- aptitude install module-assistant xtables-addons-source
- module-assistant prepare
- module-assistant auto-install xtables-addons-source
- depmod -a
Новые таржеты для iptables:
- CHAOS: randomly use REJECT, DELUDE or TARPIT targets. This will fool network scanners by returning random results
- DELUDE: always reply to a SYN by a SYN-ACK. This will fool TCP half-open discovery
- DHCPADDR: replace a MAC address from and to a VMware host
- IPMARK: mark a packet, based on its IP address
- LOGMARK: log packet and mark to syslog
- SYSRQ: trigger a sysreq over the network (sending a saK over the network looks like a real funny idea ;)
- TARPIT: try to slow down (or DoS) remote host by capturing the session and holding it for a long time, using a 0-bytes TCP window. Run that on port 25 if you have no mail server to slow down spammers ;)
Новые совпадения (matches) для iptables:
- condition: match on boolean value stored in /proc/net/nf_condition/name
- dhcpaddr: match the DHCP Client Host address in a DHCP message
- fuzzy: match a rate limit based on a fuzzy logic controller
- geoip: match a packet by its source or destination country
- ipp2p: match (certain) p2p protocols
- portscan: try to match port scanners based on packet contents
- quota2: named counters