Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 1 | Turn on kernel logging of matching packets. When this option is set |
| 2 | for a rule, the Linux kernel will print some information on all |
| 3 | matching packets (like most IPv6 IPv6-header fields) via the kernel log |
| 4 | (where it can be read with |
| 5 | .I dmesg |
| 6 | or |
| 7 | .IR syslogd (8)). |
| 8 | This is a "non-terminating target", i.e. rule traversal continues at |
| 9 | the next rule. So if you want to LOG the packets you refuse, use two |
| 10 | separate rules with the same matching criteria, first using target LOG |
| 11 | then DROP (or REJECT). |
| 12 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 13 | \fB\-\-log\-level\fP \fIlevel\fP |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 14 | Level of logging (numeric or see \fIsyslog.conf\fP(5)). |
| 15 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 16 | \fB\-\-log\-prefix\fP \fIprefix\fP |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 17 | Prefix log messages with the specified prefix; up to 29 letters long, |
| 18 | and useful for distinguishing messages in the logs. |
| 19 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 20 | \fB\-\-log\-tcp\-sequence\fP |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 21 | Log TCP sequence numbers. This is a security risk if the log is |
| 22 | readable by users. |
| 23 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 24 | \fB\-\-log\-tcp\-options\fP |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 25 | Log options from the TCP packet header. |
| 26 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 27 | \fB\-\-log\-ip\-options\fP |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 28 | Log options from the IPv6 packet header. |
Patrick McHardy | 0c4c91c | 2005-06-24 02:15:31 +0000 | [diff] [blame] | 29 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 30 | \fB\-\-log\-uid\fP |
Patrick McHardy | 0c4c91c | 2005-06-24 02:15:31 +0000 | [diff] [blame] | 31 | Log the userid of the process which generated the packet. |