On Wed, 20 Nov 2024 23:08:39 -0000 (UTC), Rob Brewer wrote:
Sorry I got caught out by my editor's word wrap. I've now turned it off so hopefully this will be OK.
Rob
OK - I have modified location-block.cgi to add an additional checkbox at the top of the page titled "Log dropped packets", very similar to ipblocklist.cgi. This adds a entry to the /var/ipfire/firewall/ locationblock settings file ON or OFF.
/srv/web/ipfire/cgi-bin/location-block.cgi ========================================================= 62a63,69
# Check if we want to disable logging. if (exists $cgiparams{'LOGGING_ENABLED'}) { $settings{'LOGGING_ENABLED'} = "on"; } else { $settings{'LOGGING_ENABLED'} = "off"; }
93a101
my $logging;
97a106,111
if ($settings{'LOGGING_ENABLED'} eq "on") { $logging = "checked='checked'"; }
108a123,125
<td width='50%' class='base'>$Lang::tr{'ipblocklist log'} <td><input type='checkbox' name='LOGGING_ENABLED' $logging></td> </tr>
====================================================================
In /usr/lib/firewall/rules.pl I add an additional Iptables LOCATIONBLOCK log rule with the prefix 'LOCBLOCK-$location '. This is selectable from the Log dropped packets entry in the locationblock settings file.
/usr/lib/firewall/rules.pl ===================================================================== 76c76,77 < "LOCATIONBLOCK_ENABLED" => "off" ---
"LOCATIONBLOCK_ENABLED" => "off", "LOGGING_ENABLED" => "off",
719a721,725
# add loggging if enabled from location-block.cgi if ($locationsettings{'LOGGING_ENABLED'} eq "on") { run("$IPTABLES -A LOCATIONBLOCK -m set --match-set $location src -j LOG --log-prefix 'LOCBLOCK-$location '"); }
======================================================================= End of encapsulated message