Bug 151647

Summary: RFE: add log target
Product: [Fedora] Fedora Reporter: Patrick C. F. Ernzer <pcfe>
Component: system-config-firewallAssignee: Thomas Woerner <twoerner>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: orion
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-06 19:36:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 177950, 494832    

Description Patrick C. F. Ernzer 2005-03-21 12:58:36 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050302 Firefox/1.0.1 Fedora/1.0.1-1.3.2

Description of problem:
IMHO we would really help users if we had a LOG target just before our DROP.

At the moment, using s-c-securitylevel will not tell the user why something fails.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. configure a firewall with s-c-securitylevel
2. enable it
3. try do access via a method that is not allowed by the just configured iptables
  

Actual Results:  user has no clue why it fails

Expected Results:  there should be entries in /var/log/messages (or even better in a separate log file, do not forget to add said logfile to logrotate if added)

Additional info:

to avoid spamming of the logs we should set a limit, say 10/minute, optimally the user would get a drop down list where she/he can select one of
  1/minute
  5/minute
  10/minute
  60/minute
  unlimited
Comment 1 Thomas Woerner 2007-07-23 12:22:03 UTC 
There will be a new firewall configuration tool for fedora, soon. This feature
is on the todo list.
Comment 2 Thomas Woerner 2007-11-06 13:21:40 UTC 
Assigning to system-config-firewall.
Comment 3 Orion Poplawski 2012-10-19 20:56:47 UTC 
Ah yes, soon.  I suppose this may be in place now for Fedora, but it would be nice for RHEL6 too.  I suppose bug 494832 might be about that, but that is private.
Comment 4 Thomas Woerner 2013-11-06 19:36:54 UTC 
Closing because there will not be big changes to system-config-firewall anymore.