1Turn on kernel logging of matching packets. When this option is set 2for a rule, the Linux kernel will print some information on all 3matching packets (like most IPv6 IPv6-header fields) via the kernel log 4(where it can be read with 5.I dmesg 6or 7.IR syslogd (8)). 8This is a "non-terminating target", i.e. rule traversal continues at 9the next rule. So if you want to LOG the packets you refuse, use two 10separate rules with the same matching criteria, first using target LOG 11then DROP (or REJECT). 12.TP 13\fB\-\-log\-level\fP \fIlevel\fP 14Level of logging (numeric or see \fIsyslog.conf\fP(5)). 15.TP 16\fB\-\-log\-prefix\fP \fIprefix\fP 17Prefix log messages with the specified prefix; up to 29 letters long, 18and useful for distinguishing messages in the logs. 19.TP 20\fB\-\-log\-tcp\-sequence\fP 21Log TCP sequence numbers. This is a security risk if the log is 22readable by users. 23.TP 24\fB\-\-log\-tcp\-options\fP 25Log options from the TCP packet header. 26.TP 27\fB\-\-log\-ip\-options\fP 28Log options from the IPv6 packet header. 29.TP 30\fB\-\-log\-uid\fP 31Log the userid of the process which generated the packet. 32