'Re: How do I get a specific text in the firewall log for specified tcp ports in zone public?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalld-users
Subject:    Re: How do I get a specific text in the firewall log for specified tcp ports in zone public?
From:       Freek de Kruijf <f.de.kruijf () gmail ! com>
Date:       2021-12-12 14:50:51
Message-ID: 3008530.TBvQxneWjC () eiktum
[Download RAW message or body]

Op zaterdag 11 december 2021 11:45:22 CET schreef Andrew Moore:
> > I have the interface in the public zone and I have the source
> > 192.168.178.0/24 
 in the internal zone. My understanding is that all
> > packets coming in on the interface without a source address mentioned in
> > the internal zone enter the public zone. So these last packets should be
> > processed by the rules in that public zone, which apparently does not
> > happen, at least not the ones that finally get rejected.
> 
> 
> Hi,
> 
> I'm not a firewalld/nftables expert, but from your description, it seems
> that you want all TCP traffic addressed to a specified port range to be
> rejected and logged.  If so, then rather add your rich rule(s) to the
> public zone, how about adding them to the internal zone, whose rules are
> evaluated prior to public's (according to the article:
> https://www.linuxjournal.com/content/understanding-firewalld-multi-zone-con
> figurations)?

The problem of not appearing of these messages in the log was caused by a an 
issue in my router and not with the configuration of the firewall.

In the end I could skip the use of firewalld and use directly nftables.

I needed this for the honeypot software on https://github.com/DShield-ISC/
dshield/ to adapt it for the change to nftables instead of iptables, which is 
declared obsolete. 

-- 
fr.gr.

Freek de Kruijf


_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic