Merlin - How to log and review deliberately dropped IP Packets on WAN

[SkierInAvon]

Merlin - helps protected my email server on (LAN) interface.
Merlin does this by running a Bash script that deliberately drops (inbound) IP packets on the WAN Interface (read: from Internet).
I maintain a list of known (spammer IP addresses/subnets) that are inside the running Bash Script.

Q.) What level of Asus/Merlin logging should I set - to see exactly what IP addresses are being blocked/dropped by that running Bash script?
All I want to see in that log are the dropped IP connections on the WAN interface. No more no less.

Thanks!
-pete

 

[ColinTaylor]

Show us the "bash script" that you're using otherwise we have no idea what you are talking about.

 

[SkierInAvon]

Show us the "bash script" that you're using otherwise we have no idea what you are talking about.

#!/bin/sh

# command line command service restart_firewall

# sleep runs bash script 65 seconds after full boot of Merlin

# below is a short sample of the bash script that is running on the WAN interface

sleep 65


iptables -I FORWARD -s 1.10.185.0/24 -j DROP
iptables -I FORWARD -s 1.192.0.0/16 -j DROP
iptables -I FORWARD -s 1.214.0.0/16 -j DROP
iptables -I FORWARD -s 1.53.137.0/24 -j DROP
iptables -I FORWARD -s 1.53.85.0/24 -j DROP
iptables -I FORWARD -s 1.85.74.0/24 -j DROP
iptables -I FORWARD -s 101.0.84.0/24 -j DROP
iptables -I FORWARD -s 101.178.0.0/16 -j DROP

 

[ColinTaylor]

Change all occurrences of -j DROP to -j logdrop

 

[SkierInAvon]

Change all occurrences of -j DROP to -j logdrop

Good Tip. -j DROP to -j logdrop
Seems to be working now in the Asus/Merlin log...( I can see specific (Internet) IP addresses being Dropped from/on the WAN side of the Asus Router. What I wanted...Thanks
For the record I have the Asus Log levels set to info and info
Default Message log level and Log messages more urgent than