This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
linux:network_firewalld [2021/01/01 21:25] 127.0.0.1 external edit |
linux:network_firewalld [2023/10/18 15:19] (current) manu [Logging all inbound and outbound traffic with firewalld direct rules] |
||
---|---|---|---|
Line 72: | Line 72: | ||
The log is automatically created in **/var/log/firewalld** | The log is automatically created in **/var/log/firewalld** | ||
+ | |||
+ | ===== Logging all inbound and outbound traffic with firewalld direct rules ===== | ||
+ | |||
+ | Rule to log all incoming traffic setting log level to 4: | ||
+ | <cli prompt='#'> | ||
+ | # firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p all -s 0.0.0.0/0 -j LOG --log-prefix "INPUT " --log-level 4 | ||
+ | </cli> | ||
+ | |||
+ | Rule to log all outgoing traffic setting log level to 4: | ||
+ | <cli prompt='#'> | ||
+ | # firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p all -s 192.168.1.10 -j LOG --log-prefix "OUTPUT " --log-level 4 | ||
+ | </cli> | ||
+ | With nftables as backend, direct rules are given a higher precedence than all other firewalld rules. | ||
+ | |||
+ | To check if the rules are applied: | ||
+ | <cli prompt='#'> | ||
+ | # firewall-cmd --direct --get-all-rules | ||
+ | </cli> | ||
+ | |||
+ | To make the rules permanent: | ||
+ | <cli prompt='#'> | ||
+ | # firewall-cmd --runtime-to-permanent | ||
+ | </cli> | ||
+ | |||
+ | To list all direct permanent rules: | ||
+ | <cli prompt='#'> | ||
+ | # firewall-cmd --direct --get-all-rules --permanent | ||
+ | </cli> | ||
+ | Traffic logs are written in /var/log/firewall | ||
+ |