From 8fa47480f8716bbb63a899ad38c46123606a0aac Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 24 Mar 2008 13:53:01 +0100 Subject: [PATCH] Add Kconfig descriptions for Chaostables, ECHO, geoip --- extensions/xt_CHAOS.Kconfig | 9 +++++++++ extensions/xt_DELUDE.Kconfig | 6 ++++++ extensions/xt_ECHO.Kconfig | 6 ++++++ extensions/xt_geoip.Kconfig | 10 ++++++++++ extensions/xt_portscan.Kconfig | 8 ++++++++ 5 files changed, 39 insertions(+) create mode 100644 extensions/xt_CHAOS.Kconfig create mode 100644 extensions/xt_DELUDE.Kconfig create mode 100644 extensions/xt_ECHO.Kconfig create mode 100644 extensions/xt_geoip.Kconfig create mode 100644 extensions/xt_portscan.Kconfig diff --git a/extensions/xt_CHAOS.Kconfig b/extensions/xt_CHAOS.Kconfig new file mode 100644 index 0000000..2b07276 --- /dev/null +++ b/extensions/xt_CHAOS.Kconfig @@ -0,0 +1,9 @@ +config NETFILTER_XT_TARGET_CHAOS + tristate '"CHAOS" target support' + depends on NETFILTER_XTABLES && NETFILTER_ADVANCED + depends on NETFILTER_XT_TARGET_DELUDE || NETFILTER_XT_TARGET_TARPIT + depends on CONFIG_IP_NF_TARGET_REJECT + ---help--- + The CHAOS target is a module to report back false results to nmap + scans by randomly switching between DELUDE/TARPIT, REJECT and DROP + behavior. diff --git a/extensions/xt_DELUDE.Kconfig b/extensions/xt_DELUDE.Kconfig new file mode 100644 index 0000000..163dd48 --- /dev/null +++ b/extensions/xt_DELUDE.Kconfig @@ -0,0 +1,6 @@ +config NETFILTER_XT_TARGET_DELUDE + tristate '"DELUDE" target support' + depends on NETFILTER_XTABLES && NETFILTER_ADVANCED + ---help--- + The DELUDE target acknowledges connection initiations but forcibly + closes on any other packet, therefore making the port look open. diff --git a/extensions/xt_ECHO.Kconfig b/extensions/xt_ECHO.Kconfig new file mode 100644 index 0000000..0c06757 --- /dev/null +++ b/extensions/xt_ECHO.Kconfig @@ -0,0 +1,6 @@ +config NETFILTER_XT_TARGET_ECHO + tristate '"ECHO" sample target' + depends on NETFILTER_XTABLES && NETFILTER_ADVANCED + ---help--- + The ECHO target provides a demonstrational implementation of an + Xtables target implementing RFC 862 for UDP. diff --git a/extensions/xt_geoip.Kconfig b/extensions/xt_geoip.Kconfig new file mode 100644 index 0000000..7dd0f8f --- /dev/null +++ b/extensions/xt_geoip.Kconfig @@ -0,0 +1,10 @@ +config NETFILTER_XT_MATCH_GEOIP + tristate '"geoip" match support' + depends on NETFILTER_XTABLES + ---help--- + This option allows you to match a packet by its source or destination + country. Basically, you need a country's database containing all + subnets and associated countries. + + For the complete procedure and understanding, read: + http://people.netfilter.org/acidfu/geoip/howto/geoip-HOWTO.html diff --git a/extensions/xt_portscan.Kconfig b/extensions/xt_portscan.Kconfig new file mode 100644 index 0000000..566d9c3 --- /dev/null +++ b/extensions/xt_portscan.Kconfig @@ -0,0 +1,8 @@ +config NETFILTER_XT_MATCH_PORTSCAN + tristate '"portscan" target support' + depends on NETFILTER_XTABLES && NETFILTER_ADVANCED + ---help--- + The portscan match allows to match on the basic types of nmap + scans: Stealth Scan, SYN scan and connect scan. It can also match + "grab-only" connections, i.e. where data flows in only one + direction.