Red Hat Bugzilla – Bug 151647
RFE: add log target
Last modified: 2013-11-06 14:36:54 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050302 Firefox/1.0.1 Fedora/1.0.1-1.3.2
Description of problem:
IMHO we would really help users if we had a LOG target just before our DROP.
At the moment, using s-c-securitylevel will not tell the user why something fails.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. configure a firewall with s-c-securitylevel
2. enable it
3. try do access via a method that is not allowed by the just configured iptables
Actual Results: user has no clue why it fails
Expected Results: there should be entries in /var/log/messages (or even better in a separate log file, do not forget to add said logfile to logrotate if added)
to avoid spamming of the logs we should set a limit, say 10/minute, optimally the user would get a drop down list where she/he can select one of
There will be a new firewall configuration tool for fedora, soon. This feature
is on the todo list.
Assigning to system-config-firewall.
Ah yes, soon. I suppose this may be in place now for Fedora, but it would be nice for RHEL6 too. I suppose bug 494832 might be about that, but that is private.
Closing because there will not be big changes to system-config-firewall anymore.