| # Copyright 1999-2013 Gentoo Foundation |
| # Distributed under the terms of the GNU General Public License v2 |
| # $Header: /var/cvsroot/gentoo-x86/profiles/desc/xtables_addons.desc,v 1.5 2013/06/03 21:20:15 jer Exp $ |
| |
| # This file contains descriptions of XTABLES_ADDONS USE-EXPANDED variables. |
| # Keep it sorted. |
| |
| account - ACCOUNT target is a high performance accounting system for large local networks |
| chaos - CHAOS target causes confusion on the other end by doing odd things with incoming packets |
| checksum - CHECKSUM target computes and fills in the checksum in a packet that lacks a checksum |
| condition - matches if a specific condition variable is (un)set |
| delude - DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST |
| dhcpmac - DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine |
| dnetmap - DNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets |
| echo - ECHO target sends back all packets it received |
| fuzzy - matches a rate limit based on a fuzzy logic controller (FLC) |
| geoip - match a packet by its source or destination country |
| gradm - match packets based on grsecurity RBAC status |
| iface - match allows to check interface states |
| ipmark - IPMARK target allows mark a received packet basing on its IP address |
| ipp2p - matches certain packets in P2P flows |
| ipset - enables build of ipset related modules and tools |
| ipset4 - enables build of ipset-4.x related modules and tools |
| ipset6 - enables build of ipset-6.x related modules and tools |
| ipv4options - match against a set of IPv4 header options |
| length2 - matches the length of a packet against a specific value or range of values |
| logmark - LOGMARK target will log packet and connection marks to syslog |
| lscan - match detects simple low-level scan attemps based upon the packet's contents |
| quota2 - match implements a named counter which can be increased or decreased on a per-match basis |
| pknock - match implements so-called "port knocking", a stealthy system for network authentication |
| psd - match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd) |
| rawnat - The RAWSNAT and RAWDNAT targets provide stateless network address translation |
| steal - STEAL target is like DROP, but does not throw an error when used in the OUTPUT chain |
| sysrq - SYSRQ target allows to remotely trigger sysrq on the local machine over the network |
| tarpit - TARPIT target captures and holds incoming TCP connections using no local per-connection resources |
| tee - TEE target will clone a packet and redirect this clone to another machine on the local network segment |