Re: Did firewall logging got broken with netfilter?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 20 Feb 2022 at 21:10, Sam Varshavchik <mrsam@xxxxxxxxxxxxxxx> wrote:
I have a rich firewalld rule with a "log" option:

# firewall-cmd --list-rich-rules

< ... >

rule family="ipv4" forward-port port="[port]" protocol="tcp" to-port="[port]" to-
addr="[ip addr]" log level="info" limit value="[log frequency]"

Actual numbers changed to protect the guilty.

I cannot find anything being logged, anywhere. According to 
firewalld.richlanguage, this should get logged to syslog. The default 
rsyslog.conf specifies all info-level messages going to /var/log/messages:

.info;mail.none;authpriv.none;cron.none                /var/log/messages

Port forwarding is working, but even when I hit the port I see nothing get 
logged.

Just on the lark, I also tried 'journalctl -f", and nothing shows up there, 
either.

firewalld is using the netfilters backend.

After some head-banging, and copious searching:

# nft list table inet firewalld

I found this in the output:

        chain nat_PRE_FedoraServer_allow {
                meta nfproto ipv4 tcp dport [port] dnat ip to [host:port]  
        }

I see nothing here that suggests that anything is going to get logged.

So, I'm just guessing that firewall-cmd either does not implement the log 
option, in the net-filter back-end, or the net-filter back-end simply does 
not implement any kind of logging (which seems unlikely).

Anyone know anything more on this?


The author says he used logs to work out the details, but doesn't says how the logs were
obtained.   There is lots of old stuff on netfilter logging:

Logging traffic - nftables wiki (from 2017) uses ulogd.


--
George N. White III

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux