profiles/desc/xtables_addons.desc - third_party/overlays/portage-stable - Git at Google

 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Header: /var/cvsroot/gentoo-x86/profiles/desc/xtables_addons.desc,v 1.5 2013/06/03 21:20:15 jer Exp $

 # This file contains descriptions of XTABLES_ADDONS USE-EXPANDED variables.
 # Keep it sorted.

 account - ACCOUNT target is a high performance accounting system for large local networks
 chaos - CHAOS target causes confusion on the other end by doing odd things with incoming packets
 checksum - CHECKSUM target computes and fills in the checksum in a packet that lacks a checksum
 condition - matches if a specific condition variable is (un)set
 delude - DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST
 dhcpmac - DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine
 dnetmap - DNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets
 echo - ECHO target sends back all packets it received
 fuzzy - matches a rate limit based on a fuzzy logic controller (FLC)
 geoip - match a packet by its source or destination country
 gradm - match packets based on grsecurity RBAC status
 iface - match allows to check interface states
 ipmark - IPMARK target allows mark a received packet basing on its IP address
 ipp2p - matches certain packets in P2P flows
 ipset - enables build of ipset related modules and tools
 ipset4 - enables build of ipset-4.x related modules and tools
 ipset6 - enables build of ipset-6.x related modules and tools
 ipv4options - match against a set of IPv4 header options
 length2 - matches the length of a packet against a specific value or range of values
 logmark - LOGMARK target will log packet and connection marks to syslog
 lscan - match detects simple low-level scan attemps based upon the packet's contents
 quota2 - match implements a named counter which can be increased or decreased on a per-match basis
 pknock - match implements so-called "port knocking", a stealthy system for network authentication
 psd - match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd)
 rawnat - The RAWSNAT and RAWDNAT targets provide stateless network address translation
 steal - STEAL target is like DROP, but does not throw an error when used in the OUTPUT chain
 sysrq - SYSRQ target allows to remotely trigger sysrq on the local machine over the network
 tarpit - TARPIT target captures and holds incoming TCP connections using no local per-connection resources
 tee - TEE target will clone a packet and redirect this clone to another machine on the local network segment
	# Copyright 1999-2013 Gentoo Foundation
	# Distributed under the terms of the GNU General Public License v2
	# $Header: /var/cvsroot/gentoo-x86/profiles/desc/xtables_addons.desc,v 1.5 2013/06/03 21:20:15 jer Exp $

	# This file contains descriptions of XTABLES_ADDONS USE-EXPANDED variables.
	# Keep it sorted.

	account - ACCOUNT target is a high performance accounting system for large local networks
	chaos - CHAOS target causes confusion on the other end by doing odd things with incoming packets
	checksum - CHECKSUM target computes and fills in the checksum in a packet that lacks a checksum
	condition - matches if a specific condition variable is (un)set
	delude - DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST
	dhcpmac - DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine
	dnetmap - DNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets
	echo - ECHO target sends back all packets it received
	fuzzy - matches a rate limit based on a fuzzy logic controller (FLC)
	geoip - match a packet by its source or destination country
	gradm - match packets based on grsecurity RBAC status
	iface - match allows to check interface states
	ipmark - IPMARK target allows mark a received packet basing on its IP address
	ipp2p - matches certain packets in P2P flows
	ipset - enables build of ipset related modules and tools
	ipset4 - enables build of ipset-4.x related modules and tools
	ipset6 - enables build of ipset-6.x related modules and tools
	ipv4options - match against a set of IPv4 header options
	length2 - matches the length of a packet against a specific value or range of values
	logmark - LOGMARK target will log packet and connection marks to syslog
	lscan - match detects simple low-level scan attemps based upon the packet's contents
	quota2 - match implements a named counter which can be increased or decreased on a per-match basis
	pknock - match implements so-called "port knocking", a stealthy system for network authentication
	psd - match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd)
	rawnat - The RAWSNAT and RAWDNAT targets provide stateless network address translation
	steal - STEAL target is like DROP, but does not throw an error when used in the OUTPUT chain
	sysrq - SYSRQ target allows to remotely trigger sysrq on the local machine over the network
	tarpit - TARPIT target captures and holds incoming TCP connections using no local per-connection resources
	tee - TEE target will clone a packet and redirect this clone to another machine on the local network segment