• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Configure firewalld Logging in CentOS/RHEL 8

by admin

Question: How to enable logging in firewalld for CentOS/RHEL 8?

1. Edit the /etc/firewalld/firewalld.conf and change the “LogDenied” line to the following:

# vi /etc/firewalld/firewalld.conf
LogDenied=all

2. Edit the /etc/sysconfig/firewalld and add or change the “FIREWALLD_ARGS” line to the following:

# vi /etc/sysconfig/firewalld
FIREWALLD_ARGS=--debug=10

3. Restart the firewalld service:

# systemctl restart firewalld.service

4. Check the firewalld log file:

# tail /var/log/firewalld
2021-11-30 14:03:12 DEBUG1: config.helper.9.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('sane')
2021-11-30 14:03:12 DEBUG1: config.helper.10.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('sip')
2021-11-30 14:03:12 DEBUG1: config.helper.11.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('snmp')
2021-11-30 14:03:12 DEBUG1: config.helper.12.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('tftp')
2021-11-30 14:03:12 DEBUG1: config.policy.0.GetAll('org.fedoraproject.FirewallD1.config.policy')
2021-11-30 14:03:12 DEBUG1: config.PolicyAdded('allow-host-ipv6')
2021-11-30 14:03:12 DEBUG1: config.GetAll('org.fedoraproject.FirewallD1.config')
2021-11-30 14:03:12 DEBUG1: zone.changeZoneOfInterface('', 'ens3')
2021-11-30 14:03:12 DEBUG1: Setting zone of interface 'ens3' to 'public'
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].execute(True)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].prepare(True, ...)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].pre()
2021-11-30 14:03:12 DEBUG3: [class 'firewall.core.nftables.nftables']: calling python-nftables with JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_IN_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_FWDO_public"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_POST_public"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_POST_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_FWDI_public"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_PRE_public"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_PRE_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "mangle_PRE_public"}}]}}}]}
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].post()
2021-11-30 14:03:12 DEBUG1: zone.ZoneOfInterfaceChanged('public', 'ens3')
2021-11-30 14:03:12 DEBUG1: zone.ZoneChanged('public', 'ens3')
2021-11-30 14:03:12 DEBUG1: zone.changeZoneOfInterface('', 'br0')
2021-11-30 14:03:12 DEBUG1: Setting zone of interface 'br0' to 'public'
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].execute(True)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].prepare(True, ...)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].pre()

Filed Under: CentOS/RHEL, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. ioping: command not found
  2. a2dismod Command Examples in Linux
  3. top Command Examples in Linux
  4. How to Disable Docker Process and docker0 Interface on CentOS/RHEL
  5. sudo Command Examples in Linux
  6. a2enconf Command Examples in Linux
  7. adig Command Examples in Linux
  8. xclip Command Examples in Linux
  9. How to burn an ISO to CD or DVD using Wodim
  10. module: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • raw: command not found
  • raw Command Examples in Linux
  • rankmirrors Command Examples in Linux
  • radeontop: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright