Zentables-addons is a set of extensions to netfilter/iptables developed by Zenedge and based on Xtables-addons.
Zenset is a netfilter/iptables extension which provides support for matching Proxy Protocol source address using IP Set.
RESET is a netfilter/iptables extension which provides support to finalize an established TCP connection by emulating a TCP RST to both ends. This extension is based on ipt_REJECT.
For example, for blocking the source address 10.10.10.10 sent through Proxy Protocol using TCP RST and a IP set, we can use:
# ipset create blacklist hash:ip
# ipset add blacklist 10.10.10.10
# iptables -I INPUT -p tcp -m zenset --proxy-protocol --match-set blacklist src -j RESET
# apt-get install libmnl-dev libltdl7-dev iptables-dev libxtables10 libipset-dev ipset
$ ./autogen.sh
$ ./configure
$ make
# make install
# depmode -a
# modprobe xt_zenset
# modprobe xt_RESET