Gentoo Archives: gentoo-commits

From: "Peter Volkov (pva)" <pva@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in profiles/desc: xtables_addons.desc
Date: Thu, 29 Apr 2010 09:25:55
1 pva 10/04/29 09:25:51
3 Added: xtables_addons.desc
4 Log:
5 Add XTABLES_ADDONS description (discussed in -dev on 18.01.2010).
7 Revision Changes Path
8 1.1 profiles/desc/xtables_addons.desc
10 file :
11 plain:
13 Index: xtables_addons.desc
14 ===================================================================
15 # Copyright 1999-2010 Gentoo Foundation
16 # Distributed under the terms of the GNU General Public License v2
17 # $Header: /var/cvsroot/gentoo-x86/profiles/desc/xtables_addons.desc,v 1.1 2010/04/29 09:25:51 pva Exp $
19 # This file contains descriptions of XTABLES_ADDONS USE-EXPANDED variables.
20 # Keep it sorted.
22 account - ACCOUNT target is a high performance accounting system for large local networks
23 chaos - CHAOS target causes confusion on the other end by doing odd things with incoming packets
24 condition - matches if a specific condition variable is (un)set
25 delude - DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST
26 dhcpmac - DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine
27 echo - ECHO target sends back all packets it received
28 fuzzy - matches a rate limit based on a fuzzy logic controller (FLC)
29 geoip - match a packet by its source or destination country
30 iface - match allows to check interface states
31 ipmark - IPMARK target allows mark a received packet basing on its IP address
32 ipp2p - matches certain packets in P2P flows
33 ipset - enables build of ipset related modules
34 ipv4options - match against a set of IPv4 header options
35 length2 - matches the length of a packet against a specific value or range of values
36 logmark - LOGMARK target will log packet and connection marks to syslog
37 lscan - match detects simple low-level scan attemps based upon the packet's contents
38 quota2 - match implements a named counter which can be increased or decreased on a per-match basis
39 pknock - match implements so-called "port knocking", a stealthy system for network authentication
40 psd - match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd)
41 rawnat - The RAWSNAT and RAWDNAT targets provide stateless network address translation
42 steal - STEAL target is like DROP, but does not throw an error when used in the OUTPUT chain
43 sysrq - SYSRQ target allows to remotely trigger sysrq on the local machine over the network
44 tarpit - TARPIT target captures and holds incoming TCP connections using no local per-connection resources
45 tee - TEE target will clone a packet and redirect this clone to another machine on the local network segment