iptables is versatile and fully supported in LEDE.
In LuCI, any Iptables argument can be customized in the field "extra argument".
However, what happens to dropped or rejected packets cannot be customized.
there is no default line (on bottom) explaining what happens to a dropped packet.
In France, there are now official guidance as regards firewalls and I don't think LEDE complies.
In official guidance, it is explained that each rejected packet should be logged separately.
A least, there should be some mark on each rule to allow logging.
It can be disabled by default, but should exist.
In LuCI firewall:
Reject packets
In firewall zone:
=>Advanced settings
Enable logging on this zone
And then fill limit value.
The log can be seen in system log.
You only need to send it to a remote syslog server.
About limit:
–limit
followed by a number; specifies the maximum average number of matches to allow per second. The number can specify units explicitly, using /second’, /minute’, /hour’ or /day’, or parts of them (so 5/second’ is the same as 5/s’).