I am using Firewalld and the drop zone is the default zone with an interface assigned to the zone.
I then have rich rules to allow some traffic through the drop zone and I have enabled firewall-cmd --set-log-denied=all
. I would of thought that this would log anything that attempts to connect to the server that doesn't come from the white-listed rich rule... but it won't log. I ran port scans against the server and the /var/log/messages doesn't show any of the denied ports logs.
However when I set the default zone to public and assign the interface to public, it does log denied packets when I run another port scan.
Why?