Has anyone suggested having an option to specify TO/FROM dropped packet logging for IP Address Blocklists – similar to the corresponding option for hostile networks?
Something like this on the Firewall Options page:
Log dropped packets FROM IP Address Blocklists networks
Log dropped packets TO IP Address Blocklists networks
It would be nice to silence all the dropped FROM packets so that those that are originating from nodes on the blue and green zones are more easily identified
Hi @bbitsch, I wouldn’t think nodes on my blue/green zones would be contained in a IP Address Blocklists. And ah, sure they’re from local . But I’m more concerned that they’re talking to some bad site – hence my interest in focusing on the to an address in one of the blocklists… As in OP, I thought of something similar to the way traffic to hostile networks is handled.
there should be options Log dropped packets FROM blocked IPs and Log dropped packets TO blocked IPs
to monitor just ‘misbehaving’ local devices, turn off logging FROM
Is this right?
This should be possible, if the structure of the iptables rules is changed like the hostile networks topic. But this isn’t done without some effort.