Published May 31st, 2004 by Jim O'Halloran
IPTables “hidden treasures”
This is an excellent guide to some of the “hidden treasures” of IPtables.
A bad or incompatible patch readily can produce a kernel that doesn’t compile, or worse, doesn’t boot. The Netfilter team has sought to resolve these difficulties by providing us with a robot guide, POM, or Patch-o-matic. POM is a collection of patches and a script for applying them to your kernel, and it’s a joy even for a relative novice to use.
The kernel patches included with POM are classified into a number of groups according to their history and quality. Some of them are base patches needed in every iptables/Netfilter installation. Others are optional or experimental extras that provide interesting features, some of which I describe in this article. These are the promised hidden treasures, what the POM documentation describes as “Maybe broken, Maybe cool extensions.”
Some of the things in POM include matching based on strings in a packet, random chance, tarpits and multiport matching. Pretty cool stuff.