On Wed, 20 Nov 2024 23:08:39 -0000 (UTC), Rob Brewer wrote:
I've tested these patches on Core-Update 189 and can enable and disable
locationblock logging.
I can provide the patches in a different format if preferred.
Rob
> OK - I have modified location-block.cgi to add an additional checkbox at
> the top of the page titled "Log dropped packets", very similar to
> ipblocklist.cgi. This adds a entry to the /var/ipfire/firewall/
> locationblock settings file ON or OFF.
>
/srv/web/ipfire/cgi-bin/location-block.cgi
=================================================================
62a63,69
> # Check if we want to disable logging.
> if (exists $cgiparams{'LOGGING_ENABLED'}) {
> $settings{'LOGGING_ENABLED'} = "on";
> } else {
> $settings{'LOGGING_ENABLED'} = "off";
> }
>
93a101
> my $logging;
97a106,111
> if ($settings{'LOGGING_ENABLED'} eq "on") {
> $logging = "checked='checked'";
> }
>
>
>
108a123,125
>
$Lang::tr{'ipblocklist log'}
>
>
==========================================================================
> In /usr/lib/firewall/rules.pl I add an additional Iptables LOCATIONBLOCK
> log rule with the prefix 'LOCBLOCK-$location '. This is selectable from
> the Log dropped packets entry in the locationblock settings file.
/usr/lib/firewall/rules.pl
=====================================================================
76c76,77
< "LOCATIONBLOCK_ENABLED" => "off"
---
> "LOCATIONBLOCK_ENABLED" => "off",
> "LOGGING_ENABLED" => "off",
719a721,725
>
> # add loggging if enabled from location-block.cgi
> if ($locationsettings{'LOGGING_ENABLED'} eq "on") {
> run("$IPTABLES -A LOCATIONBLOCK -m set --match-set
$location src -j LOG --log-prefix 'LOCBLOCK-$location '");
> }
=========================================================================