IP Address Blocklists Logging Outbound Only

Has anyone suggested having an option to specify TO/FROM dropped packet logging for IP Address Blocklists – similar to the corresponding option for hostile networks?
Something like this on the Firewall Options page:

Log dropped packets FROM IP Address Blocklists networks
Log dropped packets TO IP Address Blocklists networks

It would be nice to silence all the dropped FROM packets so that those that are originating from nodes on the blue and green zones are more easily identified

Packets from blue or green zones are also FROM, IMO.

Hi @bbitsch, I wouldn’t think nodes on my blue/green zones would be contained in a IP Address Blocklists. And ah, sure they’re from local . But I’m more concerned that they’re talking to some bad site – hence my interest in focusing on the to an address in one of the blocklists… As in OP, I thought of something similar to the way traffic to hostile networks is handled.

Ok,
I understood right your OP.

To put it more exactly:

  • there should be options Log dropped packets FROM blocked IPs and Log dropped packets TO blocked IPs
  • to monitor just ‘misbehaving’ local devices, turn off logging FROM

Is this right?
This should be possible, if the structure of the iptables rules is changed like the hostile networks topic. But this isn’t done without some effort.

1 Like

Just thought I would through that out there … in case the IPFire developers are getting bored and running out of things to do :upside_down_face: