diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /profiles/desc/xtables_addons.desc |
reinit the tree, so we can have metadata
Diffstat (limited to 'profiles/desc/xtables_addons.desc')
-rw-r--r-- | profiles/desc/xtables_addons.desc | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/profiles/desc/xtables_addons.desc b/profiles/desc/xtables_addons.desc new file mode 100644 index 000000000000..a59618fda9fe --- /dev/null +++ b/profiles/desc/xtables_addons.desc @@ -0,0 +1,32 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# This file contains descriptions of XTABLES_ADDONS USE-EXPANDED variables. +# Keep it sorted. + +account - ACCOUNT target is a high performance accounting system for large local networks +chaos - CHAOS target causes confusion on the other end by doing odd things with incoming packets +checksum - CHECKSUM target computes and fills in the checksum in a packet that lacks a checksum +condition - matches if a specific condition variable is (un)set +delude - DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST +dhcpmac - DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine +dnetmap - DNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets +echo - ECHO target sends back all packets it received +fuzzy - matches a rate limit based on a fuzzy logic controller (FLC) +geoip - match a packet by its source or destination country +gradm - match packets based on grsecurity RBAC status +iface - match allows to check interface states +ipmark - IPMARK target allows mark a received packet basing on its IP address +ipp2p - matches certain packets in P2P flows +ipv4options - match against a set of IPv4 header options +length2 - matches the length of a packet against a specific value or range of values +logmark - LOGMARK target will log packet and connection marks to syslog +lscan - match detects simple low-level scan attemps based upon the packet's contents +quota2 - match implements a named counter which can be increased or decreased on a per-match basis +pknock - match implements so-called "port knocking", a stealthy system for network authentication +psd - match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd) +rawnat - The RAWSNAT and RAWDNAT targets provide stateless network address translation +steal - STEAL target is like DROP, but does not throw an error when used in the OUTPUT chain +sysrq - SYSRQ target allows to remotely trigger sysrq on the local machine over the network +tarpit - TARPIT target captures and holds incoming TCP connections using no local per-connection resources +tee - TEE target will clone a packet and redirect this clone to another machine on the local network segment |