 22 Jan 2024 14:43:05 +0100 Message-ID: <74c4ce9a-2ca3-48d2-86fc-7f839485a384@ipfire.org> In-Reply-To: <20240121114553.5182-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8337187003271076306==" List-Id: --===============8337187003271076306== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Bernhard Bitsch Tested-by: Bernhard Bitsch Am 21.01.2024 um 12:45 schrieb Adolf Belka: > - This v3 version has split the logging choice for drop hostile to separate= the logging of > incoming drop hostile and outgoing drop hostile. > - The bug originator had no port forwards so all hostile would be dropped n= ormally anyway. > However the logs were being swamped by the logging of drop hostile maki= ng analysis > difficult. So incoming drop hostile was desired to not be logged. Howev= er logging of > outgoing drop hostile was desired to identify if clients on the interna= l lan were > infected with malware trying to reach home. > - Added option with drop hostile section to decide if the dropped traffic s= hould be > logged or not. >=20 > Fixes: bug12981 > Tested-by: Adolf Belka Signed-off-by: Adolf Belka > --- > html/cgi-bin/optionsfw.cgi | 26 ++++++++++++++++++++++++++ > 1 file changed, 26 insertions(+) >=20 > diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi > index fbff67b2f..52ac1b01e 100644 > --- a/html/cgi-bin/optionsfw.cgi > +++ b/html/cgi-bin/optionsfw.cgi > @@ -94,6 +94,12 @@ if (!$settings{'DROPSPOOFEDMARTIAN'}) { > if (!$settings{'DROPHOSTILE'}) { > $settings{'DROPHOSTILE'} =3D 'off'; > } > +if (!$settings{'LOGDROPHOSTILEIN'}) { > + $settings{'LOGDROPHOSTILEIN'} =3D 'on'; > +} > +if (!$settings{'LOGDROPHOSTILEOUT'}) { > + $settings{'LOGDROPHOSTILEOUT'} =3D 'on'; > +} > if (!$settings{'LOGDROPCTINVALID'}) { > $settings{'LOGDROPCTINVALID'} =3D 'on'; > } > @@ -125,6 +131,12 @@ $checked{'DROPSPOOFEDMARTIAN'}{$settings{'DROPSPOOFEDM= ARTIAN'}} =3D "checked=3D'chec > $checked{'DROPHOSTILE'}{'off'} =3D ''; > $checked{'DROPHOSTILE'}{'on'} =3D ''; > $checked{'DROPHOSTILE'}{$settings{'DROPHOSTILE'}} =3D "checked=3D'checked= '"; > +$checked{'LOGDROPHOSTILEIN'}{'off'} =3D ''; > +$checked{'LOGDROPHOSTILEIN'}{'on'} =3D ''; > +$checked{'LOGDROPHOSTILEIN'}{$settings{'LOGDROPHOSTILEIN'}} =3D "checked= =3D'checked'"; > +$checked{'LOGDROPHOSTILEOUT'}{'off'} =3D ''; > +$checked{'LOGDROPHOSTILEOUT'}{'on'} =3D ''; > +$checked{'LOGDROPHOSTILEOUT'}{$settings{'LOGDROPHOSTILEOUT'}} =3D "checked= =3D'checked'"; > $checked{'LOGDROPCTINVALID'}{'off'} =3D ''; > $checked{'LOGDROPCTINVALID'}{'on'} =3D ''; > $checked{'LOGDROPCTINVALID'}{$settings{'LOGDROPCTINVALID'}} =3D "checked= =3D'checked'"; > @@ -279,6 +291,20 @@ END > $Lang::tr{'off'} > > > + > + $Lang::tr{'log drop hostile in'} > + > + $Lang::tr{'on'} / > + $Lang::tr{'off'} > + > + > + > + $Lang::tr{'log drop hostile out'} > + > + $Lang::tr{'on'} / > + $Lang::tr{'off'} > + > + > >
> =20 --===============8337187003271076306==--