Track Blocked network packets CentOS

On CentOS you can can enable the logs on iptables like this:

cat /etc/sysconfig/firewalld
# firewalld command line args
# possible values: –debug
FIREWALLD_ARGS= –debug
[root@localhost log]#

Service Restart
service firewalld restart

After that check /var/log/firewalld. You will see something like this when you apply a new RULE

2018-09-26 20:02:50 DEBUG1: getDefaultZone()
2018-09-26 20:02:50 DEBUG1: zone.getActiveZones()
2018-09-26 20:02:50 DEBUG1: zone.addRichRule(”, ‘rule family=”ipv4″ source address=”192.168.20.55″ reject log prefix=”——Mario-PC” level=”alert”‘)
2018-09-26 20:02:50 DEBUG1: zone.RichRuleAdded(‘FedoraWorkstation’, ‘rule family=”ipv4″ source address=”192.168.20.55″ reject log prefix=”——Mario-PC” level=”alert”‘, 0)

Add an alert on the rules
firewall-cmd –add-rich-rule=’rule family=”ipv4″ source address=”192.168.20.55″ reject log prefix=”——Mario-PC——” level=”alert”‘

Now there are different types of LEVEL but alert is GOOD because you will see them on RED at the kernel log. OK so where you SEE the BLOCKED connections. JUST execute

dmesg

As root you will see a result as the one on the screenshot where you can see in red the alert. Now regarding if the logic of the rules are OK at networking level i wont make opinion on that since you are more familiar on what is required. BTW if you are wondering OK but this can saved into a FILE this record generated by dmesg. Quick answer YES a simple:

dmesg > BLOCKED.txt

Will do the trick. Hope this helps you.

Leave a Comment