diff --git a/src/nethsec/firewall/__init__.py b/src/nethsec/firewall/__init__.py
index beb0b9fa..c7e95025 100644
--- a/src/nethsec/firewall/__init__.py
+++ b/src/nethsec/firewall/__init__.py
@@ -773,7 +773,7 @@ def zone_exists(u, zone_name):
 
 
 def add_zone(uci, name: str, input: str, forward: str, traffic_to_wan: bool = False, forwards_to: list[str] = None,
-             forwards_from: list[str] = None) -> {str, set[str]}:
+             forwards_from: list[str] = None, log: bool = False) -> {str, set[str]}:
     """
     Add zone to firewall config.
 
@@ -785,6 +785,7 @@ def add_zone(uci, name: str, input: str, forward: str, traffic_to_wan: bool = Fa
         traffic_to_wan: if True, add forwarding from zone to wan
         forwards_to: list of zones to forward traffic to
         forwards_from: list of zones to forward traffic from
+        log: if True, log blocked traffic destined to this zone
 
     Returns:
         tuple of zone config name and set of added forwarding configs
@@ -800,6 +801,7 @@ def add_zone(uci, name: str, input: str, forward: str, traffic_to_wan: bool = Fa
     uci.set('firewall', zone_config_name, 'input', input)
     uci.set('firewall', zone_config_name, 'forward', forward)
     uci.set('firewall', zone_config_name, 'output', 'ACCEPT')
+    uci.set('firewall', zone_config_name, 'log', '1' if log else '0')
 
     forwardings_added = set()
 
@@ -813,13 +815,14 @@ def add_zone(uci, name: str, input: str, forward: str, traffic_to_wan: bool = Fa
     if forwards_from is not None:
         for forward_from in forwards_from:
             forwardings_added.add(add_forwarding(uci, forward_from, name))
+
     uci.save('firewall')
     reorder_firewall_config(uci)
     return zone_config_name, forwardings_added
 
 
 def edit_zone(uci, name: str, input: str, forward: str, traffic_to_wan: bool = False, forwards_to: list[str] = None,
-             forwards_from: list[str] = None) -> {str, set[str]}:
+             forwards_from: list[str] = None, log: bool = False) -> {str, set[str]}:
     """
     Edit an existing zone.
 
@@ -831,6 +834,7 @@ def edit_zone(uci, name: str, input: str, forward: str, traffic_to_wan: bool = F
         traffic_to_wan: if True, add forwarding from zone to wan
         forwards_to: list of zones to forward traffic to
         forwards_from: list of zones to forward traffic from
+        log: if True, log blocked traffic destined to this zone
 
     Returns:
         tuple of zone config name and set of updated forwarding configs
@@ -842,6 +846,7 @@ def edit_zone(uci, name: str, input: str, forward: str, traffic_to_wan: bool = F
     uci.set('firewall', zone_config_name, 'input', input)
     uci.set('firewall', zone_config_name, 'forward', forward)
     uci.set('firewall', zone_config_name, 'output', 'ACCEPT')
+    uci.set('firewall', zone_config_name, 'log', '1' if log else '0')
 
     # delete old forwardings
 
diff --git a/tests/test_firewall.py b/tests/test_firewall.py
index e2ba8fc4..36958137 100644
--- a/tests/test_firewall.py
+++ b/tests/test_firewall.py
@@ -325,6 +325,7 @@
     option forward 'REJECT'
     option masq '1'
     option mtu_fix '1'
+    option log '1'
     list network 'wan6'
     list network 'RED_2'
     list network 'RED_3'
@@ -731,6 +732,7 @@ def test_list_zones(u):
     assert firewall.list_zones(u)["ns_wan"]["output"] == "ACCEPT"
     assert firewall.list_zones(u)["ns_wan"]["forward"] == "REJECT"
     assert firewall.list_zones(u)["ns_wan"]["network"] == ("wan6", "RED_2", "RED_3", "RED_1")
+    assert firewall.list_zones(u)["ns_wan"]["log"] == "1"
 
 
 def list_zones_no_aliases(u):
@@ -751,6 +753,7 @@ def test_add_zone(u):
     assert u.get("firewall", "ns_new_zone", "input") == "REJECT"
     assert u.get("firewall", "ns_new_zone", "output") == "ACCEPT"
     assert u.get("firewall", "ns_new_zone", "forward") == "DROP"
+    assert u.get("firewall", "ns_new_zone", "log") == "0"
     assert u.get("firewall", "ns_new_zone2wan", "src") == "new_zone"
     assert u.get("firewall", "ns_new_zone2wan", "dest") == "wan"
     assert u.get("firewall", "ns_new_zone2lan", "src") == "new_zone"
@@ -759,6 +762,9 @@ def test_add_zone(u):
     assert u.get("firewall", "ns_lan2new_zone", "dest") == "new_zone"
     assert u.get("firewall", "ns_guest2new_zone", "src") == "guest"
     assert u.get("firewall", "ns_guest2new_zone", "dest") == "new_zone"
+    assert firewall.add_zone(u, "new_zone_with_log", "REJECT", "DROP", True, ["lan"], ["lan", "guest"], True)
+    assert u.get("firewall", "ns_new_zone_with_log", "log") == "1"
+
 
 def test_edit_zone(u):
     assert firewall.edit_zone(u, "new_zone", "DROP", "ACCEPT", False, ["lan"], ["lan", "guest"]) == (
@@ -773,6 +779,10 @@ def test_edit_zone(u):
     assert u.get("firewall", "ns_lan2new_zone", "dest") == "new_zone"
     assert u.get("firewall", "ns_guest2new_zone", "src") == "guest"
     assert u.get("firewall", "ns_guest2new_zone", "dest") == "new_zone"
+    assert u.get("firewall", "ns_new_zone", "log") == "0"
+    assert firewall.edit_zone(u, "new_zone", "DROP", "ACCEPT", False, ["lan"], ["lan", "guest"], True)
+    assert u.get("firewall", "ns_new_zone", "log") == "1"
+
 
 def test_delete_zone(u):
     assert firewall.delete_zone(u, "ns_new_zone") == (