The ACCOUNT target is a high performance accounting system for large
local networks. It allows per-IP accounting in whole prefixes of IPv4
addresses with size of up to /8 without the need to add individual
-accouting rule for each IP address.
+accounting rule for each IP address.
.PP
The ACCOUNT is designed to be queried for data every second or at
least every ten seconds. It is written as kernel module to handle high
The DELUDE target will reply to a SYN packet with SYN-ACK, and to all other
packets with an RST. This will terminate the connection much like REJECT, but
network scanners doing TCP half-open discovery can be spoofed to make them
-belive the port is open rather than closed/filtered.
+believe the port is open rather than closed/filtered.
.PP
In conjunction with ebtables, DHCPMAC can be used to completely change all MAC
addresses from and to a VMware-based virtual machine. This is needed because
-VMware does not allow to set a non-VMware MAC address before an operating
+VMware does not allow one to set a non-VMware MAC address before an operating
system is booted (and the MAC be changed with `ip link set eth0 address
aa:bb..`).
.TP
.PP
-The SYSRQ target allows to remotely trigger sysrq on the local machine over the
-network. This can be useful when vital parts of the machine hang, for example
-an oops in a filesystem causing locks to be not released and processes to get
-stuck as a result \(em if still possible, use /proc/sysrq-trigger. Even when
-processes are stuck, interrupts are likely to be still processed, and as such,
-sysrq can be triggered through incoming network packets.
+The SYSRQ target allows one to remotely trigger sysrq on the local machine over
+the network. This can be useful when vital parts of the machine hang, for
+example an oops in a filesystem causing locks to be not released and processes
+to get stuck as a result \(em if still possible, use /proc/sysrq-trigger. Even
+when processes are stuck, interrupts are likely to be still processed, and as
+such, sysrq can be triggered through incoming network packets.
.PP
The xt_SYSRQ implementation uses a salted hash and a sequence number to prevent
network sniffers from either guessing the password or replaying earlier
.PP
-The "ipv4options" module allows to match against a set of IPv4 header options.
+The "ipv4options" module allows one to match against a set of IPv4 header options.
.TP
\fB\-\-flags\fP [\fB!\fP]\fIsymbol\fP[\fB,\fP[\fB!\fP]\fIsymbol...\fP]
Specify the options that shall appear or not appear in the header. Each
Weight of the packet with privileged (<=1024) destination port.
.TP
\fB\-\-psd\-hi\-ports\-weight\fP \fIweight\fP
-Weight of the packet with non-priviliged destination port.
+Weight of the packet with non-privileged destination port.
projects / thirdparty / xtables-addons.git / commitdiff
