Sometimes it is neccessary to filter packets based on their geo-ip location. Shorewall can make use of the xt_geoip-module for iptables. In this article I will explain how to setup this module on Debian.
If someone attacks a linux-system, most administrator would block the ip-address of the attacker using iptables-rules. But there is another method to block the address of an attacker: nullroutes. A Nullroute simply directs to nowhere.
I found some very interesting papers about firewall evasion: