• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Configure firewalld Logging in CentOS/RHEL 8

by admin

Question: How to enable logging in firewalld for CentOS/RHEL 8?

1. Edit the /etc/firewalld/firewalld.conf and change the “LogDenied” line to the following:

# vi /etc/firewalld/firewalld.conf
LogDenied=all

2. Edit the /etc/sysconfig/firewalld and add or change the “FIREWALLD_ARGS” line to the following:

# vi /etc/sysconfig/firewalld
FIREWALLD_ARGS=--debug=10

3. Restart the firewalld service:

# systemctl restart firewalld.service

4. Check the firewalld log file:

# tail /var/log/firewalld
2021-11-30 14:03:12 DEBUG1: config.helper.9.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('sane')
2021-11-30 14:03:12 DEBUG1: config.helper.10.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('sip')
2021-11-30 14:03:12 DEBUG1: config.helper.11.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('snmp')
2021-11-30 14:03:12 DEBUG1: config.helper.12.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('tftp')
2021-11-30 14:03:12 DEBUG1: config.policy.0.GetAll('org.fedoraproject.FirewallD1.config.policy')
2021-11-30 14:03:12 DEBUG1: config.PolicyAdded('allow-host-ipv6')
2021-11-30 14:03:12 DEBUG1: config.GetAll('org.fedoraproject.FirewallD1.config')
2021-11-30 14:03:12 DEBUG1: zone.changeZoneOfInterface('', 'ens3')
2021-11-30 14:03:12 DEBUG1: Setting zone of interface 'ens3' to 'public'
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].execute(True)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].prepare(True, ...)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].pre()
2021-11-30 14:03:12 DEBUG3: [class 'firewall.core.nftables.nftables']: calling python-nftables with JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_IN_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_FWDO_public"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_POST_public"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_POST_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_FWDI_public"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_PRE_public"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_PRE_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "mangle_PRE_public"}}]}}}]}
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].post()
2021-11-30 14:03:12 DEBUG1: zone.ZoneOfInterfaceChanged('public', 'ens3')
2021-11-30 14:03:12 DEBUG1: zone.ZoneChanged('public', 'ens3')
2021-11-30 14:03:12 DEBUG1: zone.changeZoneOfInterface('', 'br0')
2021-11-30 14:03:12 DEBUG1: Setting zone of interface 'br0' to 'public'
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].execute(True)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].prepare(True, ...)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].pre()

Filed Under: CentOS/RHEL, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. “yum history” command examples to display, rollback, redo, undo yum transactions
  2. gcal: Displays calendar
  3. Understanding linux fdisk utility
  4. git fame: Pretty-print Git repository contributions
  5. CentOS / RHEL : How to change SNMP community string
  6. errno: Look up errno names and descriptions
  7. Setting up an NFS server with Turnkey Linux
  8. The /var/log/messages is empty, and so are the rotated log files such as messages.0, messages.1
  9. How to Setup VNC Server for New User in CentOS/RHEL 5
  10. gdebi Command Examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • glab Command Examples
  • “glab repo” Command Examples
  • “glab release” Command Examples
  • “glab pipeline” Command Examples

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright