1This target marks packets so that the kernel will log every rule which match 2the packets as those traverse the tables, chains, rules. It can only be used in 3the 4.BR raw 5table. 6.PP 7With iptables-legacy, a logging backend, such as ip(6)t_LOG or nfnetlink_log, 8must be loaded for this to be visible. 9The packets are logged with the string prefix: 10"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for 11plain rule, "return" for implicit rule at the end of a user defined chain 12and "policy" for the policy of the built in chains. 13.PP 14With iptables-nft, the target is translated into nftables' 15.B "meta nftrace" 16expression. Hence the kernel sends trace events via netlink to userspace where 17they may be displayed using 18.B "xtables-monitor --trace" 19command. For details, refer to 20.BR xtables-monitor (8). 21