Can firewalld NOT log INVALID-state drops when configured with --set-log-denied?

Solution In Progress - Updated -

Issue

  • Can firewalld NOT log INVALID-state drops when configured with --set-log-denied?
  • firewalld with --set-log-denied=unicast also logs packets which are in conntrack INVALID state, which makes additional unwanted logs. Can this be changed?

Environment

  • Red Hat Enterprise Linux 8.3
  • firewalld-0.8.2-2.el8.noarch with nft (nftables) backend
  • Firewall option --set-log-denied set to one of the settings not off

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In