This page is about the log information of firewalld
Add logging rules right before reject and drop rules in the INPUT, FORWARD, and OUTPUT chains for the default rules and also final reject and drop rules in zones.
firewall-cmd --get-log-denied
off
firewall-cmd --set-log-denied=<value>
/var/log/firewalld
A rich rule can write into the log via the following rule format
<log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]/> [<limit value="rate/duration"/>] </log> |
<nflog [prefix="prefixtext"] [group="group id"] [queue-size="threshold"]/> [<limit value="rate/duration"/>] </nflog>