From f927d5fc3a6a0a8a8fb03e733a6572a934482723 Mon Sep 17 00:00:00 2001 From: Mart Frauenlob Date: Wed, 10 Apr 2013 06:47:32 +0000 Subject: extensions: libxt_LOG: rename IPv4 manpage and tell about IPv6 support Signed-off-by: Mart Frauenlob Signed-off-by: Florian Westphal --- extensions/libip6t_LOG.man | 34 ---------------------------------- extensions/libipt_LOG.man | 34 ---------------------------------- extensions/libxt_LOG.man | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 68 deletions(-) delete mode 100644 extensions/libip6t_LOG.man delete mode 100644 extensions/libipt_LOG.man create mode 100644 extensions/libxt_LOG.man diff --git a/extensions/libip6t_LOG.man b/extensions/libip6t_LOG.man deleted file mode 100644 index 0a486404..00000000 --- a/extensions/libip6t_LOG.man +++ /dev/null @@ -1,34 +0,0 @@ -Turn on kernel logging of matching packets. When this option is set -for a rule, the Linux kernel will print some information on all -matching packets (like most IPv6 IPv6-header fields) via the kernel log -(where it can be read with -.I dmesg -or -.IR syslogd (8)). -This is a "non-terminating target", i.e. rule traversal continues at -the next rule. So if you want to LOG the packets you refuse, use two -separate rules with the same matching criteria, first using target LOG -then DROP (or REJECT). -.TP -\fB\-\-log\-level\fP \fIlevel\fP -Level of logging, which can be (system-specific) numeric or a mnemonic. -Possible values are (in decreasing order of priority): \fBemerg\fP, -\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP -or \fBdebug\fP. -.TP -\fB\-\-log\-prefix\fP \fIprefix\fP -Prefix log messages with the specified prefix; up to 29 letters long, -and useful for distinguishing messages in the logs. -.TP -\fB\-\-log\-tcp\-sequence\fP -Log TCP sequence numbers. This is a security risk if the log is -readable by users. -.TP -\fB\-\-log\-tcp\-options\fP -Log options from the TCP packet header. -.TP -\fB\-\-log\-ip\-options\fP -Log options from the IPv6 packet header. -.TP -\fB\-\-log\-uid\fP -Log the userid of the process which generated the packet. diff --git a/extensions/libipt_LOG.man b/extensions/libipt_LOG.man deleted file mode 100644 index f2574f88..00000000 --- a/extensions/libipt_LOG.man +++ /dev/null @@ -1,34 +0,0 @@ -Turn on kernel logging of matching packets. When this option is set -for a rule, the Linux kernel will print some information on all -matching packets (like most IP header fields) via the kernel log -(where it can be read with -.I dmesg -or -.IR syslogd (8)). -This is a "non-terminating target", i.e. rule traversal continues at -the next rule. So if you want to LOG the packets you refuse, use two -separate rules with the same matching criteria, first using target LOG -then DROP (or REJECT). -.TP -\fB\-\-log\-level\fP \fIlevel\fP -Level of logging, which can be (system-specific) numeric or a mnemonic. -Possible values are (in decreasing order of priority): \fBemerg\fP, -\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP -or \fBdebug\fP. -.TP -\fB\-\-log\-prefix\fP \fIprefix\fP -Prefix log messages with the specified prefix; up to 29 letters long, -and useful for distinguishing messages in the logs. -.TP -\fB\-\-log\-tcp\-sequence\fP -Log TCP sequence numbers. This is a security risk if the log is -readable by users. -.TP -\fB\-\-log\-tcp\-options\fP -Log options from the TCP packet header. -.TP -\fB\-\-log\-ip\-options\fP -Log options from the IP packet header. -.TP -\fB\-\-log\-uid\fP -Log the userid of the process which generated the packet. diff --git a/extensions/libxt_LOG.man b/extensions/libxt_LOG.man new file mode 100644 index 00000000..6d3a83a4 --- /dev/null +++ b/extensions/libxt_LOG.man @@ -0,0 +1,34 @@ +Turn on kernel logging of matching packets. When this option is set +for a rule, the Linux kernel will print some information on all +matching packets (like most IP/IPv6 header fields) via the kernel log +(where it can be read with +.I dmesg +or +.IR syslogd (8)). +This is a "non-terminating target", i.e. rule traversal continues at +the next rule. So if you want to LOG the packets you refuse, use two +separate rules with the same matching criteria, first using target LOG +then DROP (or REJECT). +.TP +\fB\-\-log\-level\fP \fIlevel\fP +Level of logging, which can be (system-specific) numeric or a mnemonic. +Possible values are (in decreasing order of priority): \fBemerg\fP, +\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP +or \fBdebug\fP. +.TP +\fB\-\-log\-prefix\fP \fIprefix\fP +Prefix log messages with the specified prefix; up to 29 letters long, +and useful for distinguishing messages in the logs. +.TP +\fB\-\-log\-tcp\-sequence\fP +Log TCP sequence numbers. This is a security risk if the log is +readable by users. +.TP +\fB\-\-log\-tcp\-options\fP +Log options from the TCP packet header. +.TP +\fB\-\-log\-ip\-options\fP +Log options from the IP/IPv6 packet header. +.TP +\fB\-\-log\-uid\fP +Log the userid of the process which generated the packet. -- cgit v1.2.3