1 Turn on kernel logging of matching packets. When this option is set 2 for a rule, the Linux kernel will print some information on all 3 matching packets (like most IP header fields) via the kernel log 4 (where it can be read with 5 .I dmesg 6 or 7 .IR syslogd (8)). 8 This is a "non-terminating target", i.e. rule traversal continues at 9 the next rule. So if you want to LOG the packets you refuse, use two 10 separate rules with the same matching criteria, first using target LOG 11 then DROP (or REJECT). 12 .TP 13 .BI "--log-level " "level" 14 Level of logging (numeric or see \fIsyslog.conf\fP(5)). 15 .TP 16 .BI "--log-prefix " "prefix" 17 Prefix log messages with the specified prefix; up to 29 letters long, 18 and useful for distinguishing messages in the logs. 19 .TP 20 .B --log-tcp-sequence 21 Log TCP sequence numbers. This is a security risk if the log is 22 readable by users. 23 .TP 24 .B --log-tcp-options 25 Log options from the TCP packet header. 26 .TP 27 .B --log-ip-options 28 Log options from the IP packet header. 29 .TP 30 .B --log-uid 31 Log the userid of the process which generated the packet. 32
