A developer wants to log all denied firewall rule events for security auditing purposes. What is the simplest way to achieve this without modifying existing firewall rules?
This catches all implicit denies and logs them.
Why this answer
Firewall rules logging can be enabled per rule. However, if you want to log all denied traffic without modifying existing rules, you can create a high-priority deny-all rule (e.g., priority 65535) with logging enabled. This will log any traffic not explicitly allowed.