在我的新CentOS7盒子上我尝试使用'new'firewalld,但是我无法记录掉连接尝试。 有人知道这个诀窍吗?如何使用firewalld记录拒绝连接到特定端口?
我想:
firewall-cmd --zone=public --remove-service=ssh
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="10.1.2.0/24" port port="22" protocol="tcp" log prefix="SSH-ALLOW_" accept'
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="10.3.4.0/24" port port="22" protocol="tcp" log prefix="SSH-ALLOW_" accept'
[here comes a VERY VERY long list of similar entries]
而现在的问题是:如何指定从不被允许IP的连接尝试日志条目? 类似非工作的东西:
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="NOT-ONE-OF-THE-ABOVE" port port="22" protocol="tcp" log prefix="SSH-DENY_" drop'
任何想法?