一,打开调试选项
1,官方文档地址:
https://firewalld.org/documentation/howto/debug-firewalld.html2, 编辑配置文件:
[root@blog ~]# vi /etc/sysconfig/firewalld把FIREWALLD_ARGS=--debug=10 这一行取消注释就可以
[root@blog ~]# more /etc/sysconfig/firewalld
# firewalld command line args
# possible values: --debug
FIREWALLD_ARGS=--debug=10
#FIREWALLD_ARGS=说明:注释级别:如图:
二,查看日志中的调试信息
日志文件位于 /var/log/firewalld
查看文件:
[root@blog ~]# tail -100 /var/log/firewalld内容例子:
2024-08-29 11:24:16 DEBUG2: config.Introspect()
2024-08-29 11:24:16 DEBUG2: config.Introspect()
2024-08-29 11:24:16 DEBUG2: config.Introspect()
2024-08-29 11:24:16 DEBUG1: zone.removeRichRule('drop', 'rule family="ipv4" source ipset="nginxcc" drop')
2024-08-29 11:24:16 DEBUG4: <class 'firewall.core.fw_transaction.FirewallZoneTransaction'>.execute(True)
2024-08-29 11:24:16 DEBUG4: <class 'firewall.core.fw_transaction.FirewallZoneTransaction'>.prepare(True, ...)
2024-08-29 11:24:16 DEBUG4: <class 'firewall.core.fw_transaction.FirewallZoneTransaction'>.prepare(True, ...)
2024-08-29 11:24:16 DEBUG4: <class 'firewall.core.fw_transaction.FirewallZoneTransaction'>.pre()
2024-08-29 11:24:16 DEBUG2: <class 'firewall.core.nftables.nftables'>: rule ref cnt 0, /usr/sbin/nft
delete rule inet firewalld filter_IN_drop_deny meta nfproto ipv4 ip saddr @nginxcc drop
2024-08-29 11:24:16 DEBUG2: <class 'firewall.core.nftables.nftables'>: /usr/sbin/nft delete rule inet firewalld
filter_IN_drop_deny handle 530
2024-08-29 11:24:16 DEBUG4: <class 'firewall.core.fw_transaction.FirewallZoneTransaction'>.post()
2024-08-29 11:24:16 DEBUG1: zone.RichRuleRemoved('drop', 'rule family="ipv4" source ipset="nginxcc" drop')说明:可以看到调试信息把nft对规则的操作记录了下来
标签:24,11,16,08,打印,firewalld,29,2024,调试信息 From: https://www.cnblogs.com/architectforest/p/18386344