* GeoIP Blocked IPs not being logged
@ 2019-02-04 21:08 Rob Brewer
2019-02-06 17:18 ` Michael Tremer
0 siblings, 1 reply; 5+ messages in thread
From: Rob Brewer @ 2019-02-04 21:08 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1093 bytes --]
Hi
After adding a few country codes with the GeoIP Configuration page, Geo
blocked IPs no longer appear in the Firewall Logs.
This might be the intended operation but for me I would like to log these
blocked IPs and have added a logging rule to /usr/lib/firewall/rules.pl
This is my patch for rules.pl which I have tested on my live IPFire and is
working OK.
diff -u build/usr/lib/firewall/rules.pl.orig build/usr/lib/firewall/rules.pl
--- build/usr/lib/firewall/rules.pl.orig 2019-02-04
20:59:34.677143496 +0000
+++ build/usr/lib/firewall/rules.pl 2019-02-04 21:01:59.445137411 +0000
@@ -609,6 +609,8 @@
# is enabled.
foreach my $location (@locations) {
if(exists $geoipsettings{$location} &&
$geoipsettings{$location} eq "on") {
+ # add logging for geoip rwb 4/2/19
+ run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc
$location -j LOG --log-prefix 'GEOIPBLOCK-$location '");
run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc
$location -j DROP");
}
}
Regards
Rob
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: GeoIP Blocked IPs not being logged
2019-02-04 21:08 GeoIP Blocked IPs not being logged Rob Brewer
@ 2019-02-06 17:18 ` Michael Tremer
2019-02-06 21:48 ` Rob Brewer
0 siblings, 1 reply; 5+ messages in thread
From: Michael Tremer @ 2019-02-06 17:18 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1737 bytes --]
Hello Rob,
Thank you for submitting this patch.
There are several issues with this patch:
* It has been line-wrapped and therefore does not apply
* It is actually intended behaviour of the GeoIP filter to not log those. Many systems are flooded with log messages and this filter is supposed to skim some things out entirely.
However, I do not think that this is a bad idea, but it should be configurable on the firewall options page.
-Michael
> On 4 Feb 2019, at 21:08, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>
> Hi
>
> After adding a few country codes with the GeoIP Configuration page, Geo
> blocked IPs no longer appear in the Firewall Logs.
>
> This might be the intended operation but for me I would like to log these
> blocked IPs and have added a logging rule to /usr/lib/firewall/rules.pl
>
> This is my patch for rules.pl which I have tested on my live IPFire and is
> working OK.
>
> diff -u build/usr/lib/firewall/rules.pl.orig build/usr/lib/firewall/rules.pl
> --- build/usr/lib/firewall/rules.pl.orig 2019-02-04
> 20:59:34.677143496 +0000
> +++ build/usr/lib/firewall/rules.pl 2019-02-04 21:01:59.445137411 +0000
> @@ -609,6 +609,8 @@
> # is enabled.
> foreach my $location (@locations) {
> if(exists $geoipsettings{$location} &&
> $geoipsettings{$location} eq "on") {
> + # add logging for geoip rwb 4/2/19
> + run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc
> $location -j LOG --log-prefix 'GEOIPBLOCK-$location '");
> run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc
> $location -j DROP");
> }
> }
>
>
> Regards
>
> Rob
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: GeoIP Blocked IPs not being logged
2019-02-06 17:18 ` Michael Tremer
@ 2019-02-06 21:48 ` Rob Brewer
2019-02-10 16:07 ` Rob Brewer
0 siblings, 1 reply; 5+ messages in thread
From: Rob Brewer @ 2019-02-06 21:48 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1428 bytes --]
Hi Michael
Michael Tremer wrote:
> Hello Rob,
>
> Thank you for submitting this patch.
>
> There are several issues with this patch:
>
> * It has been line-wrapped and therefore does not apply
>
Apologies I'll try again without wrapping:
--- build/usr/lib/firewall/rules.pl.orig 2019-02-04 20:59:34.677143496 +0000
+++ build/usr/lib/firewall/rules.pl 2019-02-04 21:01:59.445137411 +0000
@@ -609,6 +609,8 @@
# is enabled.
foreach my $location (@locations) {
if(exists $geoipsettings{$location} && $geoipsettings{$location} eq "on") {
+ # add logging for geoip rwb 4/2/19
+ run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc $location -j LOG --log-prefix 'GEOIPBLOCK-$location '");
run("$IPTABLES -A GEOIPBLOCK -m geoip --src-cc $location -j DROP");
}
}
> * It is actually intended behaviour of the GeoIP filter to not log those.
> Many systems are flooded with log messages and this filter is supposed to
> skim some things out entirely.
>
I understand your thinking but it does mess up reporting the logs as I do to Dshield.
> However, I do not think that this is a bad idea, but it should be
> configurable on the firewall options page.
>
Yes I was thinking that this could be easily select-able with an if statement around the LOG line if required.
Rob
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: GeoIP Blocked IPs not being logged
2019-02-06 21:48 ` Rob Brewer
@ 2019-02-10 16:07 ` Rob Brewer
2019-02-14 11:14 ` Michael Tremer
0 siblings, 1 reply; 5+ messages in thread
From: Rob Brewer @ 2019-02-10 16:07 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 548 bytes --]
Hi Michael
Rob Brewer wrote:
>> However, I do not think that this is a bad idea, but it should be
>> configurable on the firewall options page.
>>
> Yes I was thinking that this could be easily select-able with an if
> statement around the LOG line if required.
>
OK I've been working on your suggestion and have added an additional
checkbox to the GeoIP Block of geoip-block.cgi to enable/disable logging.
(patch: geoip-block.cgi)
I have also reworked rules.pl to enable geoip-block logging from geo-
block.cgi.
(patch: rules2.pl)
Rob
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: geoip-block.cgi --]
[-- Type: text/x-patch, Size: 2077 bytes --]
--- /home/rwb/IPFire/ipfire-2.x/build/srv/web/ipfire/cgi-bin/geoip-block.cgi 2019-01-31 19:17:48.948676928 +0000
+++ /home/rwb/IPFire/ipfire-2.x/build/srv/web/ipfire/cgi-bin/geoip-block.cgi.dev 2019-02-10 15:24:57.191920078 +0000
@@ -59,6 +59,13 @@
} else {
$settings{'GEOIPBLOCK_ENABLED'} = "off";
}
+
+ # check if logging is required
+ if (exists $cgiparams{'LOG_ENABLED'}) {
+ $settings{'LOG_ENABLED'} = "on";
+ } else {
+ $settings{'LOG_ENABLED'} = "off";
+ }
# Loop through our locations array to prevent from
# non existing countries or code.
@@ -91,22 +98,41 @@
}
# Checkbox pre-selection.
-my $checked;
+my (%checked,%selected);
if ($settings{'GEOIPBLOCK_ENABLED'} eq "on") {
- $checked = "checked='checked'";
-}
+ $checked{'GEOIPBLOCK_ENABLED'}{$settings{'GEOIPBLOCK_ENABLE'}} = "checked='checked'";
+ }
+
+if ($settings{'LOG_ENABLED'} eq "on") {
+ $checked{'LOG_ENABLED'}{$settings{'LOG_ENABLE'}} = "checked='checked'";
+ }
+
+$checked{'GEOIPBLOCK_ENABLED'}{'off'} = '';
+$checked{'GEOIPBLOCK_ENABLED'}{'on'} = '';
+$checked{'GEOIPBLOCK_ENABLED'}{$settings{'GEOIPBLOCK_ENABLED'}} = "checked='checked'";
+
+
+$checked{'LOG_ENABLED'}{'off'} = '';
+$checked{'LOG_ENABLED'}{'on'} = '';
+$checked{'LOG_ENABLED'}{$settings{'LOG_ENABLED'}} = "checked='checked'";
# Print box to enable/disable geoipblock.
print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
&Header::openbox('100%', 'center', $Lang::tr{'geoipblock'});
+
+# Log enabled checkbox added to enable geoip rules logging
print <<END;
<table width='95%'>
<tr>
<td width='25%' class='base'>$Lang::tr{'geoipblock enable feature'}
- <td><input type='checkbox' name='GEOIPBLOCK_ENABLED' $checked></td>
+ <td><input type='checkbox' name='GEOIPBLOCK_ENABLED' $checked{'GEOIPBLOCK_ENABLED'}{'on'}></td>
</tr>
<tr>
+ <td width='25%' class='base'>$Lang::tr{'log enabled'}
+ <td><input type='checkbox' name='LOG_ENABLED' $checked{'LOG_ENABLED'}{'on'}></td>
+ </tr>
+ <tr>
<td colspan='2'><br></td>
</tr>
</table>
[-- Attachment #3: rules2.pl --]
[-- Type: application/x-perl, Size: 716 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: GeoIP Blocked IPs not being logged
2019-02-10 16:07 ` Rob Brewer
@ 2019-02-14 11:14 ` Michael Tremer
0 siblings, 0 replies; 5+ messages in thread
From: Michael Tremer @ 2019-02-14 11:14 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 978 bytes --]
Hey Rob,
Please only attach patches inline. That way, people can comment on them directly.
If I now write things like:
In the first file, line 12, something is not right there…
then nobody knows what I am referring to.
Best,
-Michael
> On 10 Feb 2019, at 16:07, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>
> Hi Michael
>
> Rob Brewer wrote:
>
>>> However, I do not think that this is a bad idea, but it should be
>>> configurable on the firewall options page.
>>>
>> Yes I was thinking that this could be easily select-able with an if
>> statement around the LOG line if required.
>>
> OK I've been working on your suggestion and have added an additional
> checkbox to the GeoIP Block of geoip-block.cgi to enable/disable logging.
>
> (patch: geoip-block.cgi)
>
> I have also reworked rules.pl to enable geoip-block logging from geo-
> block.cgi.
>
> (patch: rules2.pl)
>
> Rob
> <geoip-block.cgi><rules2.pl>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-02-14 11:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-04 21:08 GeoIP Blocked IPs not being logged Rob Brewer
2019-02-06 17:18 ` Michael Tremer
2019-02-06 21:48 ` Rob Brewer
2019-02-10 16:07 ` Rob Brewer
2019-02-14 11:14 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox