About

This page is about the log information of firewalld

log-denied: logging rules

Add logging rules right before reject and drop rules in the INPUT, FORWARD, and OUTPUT chains for the default rules and also final reject and drop rules in zones.

firewall-cmd --get-log-denied

off

firewall-cmd --set-log-denied=<value>

• value may be one of: all, unicast, broadcast, multicast, or off

log file

/var/log/firewalld

log for rule

A rich rule can write into the log via the following rule format

<log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]/> [<limit value="rate/duration"/>] </log> |
<nflog [prefix="prefixtext"] [group="group id"] [queue-size="threshold"]/> [<limit value="rate/duration"/>] </nflog>