From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rob Brewer To: development@lists.ipfire.org Subject: Logging Locationblock packets Date: Sat, 09 Nov 2024 14:00:25 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3913507922388485544==" List-Id: --===============3913507922388485544== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit As a contributor to the SANS ISC, I email my IPTABLES logs hourly to the Dshield database, however the default IPFire IPTABLES logs are incomplete since packets dropped by Locationblock are not logged to syslog. As a workaround I edit the locationblock function of rules.pl to add a IPTABLES rule to log the dropped packets. This edit does not of course survive any Core-Updates that upgrade rules.pl and the edit needs to be re-applied. In addition, unless the Locationblock packets are logged to syslog the data displayed in the Firewall logs sections are incomplete as the packets dropped by Location Block are not displayed. I understand that the original intension of the Location Block feature was to reduce the amount of log messages on installations running on extremely cheap flash storage. I suspect that these installations are now almost zero especially since IPFire no longer supports 32 bit versions. The obvious solution to this to make Location Block logging selectable as a firewall option and my quick look at making a patches for this would seem to be fairly simple task to rules.pl and and optionsfw.cgi. I would be happy to provide the necessary patches should this be acceptable. --===============3913507922388485544==--