diff mbox series

[v2,2/4] firewall: Fixes bug12981 - add if loop to log or not log dropped hostile traffic

Message ID 20240110143845.12957-2-adolf.belka@ipfire.org
State Superseded
Headers
Series [v2,1/4] optionsfw.cgi: Fix bug12981 - Add option to log or not log dropped hostile traffic |

Commit Message

Adolf Belka Jan. 10, 2024, 2:38 p.m. UTC 
  - Dependent on the choice in optionsfw.cgi this loop will either log or not log the
   dropped hostile traffic.

Fixes: bug12981
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 src/initscripts/system/firewall | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 50f2b3e02..352ae2496 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -177,7 +177,9 @@  iptables_init() {
 	iptables -A OUTPUT -j HOSTILE
 
 	iptables -N HOSTILE_DROP
-	iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
+	if [ "$LOGDROPHOSTILE" == "on" ]; then
+		iptables -A HOSTILE_DROP -m limit --limit 10/second -j LOG --log-prefix "DROP_HOSTILE "
+	fi
 	iptables -A HOSTILE_DROP -j DROP -m comment --comment "DROP_HOSTILE"
 
 	# IP Address Blocklist chains