By default Ipfire ommits LOCATIONBLOCK packets to the iptables log files which causes a data loss when sending my iptables logs to Dshield.
As a workaround I add the following to the locationblock function of rules.pl
run(“$IPTABLES -A LOCATIONBLOCK -m set --match-set $location src -j LOG --log-prefix 'LOCBLOCK-$location '”);
Which logs the missing packets to the iptables logs.
Because this hack does not not survive any rules.pl Core-Updates would there be any interest in adding this into future updates maybe as a selectable item from the Firewall Options cgi similar to many of the other Firewall Logging options.
I would be happy to write some patches for this if there was any possibility that it could be incorporate into future build.
I suspect that very few users are running cheap flash storage these days and the majority of users would be using Location Block similar to my use which is to drop incoming packets from bad actors such as CN and RU.
In my experience logging Location Block packets onto a M-Sata SSD hasn’t had any problems even when logging over 100,000 a day.
Without logging the ‘count’ information in the firewalllogcountry logs are understated, and and packets dropped by Location Block are not displayed in the ‘details’ logs.
The obvious solution to this to make Location Block logging selectable as a firewall option and my quick look at making a patches for this would seem to be fairly simple task and I would be happy to provide the necessary should this be acceptable