On Wed, 20 Nov 2024 23:08:39 -0000 (UTC), Rob Brewer wrote:
I've tested these patches on Core-Update 189 and can enable and disable locationblock logging. I can provide the patches in a different format if preferred.
Rob
OK - I have modified location-block.cgi to add an additional checkbox at the top of the page titled "Log dropped packets", very similar to ipblocklist.cgi. This adds a entry to the /var/ipfire/firewall/ locationblock settings file ON or OFF.
/srv/web/ipfire/cgi-bin/location-block.cgi ================================================================= 62a63,69
# Check if we want to disable logging. if (exists $cgiparams{'LOGGING_ENABLED'}) { $settings{'LOGGING_ENABLED'} = "on"; } else { $settings{'LOGGING_ENABLED'} = "off"; }
93a101
my $logging;
97a106,111
if ($settings{'LOGGING_ENABLED'} eq "on") { $logging = "checked='checked'"; }
108a123,125
<td width='50%'
class='base'>$Lang::tr{'ipblocklist log'}
<td><input type='checkbox'
name='LOGGING_ENABLED' $logging></td>
</tr>
==========================================================================
In /usr/lib/firewall/rules.pl I add an additional Iptables LOCATIONBLOCK log rule with the prefix 'LOCBLOCK-$location '. This is selectable from the Log dropped packets entry in the locationblock settings file.
/usr/lib/firewall/rules.pl ===================================================================== 76c76,77 < "LOCATIONBLOCK_ENABLED" => "off" ---
"LOCATIONBLOCK_ENABLED" => "off", "LOGGING_ENABLED" => "off",
719a721,725
# add loggging if enabled from location-block.cgi if ($locationsettings{'LOGGING_ENABLED'} eq "on") { run("$IPTABLES -A LOCATIONBLOCK -m set --match-set
$location src -j LOG --log-prefix 'LOCBLOCK-$location '");
}
=========================================================================