Am Mittwoch, 11. März 2020, 19:29:02 CET schrieb Eric Garver:
On Wed, Mar 11, 2020 at 04:59:22PM +0100, Hans-Peter Jansen wrote:
> Hi,
>
> do you know a method to capture the packages before they are discarded?
No. The only thing like this is --set-log-denied, but that only does
basic logging.
Well, that doesn't help with many cases. Some of them, I'm facing right now.
Ideally we'd add a new target for rich rules, e.g. NFLOG. Then
you could
use a low precedence catch-all rich rule which would execute right
before the accept/drop for the zone.
e.g.
firewall-cmd --add-rich-rule='rule priority=32767 ... nflog prefix=..
group=..'
Unfortunately the "nflog" action doesn't exist yet.
Should be fairly
easy to add. If you'd like to see it added, then please file an issue on
github.
Here we go:
https://github.com/firewalld/firewalld/issues/587
If I understand you correctly, given a high enough priority, other use cases
like live monitoring and accounting could be realized this way as well.
Thanks,
Pete