Firewalld - debug / diagnostic

Firewalld Logging

Set the debug level for firewalld to level. The range of the debug level is 1 (lowest level) to 10 (highest level). The debug output will be written to the firewalld log file /var/log/firewalld.

Kernel Logging

You can turn on some limited firewall packet logging via firewalld’s Log Denied setting.

firewall-cmd --runtime-to-permanent
firewall-cmd --set-log-denied=all

This setting will write a kernel packet-filter log entry to the kernel message facility for every packet that is blocked because the packet failed to match any rule.

You can view these messages via:

  • the dmesg command
  • with journalctl, the command journalctl -k command
  • with rsyslogd, a tail of the following files: /var/log/kern.log or /var/log/messages.

Share this page:
Follow us:
Task Runner