Logging all packets in firewalld

Question

We're trying to configure firewalld to log all incoming packets. So far I've only managed to log only rejected packets with LogDenied=off that shows:

 FINAL_REJECT: IN=eth0 OUT= MAC=00:dd:3a:26:18:2d:dd:34:5f:78:9a:bc:ff:00 SRC=65.13.35.231 DST=10.0.1.5 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=31984 DF PROTO=TCP SPT=49886 DPT=3385 WINDOW=8192 RES=0x00 SYN URGP=0

But I need to log accepted packets as well. Is there any option to do that?

Did you consider traffic size to be logged? If not done carefully or for a limited time duration, this will cause you performance troubles. — Khaled, Mar 01 '17 at 13:41
Yes, the calls made to this specific system will be limited. — Pat, Mar 01 '17 at 13:45

score 3 · Accepted Answer · edited May 13 '18 at 13:01

3

You can tag any rule with a prefix to identify accepted rules:

firewall-cmd --add-rich-rule='rule family=ipv4 source address=10.20.0.0/16 port port=1234 protocol=tcp log prefix="MyTagHere " level=info accept'

edited May 13 '18 at 13:01

Thomas

4,225
5
23
28

answered May 12 '18 at 21:54

Troy

46
2

Thank you for your answer. We ended up going with Opnsense, but this should be relevant for others. :) – Pat May 15 '18 at 08:26

score 0 · Answer 2 · answered Apr 05 '17 at 14:55

0

This isn't supported on firewalld yet. Took the devs long enough to implement a command to log denied packets....

answered Apr 05 '17 at 14:55

Matt B

99
1
1
9

and what about now ? – Heyji Mar 29 '23 at 07:13

Logging all packets in firewalld

2 Answers2