1 Turn on kernel logging of matching packets. When this option is set 2 for a rule, the Linux kernel will print some information on all 3 matching packets (like most IP/IPv6 header fields) via the kernel log 4 (where it can be read with \fIdmesg(1)\fP or read in the syslog). 5 .PP 6 This is a "non-terminating target", i.e. rule traversal continues at 7 the next rule. So if you want to LOG the packets you refuse, use two 8 separate rules with the same matching criteria, first using target LOG 9 then DROP (or REJECT). 10 .TP 11 \fB\-\-log\-level\fP \fIlevel\fP 12 Level of logging, which can be (system-specific) numeric or a mnemonic. 13 Possible values are (in decreasing order of priority): \fBemerg\fP, 14 \fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP 15 or \fBdebug\fP. 16 .TP 17 \fB\-\-log\-prefix\fP \fIprefix\fP 18 Prefix log messages with the specified prefix; up to 29 letters long, 19 and useful for distinguishing messages in the logs. 20 .TP 21 \fB\-\-log\-tcp\-sequence\fP 22 Log TCP sequence numbers. This is a security risk if the log is 23 readable by users. 24 .TP 25 \fB\-\-log\-tcp\-options\fP 26 Log options from the TCP packet header. 27 .TP 28 \fB\-\-log\-ip\-options\fP 29 Log options from the IP/IPv6 packet header. 30 .TP 31 \fB\-\-log\-uid\fP 32 Log the userid of the process which generated the packet. 33
