Need help?

Our experts have had an average response time of 11.7 minutes in August 2021 to fix urgent issues.

We will keep your servers stable, secure, and fast at all times for one fixed price.

Enable FirewallD logging for denied packets on Linux – How we do it

by | Feb 22, 2021

Wondering how to enable FirewallD logging for denied packets on Linux? We can help you with it.

Here at Bobcares, we have seen several such FirewallD related queries as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at how to enable FirewallD logging for denied packets on Linux.

 

How to enable FirewallD logging for denied packets on Linux

Now let’s take a look at how our Support Engineers enable the FirewallD logging.

In the /etc/firewalld/firewalld.conf file, we can set LogDenied options. Another option is to use the firewall-cmd command. After enabling it, the Linux system will log all the packets that are rejected or dropped by FirewallD. There are multiple methods to enable FirewallD logging. They are:

1. firewalld.conf method
2. firewall-cmd method
3. firewall-config method

 

1. Configuring logging for denied packets {firewalld.conf method}

First, we edit the /etc/firewalld/firewalld.conf.

sudo vi /etc/firewalld/firewalld.conf

In this file, we find the below code.

LogDenied=off

Then we replace it with below:

LogDenied=all

After that, we save and close the file. Then we restart the FirewallD service by running the below command.

sudo systemctl restart firewalld.service

The LogDenied option is turned off by default. The LogDenied option turns on logging rules right before reject and drop rules in the INPUT, FORWARD, and OUTPUT chains for the default rules and also final reject and drop rules in zones. The possible values are all, unicast, broadcast, multicast, and off.

For shell scripts we can use the combination of the grep command and sed command as below:

grep '^LogDenied' /etc/firewalld/firewalld.conf
grep -q -i '^LogDenied=off' /etc/firewalld/firewalld.conf && echo "Change it" || echo "No need to change"
grep -q -i '^LogDenied=off' /etc/firewalld/firewalld.conf | sed -i'Backup' 's/LogDenied=off/LogDenied=all/' /etc/firewalld/firewalld.conf

 

2. Firewalld enable logging {firewall-cmd method} on Linux

First, we find and list the actual LogDenied settings

sudo firewall-cmd --get-log-denied

Next, we change the actual LogDenied settings

sudo firewall-cmd --set-log-denied=all

After that, we verify it by running the below command.

sudo firewall-cmd --get-log-denied

 

3. Enable FirewallD log using a GUI configuration tool {firewall-config method}

Fedora or CentOS or OpenSUSE desktop users can try the GUI method.

First, we open the terminal window and then open the FirewallD GUI configuration tool. In other words, start firewall-config as follows:

firewall-config

Now, we find and click the “Options” menu and select the “Change Log Denied” option. Here, we choose the new LogDenied setting from the menu and click OK.

 

How to view denied packets?

In order to view the denied packets, we run the below command.

journalctl -x -e

Or else, we use the combination of dmesg and grep as follows:

dmesg
dmesg | grep -i REJECT

 

How to log all dropped packets to /var/log/firewalld-droppd.log file

First, we create a new config file called /etc/rsyslog.d/firewalld-droppd.conf on the CentOS/RHEL v7/8 server.

$ sudo vim /etc/rsyslog.d/firewalld-droppd.conf

Then we append the following configuration

:msg,contains,"_DROP" /var/log/firewalld-droppd.log
:msg,contains,"_REJECT" /var/log/firewalld-droppd.log
& stop
$ sudo systemctl restart rsyslog.service

Finally, we can watch the log using the cat command/grep command/egrep command or tail command:

$ sudo tail -f /var/log/firewalld-droppd.log

[Need any further assistance with FirewallD related queries? – We are here to help you.]

 

Conclusion

It is an important task to keep an eye on the rejected and dropped packets using FirewallD for Linux system administrators. In today’s writeup, we saw how our Support Engineers enable FirewallD logging for denied packets on Linux.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF