@JS's Notes

Site with notes from my work.

How to enable firewalld logging for denied packets

2020-03-15 System @JS

Requirements: user with root privileges or non-root user with sudo privileges.

Method 1

1. Edit the /etc/firewalld/firewalld.conf.

2. Find LogDenied=off.

3. Replace LogDenied=all.

4. Restart the firewalld service.

Method 2
# change the default settings
$ sudo firewall-cmd --set-log-denied=all
# verify it
$ sudo firewall-cmd --get-log-denied

Use the grep or journalctl command to display rejected packages:

$ journalctl -x -e
$ dmesg | grep -i REJECT

Sample outputs:

[21770.379848] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:fc:00:15:5d:01:a5:03:08:00 SRC=192.168.1.131 DST=224.0.0.252 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=20097 PROTO=2
[21785.248017] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:64:66:b3:4d:4d:b5:08:00 SRC=192.168.1.254 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=20358 PROTO=2
[21791.209865] FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:fc:90:2b:34:ae:29:57:08:00 SRC=192.168.1.165 DST=224.0.0.252 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=14765 PROTO=2
CentOS Fedora RHEL
© 2019 - 2020 Created by @JS
Powered by Hugo