Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Where do I enable firewall logs and set its levels?

  1. #11
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,375
    Blog Entries
    1

    Default Re: Where do I enable firewall logs and set its levels?

    As a test I configured the firewall on a host (192.168.0.12) with
    Code:
    firewall-cmd --set-log-denied=all
    The firewall had no allowed services configured and I then attempted to connect via another host (192.168.0.10) using SSH.

    This failed attempt was logged in /var/log/firewall (as expected)....
    Code:
    2019-02-02T17:18:19.850216+13:00 linux-l31z kernel: [14210.811086] FINAL_REJECT: IN=eth0 OUT= MAC=08:00:27:74:e4:b1:94:b8:6d:b3:f8:f3:08:00 SRC=192.168.0.10 DST=192.168.0.12 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9940 DF PROTO=TCP SPT=55055 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 
    2019-02-02T17:18:22.850093+13:00 linux-l31z kernel: [14213.811265] FINAL_REJECT: IN=eth0 OUT= MAC=08:00:27:74:e4:b1:94:b8:6d:b3:f8:f3:08:00 SRC=192.168.0.10 DST=192.168.0.12 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9941 DF PROTO=TCP SPT=55055 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0
    FWIW, additional flexibility with logging can be achieved using rich-rules as described in this blog...
    https://bluehatrecord.wordpress.com/...-in-firewalld/
    Last edited by deano_ferrari; 01-Feb-2019 at 21:28.
    openSUSE Leap 15.0; KDE Plasma 5

  2. #12

    Default Re: Where do I enable firewall logs and set its levels?

    Quote Originally Posted by deano_ferrari View Post
    As a test I configured the firewall on a host (192.168.0.12) with
    Code:
    firewall-cmd --set-log-denied=all
    The firewall had no allowed services configured and I then attempted to connect via another host (192.168.0.10) using SSH.

    This failed attempt was logged in /var/log/firewall (as expected)....
    Code:
    2019-02-02T17:18:19.850216+13:00 linux-l31z kernel: [14210.811086] FINAL_REJECT: IN=eth0 OUT= MAC=08:00:27:74:e4:b1:94:b8:6d:b3:f8:f3:08:00 SRC=192.168.0.10 DST=192.168.0.12 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9940 DF PROTO=TCP SPT=55055 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 
    2019-02-02T17:18:22.850093+13:00 linux-l31z kernel: [14213.811265] FINAL_REJECT: IN=eth0 OUT= MAC=08:00:27:74:e4:b1:94:b8:6d:b3:f8:f3:08:00 SRC=192.168.0.10 DST=192.168.0.12 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=9941 DF PROTO=TCP SPT=55055 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0
    Thank you. So the lesson is to change deny logging to all and look into /var/log/firewall instead of /var/log/firewalld. I now find the log for the dropped packets.
    openSUSE Leap 15.0

  3. #13
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,375
    Blog Entries
    1

    Default Re: Where do I enable firewall logs and set its levels?

    Quote Originally Posted by bonedriven View Post
    Thank you. So the lesson is to change deny logging to all and look into /var/log/firewall instead of /var/log/firewalld. I now find the log for the dropped packets.
    Happy to have been of help.
    openSUSE Leap 15.0; KDE Plasma 5

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •