| account |
ACCOUNT target is a high performance accounting system for large local networks |
View specific flag page (xtables_addons_account)
|
| asn |
match a packet by its source or destination Autonomous System Number |
View specific flag page (xtables_addons_asn)
|
| chaos |
CHAOS target causes confusion on the other end by doing odd things with incoming packets |
View specific flag page (xtables_addons_chaos)
|
| condition |
matches if a specific condition variable is (un)set |
View specific flag page (xtables_addons_condition)
|
| delude |
DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST |
View specific flag page (xtables_addons_delude)
|
| dhcpmac |
DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine |
View specific flag page (xtables_addons_dhcpmac)
|
| dnetmap |
DNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets |
View specific flag page (xtables_addons_dnetmap)
|
| echo |
ECHO target sends back all packets it received |
View specific flag page (xtables_addons_echo)
|
| fuzzy |
matches a rate limit based on a fuzzy logic controller (FLC) |
View specific flag page (xtables_addons_fuzzy)
|
| geoip |
match a packet by its source or destination country |
View specific flag page (xtables_addons_geoip)
|
| gradm |
match packets based on grsecurity RBAC status |
View specific flag page (xtables_addons_gradm)
|
| iface |
match allows to check interface states |
View specific flag page (xtables_addons_iface)
|
| ipmark |
IPMARK target allows mark a received packet basing on its IP address |
View specific flag page (xtables_addons_ipmark)
|
| ipp2p |
matches certain packets in P2P flows |
View specific flag page (xtables_addons_ipp2p)
|
| ipv4options |
match against a set of IPv4 header options |
View specific flag page (xtables_addons_ipv4options)
|
| length2 |
matches the length of a packet against a specific value or range of values |
View specific flag page (xtables_addons_length2)
|
| logmark |
LOGMARK target will log packet and connection marks to syslog |
View specific flag page (xtables_addons_logmark)
|
| lscan |
match detects simple low-level scan attemps based upon the packet's contents |
View specific flag page (xtables_addons_lscan)
|
| pknock |
match implements so-called "port knocking", a stealthy system for network authentication |
View specific flag page (xtables_addons_pknock)
|
| proto |
modifies the protocol number in IP packet header |
View specific flag page (xtables_addons_proto)
|
| psd |
match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd) |
View specific flag page (xtables_addons_psd)
|
| quota2 |
match implements a named counter which can be increased or decreased on a per-match basis |
View specific flag page (xtables_addons_quota2)
|
| sysrq |
SYSRQ target allows to remotely trigger sysrq on the local machine over the network |
View specific flag page (xtables_addons_sysrq)
|
| tarpit |
TARPIT target captures and holds incoming TCP connections using no local per-connection resources |
View specific flag page (xtables_addons_tarpit)
|