If you’ve installed the IPFire addon named monit, then you can add this to the config file to monitor outgoing DROP_HOSTILE events:
# review messages log
check file messageLog path /var/log/messages
ignore content = ".*monit.*"
# review messages log for DROP_HOSTILE
# but do not look at red0
if content = "DROP_HOSTILE IN=(blue0|green0|orange0)"
then alert
EDIT: temporarily add a space to test so test can pickup non-red0 content.
if content = "DROP_HOSTILE IN=( |blue0|green0|orange0)"
This should disappear in future.