About
This page is about the log information of firewalld
log-denied: logging rules
Add logging rules right before reject and drop rules in the INPUT, FORWARD, and OUTPUT chains for the default rules and also final reject and drop rules in zones.
firewall-cmd --get-log-denied
off
firewall-cmd --set-log-denied=<value>
- value may be one of: all, unicast, broadcast, multicast, or off
log file
/var/log/firewalld
log for rule
A rich rule can write into the log via the following rule format
<log [prefix="prefixtext"] [level="emerg|alert|crit|err|warn|notice|info|debug"]/> [<limit value="rate/duration"/>] </log> |
<nflog [prefix="prefixtext"] [group="group id"] [queue-size="threshold"]/> [<limit value="rate/duration"/>] </nflog>