On Sun, 20 Feb 2022 at 21:10, Sam Varshavchik <mrsam@xxxxxxxxxxxxxxx> wrote:
I have a rich firewalld rule with a "log" option:
# firewall-cmd --list-rich-rules
< ... >
rule family="ipv4" forward-port port="[port]" protocol="tcp" to-port="[port]" to-
addr="[ip addr]" log level="info" limit value="[log frequency]"
Actual numbers changed to protect the guilty.
I cannot find anything being logged, anywhere. According to
firewalld.richlanguage, this should get logged to syslog. The default
rsyslog.conf specifies all info-level messages going to /var/log/messages:
.info;mail.none;authpriv.none;cron.none /var/log/messages
Port forwarding is working, but even when I hit the port I see nothing get
logged.
Just on the lark, I also tried 'journalctl -f", and nothing shows up there,
either.
firewalld is using the netfilters backend.
After some head-banging, and copious searching:
# nft list table inet firewalld
I found this in the output:
chain nat_PRE_FedoraServer_allow {
meta nfproto ipv4 tcp dport [port] dnat ip to [host:port]
}
I see nothing here that suggests that anything is going to get logged.
So, I'm just guessing that firewall-cmd either does not implement the log
option, in the net-filter back-end, or the net-filter back-end simply does
not implement any kind of logging (which seems unlikely).
Anyone know anything more on this?
The author says he used logs to work out the details, but doesn't says how the logs were
obtained. There is lots of old stuff on netfilter logging:
Logging traffic - nftables wiki (from 2017) uses ulogd.
George N. White III
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure