I have a rich firewalld rule with a "log" option: # firewall-cmd --list-rich-rules < ... >rule family="ipv4" forward-port port="[port]" protocol="tcp" to-port="[port]" to- addr="[ip addr]" log level="info" limit value="[log frequency]"
Actual numbers changed to protect the guilty.I cannot find anything being logged, anywhere. According to firewalld.richlanguage, this should get logged to syslog. The default rsyslog.conf specifies all info-level messages going to /var/log/messages:
.info;mail.none;authpriv.none;cron.none /var/log/messagesPort forwarding is working, but even when I hit the port I see nothing get logged.
Just on the lark, I also tried 'journalctl -f", and nothing shows up there, either.
firewalld is using the netfilters backend.
After some head-banging, and copious searching:
# nft list table inet firewalld
I found this in the output:
chain nat_PRE_FedoraServer_allow {
meta nfproto ipv4 tcp dport [port] dnat ip to [host:port]
}
I see nothing here that suggests that anything is going to get logged.
So, I'm just guessing that firewall-cmd either does not implement the log
option, in the net-filter back-end, or the net-filter back-end simply does
not implement any kind of logging (which seems unlikely).
Anyone know anything more on this?
Attachment:
pgpqROPtNInrT.pgp
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
