I'm using v 2.6.5.
After turning on the detailed Firewall log for a few minutes I saw lots of suspicious activity from an IP address repeatedly making a POST request to a malformed login page URL ("/wp-login.phpwp-login.php"). So I blacklisted the IP. I confirmed that the IP address was indeed blacklisted by loading the Firewall config page. The IP appears in the 'Blacklist IP Addresses' box.
However if I turn off detailed Firewall log requests from the blacklisted IP are not showing up in the Firewall log. I've clicked Clear/Fix Log.
If I turn the detailed Firewall log back on to check that the suspicious activity is still happening, it is. The detailed Firewall log reports that the IP is blacklisted, confirmed by '[ IPWHOIS Lookup ] [ Remove From Firewall Blacklist ] [ Add To Firewall Whitelist ]' but reports a result 'After whitelist options were applied, there were no page parameters to check on this visit.'
So is a blacklisted IP address actually blacklisted, and I also assumed that requests from a blacklisted IP would appear in the regular Firewall log and not just the detailed log. Is that not the case?