| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | Turn on kernel logging of matching packets. When this option is set |
| 2 | for a rule, the Linux kernel will print some information on all |
| 3 | matching packets (like most IPv6 IPv6-header fields) via the kernel log |
| 4 | (where it can be read with |
| 5 | .I dmesg |
| 6 | or |
| 7 | .IR syslogd (8)). |
| 8 | This is a "non-terminating target", i.e. rule traversal continues at |
| 9 | the next rule. So if you want to LOG the packets you refuse, use two |
| 10 | separate rules with the same matching criteria, first using target LOG |
| 11 | then DROP (or REJECT). |
| 12 | .TP |
| 13 | \fB\-\-log\-level\fP \fIlevel\fP |
| 14 | Level of logging (numeric or see \fIsyslog.conf\fP(5)). |
| 15 | .TP |
| 16 | \fB\-\-log\-prefix\fP \fIprefix\fP |
| 17 | Prefix log messages with the specified prefix; up to 29 letters long, |
| 18 | and useful for distinguishing messages in the logs. |
| 19 | .TP |
| 20 | \fB\-\-log\-tcp\-sequence\fP |
| 21 | Log TCP sequence numbers. This is a security risk if the log is |
| 22 | readable by users. |
| 23 | .TP |
| 24 | \fB\-\-log\-tcp\-options\fP |
| 25 | Log options from the TCP packet header. |
| 26 | .TP |
| 27 | \fB\-\-log\-ip\-options\fP |
| 28 | Log options from the IPv6 packet header. |
| 29 | .TP |
| 30 | \fB\-\-log\-uid\fP |
| 31 | Log the userid of the process which generated the packet. |