Na% man_de% manpage:
LOG
Turn on kernel logging of matching packets. When this option is set
for a rule, the Linux kernel will print some information on all match-
ing packets (like most IP header fields) via the kernel log (where it
can be read with dmesg or syslogd(8)). This is a "non-terminating tar-
get", i.e. rule traversal continues at the next rule. So if you want
to LOG the packets you refuse, use two separate rules with the same
matching criteria, first using target LOG then DROP (or REJECT).
"sem terminação" é a terminologia chave aqui. Você pode colocar alvos iptables
onde quiser, com o entendimento de que qualquer alvo que "termine" antes da entrada LOG
não será registrado.