Hi
I just recently converted my iptables rules to firewalld. Most of it was
straightforward. However I had trouble with trying to log my rejected
packets.
My old /etc/sysconfig/iptables INPUT chain ended with
-A INPUT -m limit --limit 6/hour --limit-burst 10 -j LOG
-A INPUT -j REJECT --reject-with icmp-host-prohibited
Is there a simple way to do this with firewalld?
If not could it be implemented. I find that logging rejected packets can
sometimes help find trouble with the firewall setup.
I was able to find a work around with some direct passthrough entries,
but it is fragile (depends on the current firewalld entries creation
order and naming structure).
Thanks
Christian