GUFW log - What should I expect to see in there?

Terminal Velocity

Well-Known Member
Joined
Oct 13, 2021
Messages
716
Reaction score
521
Credits
5,083
For example if attempted an incoming connection and the firewall deny it would I see that in the log?
Screenshot from 2024-07-25 22-30-45.png
 


For example if attempted an incoming connection and the firewall deny it would I see that in the log?
Assuming logging is working as expected you should see dropped inbound packets only for LAN but not for WAN because WAN is filtered by your router and will never reach software firewall unless you poke a hole in the router or bring down router firewall completely (not all routers allow it).

From what I googled ufw is using existing logging facility, ex. rsyslog, but I don't know which log daemon exactly it might use, that is whether it might reuse other facilities, most likely not.

Look into /etc/rsyslog.d/ to see if ufw config is there, I assume rsyslogd was installed as requirement for ufw and is configured.

Another scenario for inbound traffic that will always go in, is traffic initiated by your computer (solicited traffic), this is never blocked by the router ofc, the point is, if you're concerned with what goes in but is potentially not under your control like solicited but not by you explicitly then blocking and logging outbound traffic is solution, which is where ufw will catch it before the router.
 

Members online


Top