This target provides logging of matching packets. When this target is
set for a rule, the Linux kernel will pass the packet to the loaded
logging backend to log the packet. This is usually used in combination
with nfnetlink_log as logging backend, which will multicast the packet
through a
.IR netlink
socket to the specified multicast group. One or more userspace processes
may subscribe to the group to receive the packets. Like LOG, this is a
non-terminating target, i.e. rule traversal continues at the next rule.
.TP
.BI "--nflog-group " "nlgroup"
The netlink group (1 - 2^32-1) to which packets are (only applicable for
nfnetlink_log). The default value is 0.
.TP
.BI "--nflog-prefix " "prefix"
A prefix string to include in the log message, up to 64 characters
long, useful for distinguishing messages in the logs.
.TP
.BI "--nflog-range " "size"
The number of bytes to be copied to userspace (only applicable for
nfnetlink_log). nfnetlink_log instances may specify their own
range, this option overrides it.
.TP
.BI "--nflog-threshold " "size"
Number of packets to queue inside the kernel before sending them
to userspace (only applicable for nfnetlink_log). Higher values
result in less overhead per packet, but increase delay until the
packets reach userspace. The default value is 1.
.BR