diff options
Diffstat (limited to 'extensions/libxt_LOG.man')
| -rw-r--r-- | extensions/libxt_LOG.man | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/extensions/libxt_LOG.man b/extensions/libxt_LOG.man new file mode 100644 index 0000000..354edf4 --- /dev/null +++ b/extensions/libxt_LOG.man @@ -0,0 +1,32 @@ +Turn on kernel logging of matching packets. When this option is set +for a rule, the Linux kernel will print some information on all +matching packets (like most IP/IPv6 header fields) via the kernel log +(where it can be read with \fIdmesg(1)\fP or read in the syslog). +.PP +This is a "non-terminating target", i.e. rule traversal continues at +the next rule. So if you want to LOG the packets you refuse, use two +separate rules with the same matching criteria, first using target LOG +then DROP (or REJECT). +.TP +\fB\-\-log\-level\fP \fIlevel\fP +Level of logging, which can be (system-specific) numeric or a mnemonic. +Possible values are (in decreasing order of priority): \fBemerg\fP, +\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP +or \fBdebug\fP. +.TP +\fB\-\-log\-prefix\fP \fIprefix\fP +Prefix log messages with the specified prefix; up to 29 letters long, +and useful for distinguishing messages in the logs. +.TP +\fB\-\-log\-tcp\-sequence\fP +Log TCP sequence numbers. This is a security risk if the log is +readable by users. +.TP +\fB\-\-log\-tcp\-options\fP +Log options from the TCP packet header. +.TP +\fB\-\-log\-ip\-options\fP +Log options from the IP/IPv6 packet header. +.TP +\fB\-\-log\-uid\fP +Log the userid of the process which generated the packet. |