Question: How to enable logging in firewalld for CentOS/RHEL 8?
1. Edit the /etc/firewalld/firewalld.conf and change the “LogDenied” line to the following:
# vi /etc/firewalld/firewalld.conf LogDenied=all
2. Edit the /etc/sysconfig/firewalld and add or change the “FIREWALLD_ARGS” line to the following:
# vi /etc/sysconfig/firewalld FIREWALLD_ARGS=--debug=10
3. Restart the firewalld service:
# systemctl restart firewalld.service
4. Check the firewalld log file:
# tail /var/log/firewalld
2021-11-30 14:03:12 DEBUG1: config.helper.9.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('sane')
2021-11-30 14:03:12 DEBUG1: config.helper.10.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('sip')
2021-11-30 14:03:12 DEBUG1: config.helper.11.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('snmp')
2021-11-30 14:03:12 DEBUG1: config.helper.12.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('tftp')
2021-11-30 14:03:12 DEBUG1: config.policy.0.GetAll('org.fedoraproject.FirewallD1.config.policy')
2021-11-30 14:03:12 DEBUG1: config.PolicyAdded('allow-host-ipv6')
2021-11-30 14:03:12 DEBUG1: config.GetAll('org.fedoraproject.FirewallD1.config')
2021-11-30 14:03:12 DEBUG1: zone.changeZoneOfInterface('', 'ens3')
2021-11-30 14:03:12 DEBUG1: Setting zone of interface 'ens3' to 'public'
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].execute(True)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].prepare(True, ...)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].pre()
2021-11-30 14:03:12 DEBUG3: [class 'firewall.core.nftables.nftables']: calling python-nftables with JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_IN_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_FWDO_public"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_POST_public"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_POST_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_FWDI_public"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_PRE_public"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_PRE_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "mangle_PRE_public"}}]}}}]}
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].post()
2021-11-30 14:03:12 DEBUG1: zone.ZoneOfInterfaceChanged('public', 'ens3')
2021-11-30 14:03:12 DEBUG1: zone.ZoneChanged('public', 'ens3')
2021-11-30 14:03:12 DEBUG1: zone.changeZoneOfInterface('', 'br0')
2021-11-30 14:03:12 DEBUG1: Setting zone of interface 'br0' to 'public'
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].execute(True)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].prepare(True, ...)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].pre()