-
if you have an extensive list of untrustworthy IP addresses in your firewalld config, is there an easy way to tell that your rules are actually working? As I see it, logging is OFF or you get everything and then you have to filter through possibly hundreds of thousand of logged events per day. A nice and easy way to prove that the rules that I put into the firewall actually work would be beneficial to me and many others I am sure. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Rich rules also support logging. You can log and reject in the same rich rule. e.g.
You can also limit the log. e.g. only 5 logs per day
|
Beta Was this translation helpful? Give feedback.
Thanks for that. This facility does not seem to be widely known.
I will give it a try and if it is ok, then I'll add it into my automation of the firewall rules.