• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1Turn on kernel logging of matching packets.  When this option is set
2for a rule, the Linux kernel will print some information on all
3matching packets (like most IP/IPv6 header fields) via the kernel log
4(where it can be read with \fIdmesg(1)\fP or read in the syslog).
5.PP
6This is a "non-terminating target", i.e. rule traversal continues at
7the next rule.  So if you want to LOG the packets you refuse, use two
8separate rules with the same matching criteria, first using target LOG
9then DROP (or REJECT).
10.TP
11\fB\-\-log\-level\fP \fIlevel\fP
12Level of logging, which can be (system-specific) numeric or a mnemonic.
13Possible values are (in decreasing order of priority): \fBemerg\fP,
14\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP
15or \fBdebug\fP.
16.TP
17\fB\-\-log\-prefix\fP \fIprefix\fP
18Prefix log messages with the specified prefix; up to 29 letters long,
19and useful for distinguishing messages in the logs.
20.TP
21\fB\-\-log\-tcp\-sequence\fP
22Log TCP sequence numbers. This is a security risk if the log is
23readable by users.
24.TP
25\fB\-\-log\-tcp\-options\fP
26Log options from the TCP packet header.
27.TP
28\fB\-\-log\-ip\-options\fP
29Log options from the IP/IPv6 packet header.
30.TP
31\fB\-\-log\-uid\fP
32Log the userid of the process which generated the packet.
33