• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Log dropped packets using firewalld in CentOS/RHEL 7

by admin

Method 1: Using –set-log-denied

You can use the firewalld option “–set-log-denied” to create log entries whenever packets are dropped.

1. First of all, check if the option is already enabled at firewalld.

# firewall-cmd --get-log-denied
off

As you can see the option is currently disabled.

2. To enable the logging.

# firewall-cmd --set-log-denied=[value]

Here, the value can be any of the below:

  • all
  • unicast
  • broadcast
  • multicast
  • off

3. You can verify if the logging is enabled using the same command again.

# firewall-cmd --get-log-denied
all

Method 2: Using /etc/firewalld/firewalld.conf

1. In the firewalld configuration file, configure firewalld to log dropped packets.

# vim /etc/firewalld/firewalld.conf 
# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=all

the value may be one of: all, unicast, broadcast, multicast, or off (in our case we have set it as all).

Note: You can also use the firewalld GUI tool to enable the logging. Start firewall-config, click the Options menu and select Change Log Denied.

Change location of logfile for logging dropped packets using firewalld

Now, by default the dropped packets are logged into the file /var/log/messages. In order to to change the logging location, we need to configure rsyslog to capture the dropped packets messages.

1. Create /etc/rsyslog.d/firewalld.conf with the following:

# log DROP and REJECT firewalld messages to /var/log/firewalld.log
:msg,contains,"_DROP" /var/log/firewalld.log
& stop
:msg,contains,"_REJECT" /var/log/firewalld.log
& stop

The file /var/log/firewalld.log can be replaced by any of the file of your choice.

2. Restart the rsyslog service for the changes to take effect.

# systemctl restart rsyslog.service

Filed Under: CentOS/RHEL, CentOS/RHEL 7, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. How to Compress and Decompress .bz2 files in Linux Using bzip2 Command
  2. virsh: command not found
  3. How to install rsyslog7 when rsyslog5 is already installed in CentOS/RHEL
  4. ifrename Command Examples in Linux
  5. Unable To Join Linux Samba Server To Windows Active Directory Domain
  6. dm-tool Command Examples in Linux
  7. “ntpq -pn” command returns with error “Name or service not known”
  8. How to install and configure “setroubleshootd” on CentOS/RHEL
  9. How to transfer files securely using sftp (examples included)
  10. How to disable or enable an HBA without reboot under CentOS/RHEL

You May Also Like

Primary Sidebar

Recent Posts

  • nixos-rebuild Command Examples in Linux
  • nixos-option: Command Examples in Linux
  • nixos-container : Command Examples in Linux
  • nitrogen Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright