xtables_addons options

account
ACCOUNT target is a high performance accounting system for large local networks
chaos
CHAOS target causes confusion on the other end by doing odd things with incoming packets
condition
matches if a specific condition variable is (un)set
delude
DELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST
dhcpmac
DHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine
dnetmap
DNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets
echo
ECHO target sends back all packets it received
fuzzy
matches a rate limit based on a fuzzy logic controller (FLC)
geoip
match a packet by its source or destination country
gradm
match packets based on grsecurity RBAC status
iface
match allows to check interface states
ipmark
IPMARK target allows mark a received packet basing on its IP address
ipp2p
matches certain packets in P2P flows
ipv4options
match against a set of IPv4 header options
length2
matches the length of a packet against a specific value or range of values
logmark
LOGMARK target will log packet and connection marks to syslog
lscan
match detects simple low-level scan attemps based upon the packet's contents
pknock
match implements so-called "port knocking", a stealthy system for network authentication
proto
modifies the protocol number in IP packet header
psd
match attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd)
quota2
match implements a named counter which can be increased or decreased on a per-match basis
sysrq
SYSRQ target allows to remotely trigger sysrq on the local machine over the network
tarpit
TARPIT target captures and holds incoming TCP connections using no local per-connection resources