path: root/extensions/
diff options
authorPatrick McHardy <>2007-11-26 06:49:08 +0000
committerPatrick McHardy <>2007-11-26 06:49:08 +0000
commite29da4e9610ab376593e50a44efba874a533dfe0 (patch)
tree3684e539b350a2f0a724d2a859a9d33fb9a0ca97 /extensions/
parentdb09b39196b537f3898b9454a5758e6540f9f121 (diff)
Add NFLOG manpage
Diffstat (limited to 'extensions/')
1 files changed, 29 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
new file mode 100644
index 00000000..08c42dec
--- /dev/null
+++ b/extensions/
@@ -0,0 +1,29 @@
+This target provides logging of matching packets. When this target is
+set for a rule, the Linux kernel will pass the packet to the loaded
+logging backend to log the packet. This is usually used in combination
+with nfnetlink_log as logging backend, which will multicast the packet
+through a
+.IR netlink
+socket to the specified multicast group. One or more userspace processes
+may subscribe to the group to receive the packets. Like LOG, this is a
+non-terminating target, i.e. rule traversal continues at the next rule.
+.BI "--nflog-group " "nlgroup"
+The netlink group (1 - 2^32-1) to which packets are (only applicable for
+nfnetlink_log). The default value is 0.
+.BI "--nflog-prefix " "prefix"
+A prefix string to include in the log message, up to 64 characters
+long, useful for distinguishing messages in the logs.
+.BI "--nflog-range " "size"
+The number of bytes to be copied to userspace (only applicable for
+nfnetlink_log). nfnetlink_log instances may specify their own
+range, this option overrides it.
+.BI "--nflog-threshold " "size"
+Number of packets to queue inside the kernel before sending them
+to userspace (only applicable for nfnetlink_log). Higher values
+result in less overhead per packet, but increase delay until the
+packets reach userspace. The default value is 1.