Re: GeoIP Blocked IPs not being logged

[Rob Brewer <ipfire-devel@grantura.co.uk>]

[-- Attachment #1: Type: text/plain, Size: 548 bytes --]

Hi Michael

Rob Brewer wrote:

>> However, I do not think that this is a bad idea, but it should be
>> configurable on the firewall options page.
>>
> Yes I was thinking that this could be easily select-able with an if
> statement around the LOG line if required.
> 
OK I've been working on your suggestion and have added an additional  
checkbox to the GeoIP Block of  geoip-block.cgi to enable/disable logging.

(patch: geoip-block.cgi)

I have also reworked rules.pl to enable geoip-block logging from geo-
block.cgi.

(patch: rules2.pl)

Rob
 

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: geoip-block.cgi --]
[-- Type: text/x-patch, Size: 2077 bytes --]

--- /home/rwb/IPFire/ipfire-2.x/build/srv/web/ipfire/cgi-bin/geoip-block.cgi	2019-01-31 19:17:48.948676928 +0000
+++ /home/rwb/IPFire/ipfire-2.x/build/srv/web/ipfire/cgi-bin/geoip-block.cgi.dev	2019-02-10 15:24:57.191920078 +0000
@@ -59,6 +59,13 @@
 	} else {
 		$settings{'GEOIPBLOCK_ENABLED'} = "off";
 	}
+        
+	#  check if logging is required
+	if (exists $cgiparams{'LOG_ENABLED'}) {
+		$settings{'LOG_ENABLED'} = "on";
+	} else {
+		$settings{'LOG_ENABLED'} = "off";
+	}        
 
 	# Loop through our locations array to prevent from
 	# non existing countries or code.
@@ -91,22 +98,41 @@
 }
 
 # Checkbox pre-selection.
-my $checked;
+my (%checked,%selected);
 if ($settings{'GEOIPBLOCK_ENABLED'} eq "on") {
-	$checked = "checked='checked'";
-}
+	$checked{'GEOIPBLOCK_ENABLED'}{$settings{'GEOIPBLOCK_ENABLE'}} = "checked='checked'";
+	}
+        
+if ($settings{'LOG_ENABLED'} eq "on") {
+	$checked{'LOG_ENABLED'}{$settings{'LOG_ENABLE'}} = "checked='checked'";
+	}
+
+$checked{'GEOIPBLOCK_ENABLED'}{'off'} = '';
+$checked{'GEOIPBLOCK_ENABLED'}{'on'} = '';
+$checked{'GEOIPBLOCK_ENABLED'}{$settings{'GEOIPBLOCK_ENABLED'}} = "checked='checked'";	
+	
+	
+$checked{'LOG_ENABLED'}{'off'} = '';
+$checked{'LOG_ENABLED'}{'on'} = '';
+$checked{'LOG_ENABLED'}{$settings{'LOG_ENABLED'}} = "checked='checked'";
 
 # Print box to enable/disable geoipblock.
 print"<form method='POST' action='$ENV{'SCRIPT_NAME'}'>\n";
 
 &Header::openbox('100%', 'center', $Lang::tr{'geoipblock'});
+
+# Log enabled checkbox added to enable geoip rules logging
 print <<END;
 	<table width='95%'>
 		<tr>
 			<td width='25%' class='base'>$Lang::tr{'geoipblock enable feature'}
-			<td><input type='checkbox' name='GEOIPBLOCK_ENABLED' $checked></td>
+			<td><input type='checkbox' name='GEOIPBLOCK_ENABLED' $checked{'GEOIPBLOCK_ENABLED'}{'on'}></td>
 		</tr>
 		<tr>
+			<td width='25%' class='base'>$Lang::tr{'log enabled'}
+			<td><input type='checkbox' name='LOG_ENABLED' $checked{'LOG_ENABLED'}{'on'}></td>
+                </tr>
+		<tr>
 			<td colspan='2'><br></td>
 		</tr>
 	</table>


[-- Attachment #3: rules2.pl --]
[-- Type: application/x-perl, Size: 716 bytes --]