matches the length of a packet against a specific value or range of values

Other “xtables_addons” USE_EXPAND flag values

Use FlagDescription
xtables_addons_accountACCOUNT target is a high performance accounting system for large local networks
xtables_addons_asnmatch a packet by its source or destination Autonomous System Number
xtables_addons_chaosCHAOS target causes confusion on the other end by doing odd things with incoming packets
xtables_addons_conditionmatches if a specific condition variable is (un)set
xtables_addons_deludeDELUDE target will reply to a SYN packet with SYN-ACK, and to all other packets with an RST
xtables_addons_dhcpmacDHCPMAC target/match in conjunction with ebtables can be used to completely change all MAC addresses from and to a VMware-based virtual machine
xtables_addons_dnetmapDNETMAP target allows dynamic two-way 1:1 mapping of IPv4 subnets
xtables_addons_echoECHO target sends back all packets it received
xtables_addons_fuzzymatches a rate limit based on a fuzzy logic controller (FLC)
xtables_addons_geoipmatch a packet by its source or destination country
xtables_addons_gradmmatch packets based on grsecurity RBAC status
xtables_addons_ifacematch allows to check interface states
xtables_addons_ipmarkIPMARK target allows mark a received packet basing on its IP address
xtables_addons_ipp2pmatches certain packets in P2P flows
xtables_addons_ipv4optionsmatch against a set of IPv4 header options
xtables_addons_length2matches the length of a packet against a specific value or range of values
xtables_addons_logmarkLOGMARK target will log packet and connection marks to syslog
xtables_addons_lscanmatch detects simple low-level scan attemps based upon the packet's contents
xtables_addons_pknockmatch implements so-called "port knocking", a stealthy system for network authentication
xtables_addons_protomodifies the protocol number in IP packet header
xtables_addons_psdmatch attempts to detect TCP and UDP port scans (derived from Solar Designer's scanlogd)
xtables_addons_quota2match implements a named counter which can be increased or decreased on a per-match basis
xtables_addons_sysrqSYSRQ target allows to remotely trigger sysrq on the local machine over the network
xtables_addons_tarpitTARPIT target captures and holds incoming TCP connections using no local per-connection resources

All packages providing a “xtables_addons_length2” USE flag (1)