path: root/extensions/
diff options
authorHenrik Nordstrom <>2004-01-22 15:04:24 +0000
committerHarald Welte <>2004-01-22 15:04:24 +0000
commitc2794131b445ebccba184066af6d3fb2f38d1f38 (patch)
treea24f57a9be5a8364b53dfa102705d270f36b440a /extensions/
parent0113fe75ff05e09e6f3d251534d9ae32e9aa717c (diff)
split manpages into per-extension manpage snippet (Henrik Nordstrom)
add lots of missing manpage snippets (Harald Welte)
Diffstat (limited to 'extensions/')
1 files changed, 28 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
new file mode 100644
index 00000000..9eb5a6ab
--- /dev/null
+++ b/extensions/
@@ -0,0 +1,28 @@
+Turn on kernel logging of matching packets. When this option is set
+for a rule, the Linux kernel will print some information on all
+matching packets (like most IPv6 IPv6-header fields) via the kernel log
+(where it can be read with
+.I dmesg
+.IR syslogd (8)).
+This is a "non-terminating target", i.e. rule traversal continues at
+the next rule. So if you want to LOG the packets you refuse, use two
+separate rules with the same matching criteria, first using target LOG
+then DROP (or REJECT).
+.BI "--log-level " "level"
+Level of logging (numeric or see \fIsyslog.conf\fP(5)).
+.BI "--log-prefix " "prefix"
+Prefix log messages with the specified prefix; up to 29 letters long,
+and useful for distinguishing messages in the logs.
+.B --log-tcp-sequence
+Log TCP sequence numbers. This is a security risk if the log is
+readable by users.
+.B --log-tcp-options
+Log options from the TCP packet header.
+.B --log-ip-options
+Log options from the IPv6 packet header.