Using firewalld version 1.0.1, using rsyslog to collect firewall log messages with standard definition for /var/log/filewall.
I have eth0 in zone public.
In zone internal I have a number of addresses, mainly local, as sources, a port, and a few services, to allow access to this port and the services from the sources.
In zone public I have a few ports to allow access to with o.a.: "firewall-cmd --add-port=8000/tcp --zone=public --permanent".
A number of port forwards of other ports to these ports with o.a.: "firewall-cmd --add-forward-port=port=5555:proto=tcp:toport=8000 --permanent".
And for all other ports a number of the following rich rules o.a.:
firewall-cmd --add-rich-rule='rule port port=5556-7546 protocol=tcp log prefix="SPECIFICTEXT " reject' --zone=public --permanent
where ports like 5556 and 7546 are port numbers which cover all other ports from 1 to 65535.
When I start tcpdump on eth0 and a specific port in the ones in the rich rules, and connect from an ip address not in the source in internal, I do see packets coming in. However I don't see any message coming in in the firewall log.
How do I get these messages in that log?
When I have the same rich rule in zone internal for a specific range of ports and I connect to such a port from a source in zone internal I do get a log entry in /var/log/firewall.
I am trying to bind tailscale to a "trusted" zone, however every time I change the zone for the tailscale0 interface I can no longer mange it via firewalld, if I leave it in the default public zone the rules I define there are good. I would really like to take tailscale out of the public zone because I want to keep my public zone pretty restricted. Any advise would be much appreciated