Track Blocked network packets CentOS

On CentOS you can can enable the logs on iptables like this:

cat /etc/sysconfig/firewalld
# firewalld command line args
# possible values: –debug
[root@localhost log]#

Service Restart
service firewalld restart

After that check /var/log/firewalld. You will see something like this when you apply a new RULE

2018-09-26 20:02:50 DEBUG1: getDefaultZone()
2018-09-26 20:02:50 DEBUG1: zone.getActiveZones()
2018-09-26 20:02:50 DEBUG1: zone.addRichRule(», ‘rule family=»ipv4″ source address=»″ reject log prefix=»——Mario-PC» level=»alert»‘)
2018-09-26 20:02:50 DEBUG1: zone.RichRuleAdded(‘FedoraWorkstation’, ‘rule family=»ipv4″ source address=»″ reject log prefix=»——Mario-PC» level=»alert»‘, 0)

Add an alert on the rules
firewall-cmd –add-rich-rule=’rule family=»ipv4″ source address=»″ reject log prefix=»——Mario-PC——» level=»alert»‘

Now there are different types of LEVEL but alert is GOOD because you will see them on RED at the kernel log. OK so where you SEE the BLOCKED connections. JUST execute


As root you will see a result as the one on the screenshot where you can see in red the alert. Now regarding if the logic of the rules are OK at networking level i wont make opinion on that since you are more familiar on what is required. BTW if you are wondering OK but this can saved into a FILE this record generated by dmesg. Quick answer YES a simple:

dmesg > BLOCKED.txt

Will do the trick. Hope this helps you.


Por rers

Rafael es TSU en Informática / Ing de Sistemas / Autor de El Gran libro de Debian GNU/Linux en 2015 fundo EnjoySistemas y actualmente se desempeña como Consultor Freelance.

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *