Results 1 to 6 of 6

Thread: Firewall log

  1. #1

    Smile Firewall log

    Hi,

    I install OpenSuse 42.3 and enable firewall from yast. My question is : How can I see and review firewall log files?

    Thank you OpenSuse team for your good linux distribution.

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    18,219
    Blog Entries
    1

    Default Re: Firewall log

    This can be used to watch the log live...
    Code:
    sudo journalctl -f|grep iptables
    Filtering the current boot log for iptables messages...
    Code:
    journalctl -b|grep iptables

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    18,219
    Blog Entries
    1

    Default Re: Firewall log

    The openSUSE firewall guide is worth reviewing
    https://doc.opensuse.org/documentati...l.html#id42771

    From YaST, firewall logging can be configured as follows
    Logging Level There are two rules for logging: accepted and not accepted packets. Packets that are not accepted are DROPPED or REJECTED. Select from Log All, Log Only Critical, or Do Not Log Any.

  4. #4
    Join Date
    Apr 2016
    Location
    North America
    Posts
    352

    Default Re: Firewall log

    Thanks!

    I currently have eth0 set as "No zone assigned".
    Since I'm connected to a home router,
    I guess "Internal Zone" would be the appropriate choice?
    I'll probably just go with the disable logging option,
    until I understand what those Windows computers
    are trying to accomplish with this traffic.

    There's no port shown with DST=
    it's just a generic subnet ip.

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    18,219
    Blog Entries
    1

    Default Re: Firewall log

    Quote Originally Posted by ravas View Post
    Thanks!

    I currently have eth0 set as "No zone assigned".
    Then by default it is treated as external.

    Since I'm connected to a home router,
    I guess "Internal Zone" would be the appropriate choice?
    If you do that you may as well not have the firewall running. Having said that the router should be doing firewalling from outside. It's just your other hosts on the LAN that you need to be concerned with (or not).
    SuSEfirewall2 has three different zones by default:

    • EXT - External Zone (ie untrusted, Internet)
    • INT - Internal Zone (fully trusted, no filtering, LAN)
    • DMZ - Demilitarized Zone (for servers that should be reachable from the Internet)
    https://en.opensuse.org/SuSEfirewall2#Firewall_Zones

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    9,102
    Blog Entries
    1

    Default Re: Firewall log

    Quote Originally Posted by ravas View Post
    Thanks!

    I currently have eth0 set as "No zone assigned".
    Since I'm connected to a home router,
    I guess "Internal Zone" would be the appropriate choice?
    With SuSEFW2,
    As you describe the default zone configuration is "No zone assigned" and what that means is that any modifications you do are applied to all zones.
    Only after you've assigned a zone to an interface will you then need to define internal, external and DMZ zones.

    If the log entry doesn't display sufficient information about the mystery packets, probably the next logical step is to capture the packets and display with an app like Wireshark.

    From the size and your description of its frequency it's likely a UDP packet, and my personal guess would be that it's an ARP. Although shouldn't be the default nowadays with latest Windows, earlier Windows versions were known to be extremely "chatty" on the network querying for other Hosts on the local network.

    HTH and IMO,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •