GNU/Linux >> Linux の 問題 >  >> Cent OS

CentOS/RHEL 8 で firewalld ロギングを構成する方法

質問 :CentOS/RHEL 8 の firewalld でログを有効にする方法は?

1. /etc/firewalld/firewalld.conf を編集します 「LogDenied」を変更します 」行を次へ:

# vi /etc/firewalld/firewalld.conf
LogDenied=all

2. /etc/sysconfig/firewalld を編集します 「FIREWALLD_ARGS」を追加または変更します 」行を次へ:

# vi /etc/sysconfig/firewalld
FIREWALLD_ARGS=--debug=10

3. firewalld サービスを再起動します:

# systemctl restart firewalld.service

4. firewalld ログ ファイルを確認します。

# tail /var/log/firewalld
2021-11-30 14:03:12 DEBUG1: config.helper.9.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('sane')
2021-11-30 14:03:12 DEBUG1: config.helper.10.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('sip')
2021-11-30 14:03:12 DEBUG1: config.helper.11.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('snmp')
2021-11-30 14:03:12 DEBUG1: config.helper.12.GetAll('org.fedoraproject.FirewallD1.config.helper')
2021-11-30 14:03:12 DEBUG1: config.HelperAdded('tftp')
2021-11-30 14:03:12 DEBUG1: config.policy.0.GetAll('org.fedoraproject.FirewallD1.config.policy')
2021-11-30 14:03:12 DEBUG1: config.PolicyAdded('allow-host-ipv6')
2021-11-30 14:03:12 DEBUG1: config.GetAll('org.fedoraproject.FirewallD1.config')
2021-11-30 14:03:12 DEBUG1: zone.changeZoneOfInterface('', 'ens3')
2021-11-30 14:03:12 DEBUG1: Setting zone of interface 'ens3' to 'public'
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].execute(True)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].prepare(True, ...)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].pre()
2021-11-30 14:03:12 DEBUG3: [class 'firewall.core.nftables.nftables']: calling python-nftables with JSON blob: {"nftables": [{"metainfo": {"json_schema_version": 1}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_IN_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_FWDO_public"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_POST_public"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_POST_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "filter_FWDI_public"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_PRE_public"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "nat_PRE_public"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "ens3"}}, {"goto": {"target": "mangle_PRE_public"}}]}}}]}
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].post()
2021-11-30 14:03:12 DEBUG1: zone.ZoneOfInterfaceChanged('public', 'ens3')
2021-11-30 14:03:12 DEBUG1: zone.ZoneChanged('public', 'ens3')
2021-11-30 14:03:12 DEBUG1: zone.changeZoneOfInterface('', 'br0')
2021-11-30 14:03:12 DEBUG1: Setting zone of interface 'br0' to 'public'
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].execute(True)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].prepare(True, ...)
2021-11-30 14:03:12 DEBUG4: [class 'firewall.core.fw_transaction.FirewallTransaction'].pre()


Cent OS

  1. CentOS / RHEL 7 :キャッシュのみのネームサーバーを構成する方法

  2. CentOS / RHEL 6,7 :hugepage の設定方法

  3. CentOS/RHEL/Fedora でプロキシを構成する方法

  1. RHEL 8 /CentOS8で仮想ネットワークインターフェイスを構成する方法

  2. RHEL 8 /CentOS8でファイアウォールを停止/開始する方法

  3. CentOS7でファイアウォールを構成する方法

  1. RHEL 8 /CentOS8にsambaをインストールして設定する方法

  2. CentOS 8 /RHEL8でRsyslogサーバーを構成する方法

  3. RHEL 8 /CentOS8で静的IPアドレスを構成する方法