no IN= network info displayed in DROP_HOSTILE log message: Apr 14 11:02:56 ipfire kernel: DROP_HOSTILE IN= OUT=red0 SRC=73.nnn.nnn.nnn DST=45.9.148.44 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=19320 DF PROTO=TCP SPT=46056 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 see: https://community.ipfire.org/t/location-block-vs-drop-packets-from-and-to-hostile-networks-listed-at-spamhaus-drop-etc/7434/12?u=jon
This probably isn't a bug. It is just a packet that originated from the firewall and therefore does not have an IN= interface. This is most likely the web proxy since it is port 80.
it was me! I opened a browser and entered `my-authentication-x322s[.]com` just to test. See: https://community.ipfire.org/t/location-block-vs-drop-packets-from-and-to-hostile-networks-listed-at-spamhaus-drop-etc/7434/10?u=jon
So this is NOTABUG?
I think it is a bug since IN=<blank>. It should be IN=green0. I am hoping Peter will chime in!
Created attachment 1038 [details] Log Just found this. When I open a Safari browser and enter: `http://my-authentication-x322s.com` then IN=<blank> When I open a Safari browser and enter HTTPS (not HTTP): `https://my-authentication-x322s.com` then IN=green0
(In reply to Jon from comment #4) > I think it is a bug since IN=<blank>. > > It should be IN=green0. No, it should not. The proxy is opening a new connection which originates from the firewall itself. It might be logically tied to the connection that your browser has to the proxy, but that does not matter to the firewall. The reason why you don't see this for HTTPS is that your proxy is in transparent mode which does not handle HTTPS.