• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1Turn on kernel logging of matching packets.  When this option is set
2for a rule, the Linux kernel will print some information on all
3matching packets (like most IP/IPv6 header fields) via the kernel log
4(where it can be read with
5.I dmesg
6or
7.IR syslogd (8)).
8This is a "non-terminating target", i.e. rule traversal continues at
9the next rule.  So if you want to LOG the packets you refuse, use two
10separate rules with the same matching criteria, first using target LOG
11then DROP (or REJECT).
12.TP
13\fB\-\-log\-level\fP \fIlevel\fP
14Level of logging, which can be (system-specific) numeric or a mnemonic.
15Possible values are (in decreasing order of priority): \fBemerg\fP,
16\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP
17or \fBdebug\fP.
18.TP
19\fB\-\-log\-prefix\fP \fIprefix\fP
20Prefix log messages with the specified prefix; up to 29 letters long,
21and useful for distinguishing messages in the logs.
22.TP
23\fB\-\-log\-tcp\-sequence\fP
24Log TCP sequence numbers. This is a security risk if the log is
25readable by users.
26.TP
27\fB\-\-log\-tcp\-options\fP
28Log options from the TCP packet header.
29.TP
30\fB\-\-log\-ip\-options\fP
31Log options from the IP/IPv6 packet header.
32.TP
33\fB\-\-log\-uid\fP
34Log the userid of the process which generated the packet.
35