Basildon Coder
  • Home
  • Categories
  • Tags
  • Archives

Logging Connections With firewalld

I was recently trying to diagnose a production connectivity issue on a CentOS 7 box and found it a bit non-obvious how to get the firewall to log connection attempts. It is in fact documented in section 4.5.15.4.3 (how about that for a document subsection?!) but for ease of reference I'm putting it here.

Basically, add a rich rule that includes log level details. For example, to open port 10000 for IP address 198.51.100.0, use the following:

$ sudo firewall-cmd --zone=public --add-rich-rule="rule family="ipv4" source address="198.51.100.0/32" port protocol="tcp" port="10000" log prefix="test-firewalld-log" level="info" accept"

Connection attempts from that IP address will then be logged in /var/log/messages:

$ sudo tail -f /var/log/messages |grep test-firewalld-log

  • « PostgreSQL, JDBC, and Client Certificates
  • Yesterday I Was Crap »

Published

Apr 9, 2015

Category

sysadmin

Tags

  • centos 1
  • firewalld 1

Contact

  • Powered by Pelican. Theme: Elegant by Talha Mansoor