I have configured firewalld so that the firewall will blockes also outgoing connections. The outgoing traffic I need I have white listed by adding specific rules. This works fine.
But now I want to know, if there are outgoing connections which are currently still blocked by firewalld. To check this I have set LogDenied to all and restart/reload firewalld. Now I can see many firewalld message in /var/log/messages for REJECTed incomming messages like
Mar 5 19:45:29 kvm011 kernel: FINAL_REJECT: IN=br0-enp3s0 OUT= MAC=80:ee:73:9d:59:09:98:9b:cb:bf:c3:7e:08:00 SRC=192.168.1.254 DST=192.168.1.3 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55873 DF PROTO=TCP SPT=41047 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
But it seems, that blocked outgoing traffic will be not logged. I have test it: The SMTP port 25 is not white listed for outgoing traffic. So if I try to send an email, the email is marked as ''deferred'' and I see in maillog that the email cannot send:
Mar 5 19:46:21 kvm011 postfix/smtp[3240]: connect to xxx.xxx.org[193.111.xxx.xxx]:25: Connection timed out
But there is no firewalld message in the /var/log/messages file (for the blocked connection on port 25). Must I activate these kind of messages in firewalld? If so, how can I do that?
Best Answer
Found it! I must add explicit a rule to enable logging for outgoing blocked connections:
After reload or restart firewalld I get my expected logs like: