calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'update'
${ noResults }
gentoo-overlay/profiles/desc/xtables_addons.desc

31 lines
2.1 KiB
Raw Permalink Blame History

# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# This file contains descriptions of XTABLES_ADDONS USE-EXPANDED variables.
# Keep it sorted.
account - ACCOUNT target is a high performance accounting system for large local networks
asn - match a packet by its source or destination Autonomous System Number
chaos - CHAOS target causes confusion on the other end by doing odd things with incoming packets
condition - matches if a specific condition variable is (un)set
delude - DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST
dhcpmac - DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine
dnetmap - DNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets
echo - ECHO target sends back all packets it received
fuzzy - matches a rate limit based on a fuzzy logic controller (FLC)
geoip - match a packet by its source or destination country
gradm - match packets based on grsecurity RBAC status
iface - match allows to check interface states
ipmark - IPMARK target allows mark a received packet basing on its IP address
ipp2p - matches certain packets in P2P flows
ipv4options - match against a set of IPv4 header options
length2 - matches the length of a packet against a specific value or range of values
logmark - LOGMARK target will log packet and connection marks to syslog
lscan - match detects simple low-level scan attemps based upon the packet's contents
quota2 - match implements a named counter which can be increased or decreased on a per-match basis
pknock - match implements so-called "port knocking", a stealthy system for network authentication
proto - modifies the protocol number in IP packet header
psd - match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd)
sysrq - SYSRQ target allows to remotely trigger sysrq on the local machine over the network
tarpit - TARPIT target captures and holds incoming TCP connections using no local per-connection resources
Reference in new issue View Git Blame Copy Permalink