Differences

This shows you the differences between two versions of the page.

--- linux:network_firewalld [2023/10/18 15:18]
manu [Firewall debug]
+++ linux:network_firewalld [2023/10/18 15:19] (current)
manu [Logging all inbound and outbound traffic with firewalld direct rules]
@@ Line 77: / Line 77: @@
 Rule to log all incoming traffic setting log level to 4:
 <cli prompt='#'>
-firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p all -s 0.0.0.0/0 -j LOG --log-prefix "INPUT " --log-level 4
+# firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p all -s 0.0.0.0/0 -j LOG --log-prefix "INPUT " --log-level 4
+</cli>
 Rule to log all outgoing traffic setting log level to 4:
 <cli prompt='#'>
-firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p all -s 192.168.1.10 -j LOG --log-prefix "OUTPUT " --log-level 4
+# firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -p all -s 192.168.1.10 -j LOG --log-prefix "OUTPUT " --log-level 4
 </cli>
 With nftables as backend, direct rules are given a higher precedence than all other firewalld rules.
@@ Line 87: / Line 88: @@
 To check if the rules are applied:
 <cli prompt='#'>
-firewall-cmd --direct --get-all-rules
+# firewall-cmd --direct --get-all-rules
 </cli>
 To make the rules permanent:
 <cli prompt='#'>
-firewall-cmd --runtime-to-permanent
+# firewall-cmd --runtime-to-permanent
 </cli>
 To list all direct permanent rules:
 <cli prompt='#'>
-firewall-cmd --direct --get-all-rules --permanent
+# firewall-cmd --direct --get-all-rules --permanent
 </cli>
 Traffic logs are written in /var/log/firewall

wiki