Cannot see logs of allowed traffic

Support for security such as Firewalls and securing linux
Post Reply
eitancaspi
Posts: 13
Joined: 2020/02/25 20:11:45

Cannot see logs of allowed traffic

Post by eitancaspi » 2020/05/14 13:21:38

Hi,

I use firewalld 0.6.3 on CentOS 7.

I have one active zone, public, which its target is DROP and its config is:
target: DROP
icmp-block-inversion: no
interfaces: eth0
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:

There are few rich rules of only allowing traffic, all end with " log level="info" accept ", and all working fine and transferring traffic as expected.
The log level for denied traffic is "off".

My issue is that in /var/log/messages - I see traffic only of one rule... the other rules are triggered, manually and periodically, like email sending and receiving - but these activities are not shown in the log...

I tried to enable full "denied" log but it didn't help.
I tried to do a complete reload of firewalld but it didn't help.
A server reboot didn't help.

Any ideas guys?

Post Reply

Return to “CentOS 7 - Security Support”