Firewalld is a firewall management tool for Linux systems that uses dynamic firewall rules. To enable logging for denied packets in Firewalld, you will need to make some changes to the Firewalld configuration.
First, you need to set the log level to “debug” or “info”. You can do this by running the following command:
sudo firewall-cmd --set-log-level=debug
Then, you need to configure the firewall to log denied packets. You can do this by running the following command:
sudo firewall-cmd --add-rich-rule='rule family="ipv4" log prefix="FIREWALL: " level="info" accept'
This will create a rich rule that will log all the denied packets with the prefix “FIREWALL: ” and level info.
You can also add the rule to the specific zone, for example, if you want to add the rule to the public zone use the following command:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" log prefix="FIREWALL: " level="info" accept'
You should now see Firewalld logging denied packets in your system logs. You can check the logs by running the following command:
sudo journalctl -fu firewalld
Note that, if you make any changes to the firewalld configuration, you’ll need to run the --reload option to apply the changes.
sudo firewall-cmd --reload
It’s important to note that enabling logging for denied packets can generate a large amount of log data, so you should be sure to monitor your log files and rotate them as needed to avoid filling up your storage.