Debian: IPSET, TARPIT и т.д. на ядре 2.6.32 и выше

Для тех кто мучается с netfilter-extension и не понимает, что же делать-то ;)

1. aptitude install module-assistant xtables-addons-source
2. module-assistant prepare
3. module-assistant auto-install xtables-addons-source
4. depmod -a

Всё! Наслаждаемся екстеншенами.

Новые таржеты для iptables:

• CHAOS: randomly use REJECT, DELUDE or TARPIT targets. This will fool network scanners by returning random results
• DELUDE: always reply to a SYN by a SYN-ACK. This will fool TCP half-open discovery
• DHCPADDR: replace a MAC address from and to a VMware host
• IPMARK: mark a packet, based on its IP address
• LOGMARK: log packet and mark to syslog
• SYSRQ: trigger a sysreq over the network (sending a saK over the network looks like a real funny idea ;)
• TARPIT: try to slow down (or DoS) remote host by capturing the session and holding it for a long time, using a 0-bytes TCP window. Run that on port 25 if you have no mail server to slow down spammers ;)

Новые совпадения (matches) для iptables:

• condition: match on boolean value stored in /proc/net/nf_condition/name
• dhcpaddr: match the DHCP Client Host address in a DHCP message
• fuzzy: match a rate limit based on a fuzzy logic controller
• geoip: match a packet by its source or destination country
• ipp2p: match (certain) p2p protocols
• portscan: try to match port scanners based on packet contents
• quota2: named counters