summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--extensions/libipt_LOG.man34
-rw-r--r--extensions/libxt_LOG.man (renamed from extensions/libip6t_LOG.man)6
2 files changed, 3 insertions, 37 deletions
diff --git a/extensions/libipt_LOG.man b/extensions/libipt_LOG.man
deleted file mode 100644
index f2574f88..00000000
--- a/extensions/libipt_LOG.man
+++ /dev/null
@@ -1,34 +0,0 @@
-Turn on kernel logging of matching packets. When this option is set
-for a rule, the Linux kernel will print some information on all
-matching packets (like most IP header fields) via the kernel log
-(where it can be read with
-.I dmesg
-or
-.IR syslogd (8)).
-This is a "non-terminating target", i.e. rule traversal continues at
-the next rule. So if you want to LOG the packets you refuse, use two
-separate rules with the same matching criteria, first using target LOG
-then DROP (or REJECT).
-.TP
-\fB\-\-log\-level\fP \fIlevel\fP
-Level of logging, which can be (system-specific) numeric or a mnemonic.
-Possible values are (in decreasing order of priority): \fBemerg\fP,
-\fBalert\fP, \fBcrit\fP, \fBerror\fP, \fBwarning\fP, \fBnotice\fP, \fBinfo\fP
-or \fBdebug\fP.
-.TP
-\fB\-\-log\-prefix\fP \fIprefix\fP
-Prefix log messages with the specified prefix; up to 29 letters long,
-and useful for distinguishing messages in the logs.
-.TP
-\fB\-\-log\-tcp\-sequence\fP
-Log TCP sequence numbers. This is a security risk if the log is
-readable by users.
-.TP
-\fB\-\-log\-tcp\-options\fP
-Log options from the TCP packet header.
-.TP
-\fB\-\-log\-ip\-options\fP
-Log options from the IP packet header.
-.TP
-\fB\-\-log\-uid\fP
-Log the userid of the process which generated the packet.
diff --git a/extensions/libip6t_LOG.man b/extensions/libxt_LOG.man
index 0a486404..6d3a83a4 100644
--- a/extensions/libip6t_LOG.man
+++ b/extensions/libxt_LOG.man
@@ -1,9 +1,9 @@
Turn on kernel logging of matching packets. When this option is set
for a rule, the Linux kernel will print some information on all
-matching packets (like most IPv6 IPv6-header fields) via the kernel log
+matching packets (like most IP/IPv6 header fields) via the kernel log
(where it can be read with
.I dmesg
-or
+or
.IR syslogd (8)).
This is a "non-terminating target", i.e. rule traversal continues at
the next rule. So if you want to LOG the packets you refuse, use two
@@ -28,7 +28,7 @@ readable by users.
Log options from the TCP packet header.
.TP
\fB\-\-log\-ip\-options\fP
-Log options from the IPv6 packet header.
+Log options from the IP/IPv6 packet header.
.TP
\fB\-\-log\-uid\fP
Log the userid of the process which generated the packet.