diff options
| author |   Peter Volkov <pva@gentoo.org> | 2010-04-29 09:25:51 +0000 |
|---|---|---|
| committer | Peter Volkov <pva@gentoo.org> | 2010-04-29 09:25:51 +0000 |
| commit | 35d2ee48e46dd58e02083547e6a7365670096289 (patch) | |
| tree | 0d38f0a9b565b98dd8822b89077020900a6c6051 /profiles/desc | |
| parent | Add XTABLES_ADDONS as discussed in -dev on 18.01.2010 (but dropped _MODULES p... (diff) | |
| download | gentoo-2-35d2ee48e46dd58e02083547e6a7365670096289.tar.gz gentoo-2-35d2ee48e46dd58e02083547e6a7365670096289.tar.bz2 gentoo-2-35d2ee48e46dd58e02083547e6a7365670096289.zip | |
Add XTABLES_ADDONS description (discussed in -dev on 18.01.2010).
Diffstat (limited to 'profiles/desc')
| -rw-r--r-- | profiles/desc/xtables_addons.desc | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/profiles/desc/xtables_addons.desc b/profiles/desc/xtables_addons.desc new file mode 100644 index 000000000000..6f816c1babed --- /dev/null +++ b/profiles/desc/xtables_addons.desc @@ -0,0 +1,31 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/desc/xtables_addons.desc,v 1.1 2010/04/29 09:25:51 pva Exp $ + +# This file contains descriptions of XTABLES_ADDONS USE-EXPANDED variables. +# Keep it sorted. + +account - ACCOUNT target is a high performance accounting system for large local networks +chaos - CHAOS target causes confusion on the other end by doing odd things with incoming packets +condition - matches if a specific condition variable is (un)set +delude - DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST +dhcpmac - DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine +echo - ECHO target sends back all packets it received +fuzzy - matches a rate limit based on a fuzzy logic controller (FLC) +geoip - match a packet by its source or destination country +iface - match allows to check interface states +ipmark - IPMARK target allows mark a received packet basing on its IP address +ipp2p - matches certain packets in P2P flows +ipset - enables build of ipset related modules +ipv4options - match against a set of IPv4 header options +length2 - matches the length of a packet against a specific value or range of values +logmark - LOGMARK target will log packet and connection marks to syslog +lscan - match detects simple low-level scan attemps based upon the packet's contents +quota2 - match implements a named counter which can be increased or decreased on a per-match basis +pknock - match implements so-called "port knocking", a stealthy system for network authentication +psd - match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd) +rawnat - The RAWSNAT and RAWDNAT targets provide stateless network address translation +steal - STEAL target is like DROP, but does not throw an error when used in the OUTPUT chain +sysrq - SYSRQ target allows to remotely trigger sysrq on the local machine over the network +tarpit - TARPIT target captures and holds incoming TCP connections using no local per-connection resources +tee - TEE target will clone a packet and redirect this clone to another machine on the local network segment |