How do I get a specific text in the firewall log for specified tcp
ports in zone public?
by Freek de Kruijf
Using firewalld version 1.0.1, using rsyslog to collect firewall log messages with standard definition for /var/log/filewall.
I have eth0 in zone public.
In zone internal I have a number of addresses, mainly local, as sources, a port, and a few services, to allow access to this port and the services from the sources.
In zone public I have a few ports to allow access to with o.a.: "firewall-cmd --add-port=8000/tcp --zone=public --permanent".
A number of port forwards of other ports to these ports with o.a.: "firewall-cmd --add-forward-port=port=5555:proto=tcp:toport=8000 --permanent".
And for all other ports a number of the following rich rules o.a.:
firewall-cmd --add-rich-rule='rule port port=5556-7546 protocol=tcp log prefix="SPECIFICTEXT " reject' --zone=public --permanent
where ports like 5556 and 7546 are port numbers which cover all other ports from 1 to 65535.
When I start tcpdump on eth0 and a specific port in the ones in the rich rules, and connect from an ip address not in the source in internal, I do see packets coming in. However I don't see any message coming in in the firewall log.
How do I get these messages in that log?
When I have the same rich rule in zone internal for a specific range of ports and I connect to such a port from a source in zone internal I do get a log entry in /var/log/firewall.
2 years, 4 months
tailscale VPN
by Jose Galvez
I am trying to bind tailscale to a "trusted" zone, however every time I change the zone for the tailscale0 interface I can no longer mange it via firewalld, if I leave it in the default public zone the rules I define there are good. I would really like to take tailscale out of the public zone because I want to keep my public zone pretty restricted. Any advise would be much appreciated
Jose
2 years, 5 months