aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2008-10-08 05:35:18 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:18 -0400
commitc2df73de246ae75705af8ceed4f385b261dea108 (patch)
tree9372e24e1569cf83f592ea93f899909c391ddad1 /net/netfilter
parentaba0d34800d7f56493b4d5548cc06498a4d69124 (diff)
netfilter: xtables: use "if" blocks in Kconfig
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/Kconfig84
1 files changed, 21 insertions, 63 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 9ad74e8bc5bd..899e78051d8b 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -38,10 +38,11 @@ config NF_CONNTRACK
38 38
39 To compile it as a module, choose M here. If unsure, say N. 39 To compile it as a module, choose M here. If unsure, say N.
40 40
41if NF_CONNTRACK
42
41config NF_CT_ACCT 43config NF_CT_ACCT
42 bool "Connection tracking flow accounting" 44 bool "Connection tracking flow accounting"
43 depends on NETFILTER_ADVANCED 45 depends on NETFILTER_ADVANCED
44 depends on NF_CONNTRACK
45 help 46 help
46 If this option is enabled, the connection tracking code will 47 If this option is enabled, the connection tracking code will
47 keep per-flow packet and byte counters. 48 keep per-flow packet and byte counters.
@@ -63,7 +64,6 @@ config NF_CT_ACCT
63config NF_CONNTRACK_MARK 64config NF_CONNTRACK_MARK
64 bool 'Connection mark tracking support' 65 bool 'Connection mark tracking support'
65 depends on NETFILTER_ADVANCED 66 depends on NETFILTER_ADVANCED
66 depends on NF_CONNTRACK
67 help 67 help
68 This option enables support for connection marks, used by the 68 This option enables support for connection marks, used by the
69 `CONNMARK' target and `connmark' match. Similar to the mark value 69 `CONNMARK' target and `connmark' match. Similar to the mark value
@@ -72,7 +72,7 @@ config NF_CONNTRACK_MARK
72 72
73config NF_CONNTRACK_SECMARK 73config NF_CONNTRACK_SECMARK
74 bool 'Connection tracking security mark support' 74 bool 'Connection tracking security mark support'
75 depends on NF_CONNTRACK && NETWORK_SECMARK 75 depends on NETWORK_SECMARK
76 default m if NETFILTER_ADVANCED=n 76 default m if NETFILTER_ADVANCED=n
77 help 77 help
78 This option enables security markings to be applied to 78 This option enables security markings to be applied to
@@ -85,7 +85,6 @@ config NF_CONNTRACK_SECMARK
85 85
86config NF_CONNTRACK_EVENTS 86config NF_CONNTRACK_EVENTS
87 bool "Connection tracking events" 87 bool "Connection tracking events"
88 depends on NF_CONNTRACK
89 depends on NETFILTER_ADVANCED 88 depends on NETFILTER_ADVANCED
90 help 89 help
91 If this option is enabled, the connection tracking code will 90 If this option is enabled, the connection tracking code will
@@ -96,7 +95,7 @@ config NF_CONNTRACK_EVENTS
96 95
97config NF_CT_PROTO_DCCP 96config NF_CT_PROTO_DCCP
98 tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' 97 tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)'
99 depends on EXPERIMENTAL && NF_CONNTRACK 98 depends on EXPERIMENTAL
100 depends on NETFILTER_ADVANCED 99 depends on NETFILTER_ADVANCED
101 default IP_DCCP 100 default IP_DCCP
102 help 101 help
@@ -107,11 +106,10 @@ config NF_CT_PROTO_DCCP
107 106
108config NF_CT_PROTO_GRE 107config NF_CT_PROTO_GRE
109 tristate 108 tristate
110 depends on NF_CONNTRACK
111 109
112config NF_CT_PROTO_SCTP 110config NF_CT_PROTO_SCTP
113 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' 111 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
114 depends on EXPERIMENTAL && NF_CONNTRACK 112 depends on EXPERIMENTAL
115 depends on NETFILTER_ADVANCED 113 depends on NETFILTER_ADVANCED
116 default IP_SCTP 114 default IP_SCTP
117 help 115 help
@@ -123,7 +121,6 @@ config NF_CT_PROTO_SCTP
123 121
124config NF_CT_PROTO_UDPLITE 122config NF_CT_PROTO_UDPLITE
125 tristate 'UDP-Lite protocol connection tracking support' 123 tristate 'UDP-Lite protocol connection tracking support'
126 depends on NF_CONNTRACK
127 depends on NETFILTER_ADVANCED 124 depends on NETFILTER_ADVANCED
128 help 125 help
129 With this option enabled, the layer 3 independent connection 126 With this option enabled, the layer 3 independent connection
@@ -134,7 +131,6 @@ config NF_CT_PROTO_UDPLITE
134 131
135config NF_CONNTRACK_AMANDA 132config NF_CONNTRACK_AMANDA
136 tristate "Amanda backup protocol support" 133 tristate "Amanda backup protocol support"
137 depends on NF_CONNTRACK
138 depends on NETFILTER_ADVANCED 134 depends on NETFILTER_ADVANCED
139 select TEXTSEARCH 135 select TEXTSEARCH
140 select TEXTSEARCH_KMP 136 select TEXTSEARCH_KMP
@@ -150,7 +146,6 @@ config NF_CONNTRACK_AMANDA
150 146
151config NF_CONNTRACK_FTP 147config NF_CONNTRACK_FTP
152 tristate "FTP protocol support" 148 tristate "FTP protocol support"
153 depends on NF_CONNTRACK
154 default m if NETFILTER_ADVANCED=n 149 default m if NETFILTER_ADVANCED=n
155 help 150 help
156 Tracking FTP connections is problematic: special helpers are 151 Tracking FTP connections is problematic: special helpers are
@@ -165,7 +160,7 @@ config NF_CONNTRACK_FTP
165 160
166config NF_CONNTRACK_H323 161config NF_CONNTRACK_H323
167 tristate "H.323 protocol support" 162 tristate "H.323 protocol support"
168 depends on NF_CONNTRACK && (IPV6 || IPV6=n) 163 depends on (IPV6 || IPV6=n)
169 depends on NETFILTER_ADVANCED 164 depends on NETFILTER_ADVANCED
170 help 165 help
171 H.323 is a VoIP signalling protocol from ITU-T. As one of the most 166 H.323 is a VoIP signalling protocol from ITU-T. As one of the most
@@ -185,7 +180,6 @@ config NF_CONNTRACK_H323
185 180
186config NF_CONNTRACK_IRC 181config NF_CONNTRACK_IRC
187 tristate "IRC protocol support" 182 tristate "IRC protocol support"
188 depends on NF_CONNTRACK
189 default m if NETFILTER_ADVANCED=n 183 default m if NETFILTER_ADVANCED=n
190 help 184 help
191 There is a commonly-used extension to IRC called 185 There is a commonly-used extension to IRC called
@@ -201,7 +195,6 @@ config NF_CONNTRACK_IRC
201 195
202config NF_CONNTRACK_NETBIOS_NS 196config NF_CONNTRACK_NETBIOS_NS
203 tristate "NetBIOS name service protocol support" 197 tristate "NetBIOS name service protocol support"
204 depends on NF_CONNTRACK
205 depends on NETFILTER_ADVANCED 198 depends on NETFILTER_ADVANCED
206 help 199 help
207 NetBIOS name service requests are sent as broadcast messages from an 200 NetBIOS name service requests are sent as broadcast messages from an
@@ -221,7 +214,6 @@ config NF_CONNTRACK_NETBIOS_NS
221 214
222config NF_CONNTRACK_PPTP 215config NF_CONNTRACK_PPTP
223 tristate "PPtP protocol support" 216 tristate "PPtP protocol support"
224 depends on NF_CONNTRACK
225 depends on NETFILTER_ADVANCED 217 depends on NETFILTER_ADVANCED
226 select NF_CT_PROTO_GRE 218 select NF_CT_PROTO_GRE
227 help 219 help
@@ -241,7 +233,7 @@ config NF_CONNTRACK_PPTP
241 233
242config NF_CONNTRACK_SANE 234config NF_CONNTRACK_SANE
243 tristate "SANE protocol support (EXPERIMENTAL)" 235 tristate "SANE protocol support (EXPERIMENTAL)"
244 depends on EXPERIMENTAL && NF_CONNTRACK 236 depends on EXPERIMENTAL
245 depends on NETFILTER_ADVANCED 237 depends on NETFILTER_ADVANCED
246 help 238 help
247 SANE is a protocol for remote access to scanners as implemented 239 SANE is a protocol for remote access to scanners as implemented
@@ -255,7 +247,6 @@ config NF_CONNTRACK_SANE
255 247
256config NF_CONNTRACK_SIP 248config NF_CONNTRACK_SIP
257 tristate "SIP protocol support" 249 tristate "SIP protocol support"
258 depends on NF_CONNTRACK
259 default m if NETFILTER_ADVANCED=n 250 default m if NETFILTER_ADVANCED=n
260 help 251 help
261 SIP is an application-layer control protocol that can establish, 252 SIP is an application-layer control protocol that can establish,
@@ -268,7 +259,6 @@ config NF_CONNTRACK_SIP
268 259
269config NF_CONNTRACK_TFTP 260config NF_CONNTRACK_TFTP
270 tristate "TFTP protocol support" 261 tristate "TFTP protocol support"
271 depends on NF_CONNTRACK
272 depends on NETFILTER_ADVANCED 262 depends on NETFILTER_ADVANCED
273 help 263 help
274 TFTP connection tracking helper, this is required depending 264 TFTP connection tracking helper, this is required depending
@@ -280,7 +270,6 @@ config NF_CONNTRACK_TFTP
280 270
281config NF_CT_NETLINK 271config NF_CT_NETLINK
282 tristate 'Connection tracking netlink interface' 272 tristate 'Connection tracking netlink interface'
283 depends on NF_CONNTRACK
284 select NETFILTER_NETLINK 273 select NETFILTER_NETLINK
285 depends on NF_NAT=n || NF_NAT 274 depends on NF_NAT=n || NF_NAT
286 default m if NETFILTER_ADVANCED=n 275 default m if NETFILTER_ADVANCED=n
@@ -302,6 +291,8 @@ config NETFILTER_TPROXY
302 291
303 To compile it as a module, choose M here. If unsure, say N. 292 To compile it as a module, choose M here. If unsure, say N.
304 293
294endif # NF_CONNTRACK
295
305config NETFILTER_XTABLES 296config NETFILTER_XTABLES
306 tristate "Netfilter Xtables support (required for ip_tables)" 297 tristate "Netfilter Xtables support (required for ip_tables)"
307 default m if NETFILTER_ADVANCED=n 298 default m if NETFILTER_ADVANCED=n
@@ -309,11 +300,12 @@ config NETFILTER_XTABLES
309 This is required if you intend to use any of ip_tables, 300 This is required if you intend to use any of ip_tables,
310 ip6_tables or arp_tables. 301 ip6_tables or arp_tables.
311 302
303if NETFILTER_XTABLES
304
312# alphabetically ordered list of targets 305# alphabetically ordered list of targets
313 306
314config NETFILTER_XT_TARGET_CLASSIFY 307config NETFILTER_XT_TARGET_CLASSIFY
315 tristate '"CLASSIFY" target support' 308 tristate '"CLASSIFY" target support'
316 depends on NETFILTER_XTABLES
317 depends on NETFILTER_ADVANCED 309 depends on NETFILTER_ADVANCED
318 help 310 help
319 This option adds a `CLASSIFY' target, which enables the user to set 311 This option adds a `CLASSIFY' target, which enables the user to set
@@ -326,7 +318,6 @@ config NETFILTER_XT_TARGET_CLASSIFY
326 318
327config NETFILTER_XT_TARGET_CONNMARK 319config NETFILTER_XT_TARGET_CONNMARK
328 tristate '"CONNMARK" target support' 320 tristate '"CONNMARK" target support'
329 depends on NETFILTER_XTABLES
330 depends on IP_NF_MANGLE || IP6_NF_MANGLE 321 depends on IP_NF_MANGLE || IP6_NF_MANGLE
331 depends on NF_CONNTRACK 322 depends on NF_CONNTRACK
332 depends on NETFILTER_ADVANCED 323 depends on NETFILTER_ADVANCED
@@ -342,7 +333,7 @@ config NETFILTER_XT_TARGET_CONNMARK
342 333
343config NETFILTER_XT_TARGET_CONNSECMARK 334config NETFILTER_XT_TARGET_CONNSECMARK
344 tristate '"CONNSECMARK" target support' 335 tristate '"CONNSECMARK" target support'
345 depends on NETFILTER_XTABLES && NF_CONNTRACK && NF_CONNTRACK_SECMARK 336 depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK
346 default m if NETFILTER_ADVANCED=n 337 default m if NETFILTER_ADVANCED=n
347 help 338 help
348 The CONNSECMARK target copies security markings from packets 339 The CONNSECMARK target copies security markings from packets
@@ -354,7 +345,6 @@ config NETFILTER_XT_TARGET_CONNSECMARK
354 345
355config NETFILTER_XT_TARGET_DSCP 346config NETFILTER_XT_TARGET_DSCP
356 tristate '"DSCP" and "TOS" target support' 347 tristate '"DSCP" and "TOS" target support'
357 depends on NETFILTER_XTABLES
358 depends on IP_NF_MANGLE || IP6_NF_MANGLE 348 depends on IP_NF_MANGLE || IP6_NF_MANGLE
359 depends on NETFILTER_ADVANCED 349 depends on NETFILTER_ADVANCED
360 help 350 help
@@ -371,7 +361,6 @@ config NETFILTER_XT_TARGET_DSCP
371 361
372config NETFILTER_XT_TARGET_MARK 362config NETFILTER_XT_TARGET_MARK
373 tristate '"MARK" target support' 363 tristate '"MARK" target support'
374 depends on NETFILTER_XTABLES
375 default m if NETFILTER_ADVANCED=n 364 default m if NETFILTER_ADVANCED=n
376 help 365 help
377 This option adds a `MARK' target, which allows you to create rules 366 This option adds a `MARK' target, which allows you to create rules
@@ -385,7 +374,6 @@ config NETFILTER_XT_TARGET_MARK
385 374
386config NETFILTER_XT_TARGET_NFLOG 375config NETFILTER_XT_TARGET_NFLOG
387 tristate '"NFLOG" target support' 376 tristate '"NFLOG" target support'
388 depends on NETFILTER_XTABLES
389 default m if NETFILTER_ADVANCED=n 377 default m if NETFILTER_ADVANCED=n
390 help 378 help
391 This option enables the NFLOG target, which allows to LOG 379 This option enables the NFLOG target, which allows to LOG
@@ -397,7 +385,6 @@ config NETFILTER_XT_TARGET_NFLOG
397 385
398config NETFILTER_XT_TARGET_NFQUEUE 386config NETFILTER_XT_TARGET_NFQUEUE
399 tristate '"NFQUEUE" target Support' 387 tristate '"NFQUEUE" target Support'
400 depends on NETFILTER_XTABLES
401 depends on NETFILTER_ADVANCED 388 depends on NETFILTER_ADVANCED
402 help 389 help
403 This target replaced the old obsolete QUEUE target. 390 This target replaced the old obsolete QUEUE target.
@@ -409,7 +396,6 @@ config NETFILTER_XT_TARGET_NFQUEUE
409 396
410config NETFILTER_XT_TARGET_NOTRACK 397config NETFILTER_XT_TARGET_NOTRACK
411 tristate '"NOTRACK" target support' 398 tristate '"NOTRACK" target support'
412 depends on NETFILTER_XTABLES
413 depends on IP_NF_RAW || IP6_NF_RAW 399 depends on IP_NF_RAW || IP6_NF_RAW
414 depends on NF_CONNTRACK 400 depends on NF_CONNTRACK
415 depends on NETFILTER_ADVANCED 401 depends on NETFILTER_ADVANCED
@@ -424,7 +410,6 @@ config NETFILTER_XT_TARGET_NOTRACK
424 410
425config NETFILTER_XT_TARGET_RATEEST 411config NETFILTER_XT_TARGET_RATEEST
426 tristate '"RATEEST" target support' 412 tristate '"RATEEST" target support'
427 depends on NETFILTER_XTABLES
428 depends on NETFILTER_ADVANCED 413 depends on NETFILTER_ADVANCED
429 help 414 help
430 This option adds a `RATEEST' target, which allows to measure 415 This option adds a `RATEEST' target, which allows to measure
@@ -450,7 +435,6 @@ config NETFILTER_XT_TARGET_TPROXY
450 435
451config NETFILTER_XT_TARGET_TRACE 436config NETFILTER_XT_TARGET_TRACE
452 tristate '"TRACE" target support' 437 tristate '"TRACE" target support'
453 depends on NETFILTER_XTABLES
454 depends on IP_NF_RAW || IP6_NF_RAW 438 depends on IP_NF_RAW || IP6_NF_RAW
455 depends on NETFILTER_ADVANCED 439 depends on NETFILTER_ADVANCED
456 help 440 help
@@ -463,7 +447,7 @@ config NETFILTER_XT_TARGET_TRACE
463 447
464config NETFILTER_XT_TARGET_SECMARK 448config NETFILTER_XT_TARGET_SECMARK
465 tristate '"SECMARK" target support' 449 tristate '"SECMARK" target support'
466 depends on NETFILTER_XTABLES && NETWORK_SECMARK 450 depends on NETWORK_SECMARK
467 default m if NETFILTER_ADVANCED=n 451 default m if NETFILTER_ADVANCED=n
468 help 452 help
469 The SECMARK target allows security marking of network 453 The SECMARK target allows security marking of network
@@ -473,7 +457,7 @@ config NETFILTER_XT_TARGET_SECMARK
473 457
474config NETFILTER_XT_TARGET_TCPMSS 458config NETFILTER_XT_TARGET_TCPMSS
475 tristate '"TCPMSS" target support' 459 tristate '"TCPMSS" target support'
476 depends on NETFILTER_XTABLES && (IPV6 || IPV6=n) 460 depends on (IPV6 || IPV6=n)
477 default m if NETFILTER_ADVANCED=n 461 default m if NETFILTER_ADVANCED=n
478 ---help--- 462 ---help---
479 This option adds a `TCPMSS' target, which allows you to alter the 463 This option adds a `TCPMSS' target, which allows you to alter the
@@ -500,7 +484,7 @@ config NETFILTER_XT_TARGET_TCPMSS
500 484
501config NETFILTER_XT_TARGET_TCPOPTSTRIP 485config NETFILTER_XT_TARGET_TCPOPTSTRIP
502 tristate '"TCPOPTSTRIP" target support (EXPERIMENTAL)' 486 tristate '"TCPOPTSTRIP" target support (EXPERIMENTAL)'
503 depends on EXPERIMENTAL && NETFILTER_XTABLES 487 depends on EXPERIMENTAL
504 depends on IP_NF_MANGLE || IP6_NF_MANGLE 488 depends on IP_NF_MANGLE || IP6_NF_MANGLE
505 depends on NETFILTER_ADVANCED 489 depends on NETFILTER_ADVANCED
506 help 490 help
@@ -509,7 +493,6 @@ config NETFILTER_XT_TARGET_TCPOPTSTRIP
509 493
510config NETFILTER_XT_MATCH_COMMENT 494config NETFILTER_XT_MATCH_COMMENT
511 tristate '"comment" match support' 495 tristate '"comment" match support'
512 depends on NETFILTER_XTABLES
513 depends on NETFILTER_ADVANCED 496 depends on NETFILTER_ADVANCED
514 help 497 help
515 This option adds a `comment' dummy-match, which allows you to put 498 This option adds a `comment' dummy-match, which allows you to put
@@ -520,7 +503,6 @@ config NETFILTER_XT_MATCH_COMMENT
520 503
521config NETFILTER_XT_MATCH_CONNBYTES 504config NETFILTER_XT_MATCH_CONNBYTES
522 tristate '"connbytes" per-connection counter match support' 505 tristate '"connbytes" per-connection counter match support'
523 depends on NETFILTER_XTABLES
524 depends on NF_CONNTRACK 506 depends on NF_CONNTRACK
525 depends on NETFILTER_ADVANCED 507 depends on NETFILTER_ADVANCED
526 select NF_CT_ACCT 508 select NF_CT_ACCT
@@ -533,7 +515,6 @@ config NETFILTER_XT_MATCH_CONNBYTES
533 515
534config NETFILTER_XT_MATCH_CONNLIMIT 516config NETFILTER_XT_MATCH_CONNLIMIT
535 tristate '"connlimit" match support"' 517 tristate '"connlimit" match support"'
536 depends on NETFILTER_XTABLES
537 depends on NF_CONNTRACK 518 depends on NF_CONNTRACK
538 depends on NETFILTER_ADVANCED 519 depends on NETFILTER_ADVANCED
539 ---help--- 520 ---help---
@@ -542,7 +523,6 @@ config NETFILTER_XT_MATCH_CONNLIMIT
542 523
543config NETFILTER_XT_MATCH_CONNMARK 524config NETFILTER_XT_MATCH_CONNMARK
544 tristate '"connmark" connection mark match support' 525 tristate '"connmark" connection mark match support'
545 depends on NETFILTER_XTABLES
546 depends on NF_CONNTRACK 526 depends on NF_CONNTRACK
547 depends on NETFILTER_ADVANCED 527 depends on NETFILTER_ADVANCED
548 select NF_CONNTRACK_MARK 528 select NF_CONNTRACK_MARK
@@ -556,7 +536,6 @@ config NETFILTER_XT_MATCH_CONNMARK
556 536
557config NETFILTER_XT_MATCH_CONNTRACK 537config NETFILTER_XT_MATCH_CONNTRACK
558 tristate '"conntrack" connection tracking match support' 538 tristate '"conntrack" connection tracking match support'
559 depends on NETFILTER_XTABLES
560 depends on NF_CONNTRACK 539 depends on NF_CONNTRACK
561 default m if NETFILTER_ADVANCED=n 540 default m if NETFILTER_ADVANCED=n
562 help 541 help
@@ -570,7 +549,6 @@ config NETFILTER_XT_MATCH_CONNTRACK
570 549
571config NETFILTER_XT_MATCH_DCCP 550config NETFILTER_XT_MATCH_DCCP
572 tristate '"dccp" protocol match support' 551 tristate '"dccp" protocol match support'
573 depends on NETFILTER_XTABLES
574 depends on NETFILTER_ADVANCED 552 depends on NETFILTER_ADVANCED
575 default IP_DCCP 553 default IP_DCCP
576 help 554 help
@@ -583,7 +561,6 @@ config NETFILTER_XT_MATCH_DCCP
583 561
584config NETFILTER_XT_MATCH_DSCP 562config NETFILTER_XT_MATCH_DSCP
585 tristate '"dscp" and "tos" match support' 563 tristate '"dscp" and "tos" match support'
586 depends on NETFILTER_XTABLES
587 depends on NETFILTER_ADVANCED 564 depends on NETFILTER_ADVANCED
588 help 565 help
589 This option adds a `DSCP' match, which allows you to match against 566 This option adds a `DSCP' match, which allows you to match against
@@ -599,7 +576,6 @@ config NETFILTER_XT_MATCH_DSCP
599 576
600config NETFILTER_XT_MATCH_ESP 577config NETFILTER_XT_MATCH_ESP
601 tristate '"esp" match support' 578 tristate '"esp" match support'
602 depends on NETFILTER_XTABLES
603 depends on NETFILTER_ADVANCED 579 depends on NETFILTER_ADVANCED
604 help 580 help
605 This match extension allows you to match a range of SPIs 581 This match extension allows you to match a range of SPIs
@@ -609,7 +585,7 @@ config NETFILTER_XT_MATCH_ESP
609 585
610config NETFILTER_XT_MATCH_HASHLIMIT 586config NETFILTER_XT_MATCH_HASHLIMIT
611 tristate '"hashlimit" match support' 587 tristate '"hashlimit" match support'
612 depends on NETFILTER_XTABLES && (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) 588 depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
613 depends on NETFILTER_ADVANCED 589 depends on NETFILTER_ADVANCED
614 help 590 help
615 This option adds a `hashlimit' match. 591 This option adds a `hashlimit' match.
@@ -624,7 +600,6 @@ config NETFILTER_XT_MATCH_HASHLIMIT
624 600
625config NETFILTER_XT_MATCH_HELPER 601config NETFILTER_XT_MATCH_HELPER
626 tristate '"helper" match support' 602 tristate '"helper" match support'
627 depends on NETFILTER_XTABLES
628 depends on NF_CONNTRACK 603 depends on NF_CONNTRACK
629 depends on NETFILTER_ADVANCED 604 depends on NETFILTER_ADVANCED
630 help 605 help
@@ -635,7 +610,6 @@ config NETFILTER_XT_MATCH_HELPER
635 610
636config NETFILTER_XT_MATCH_IPRANGE 611config NETFILTER_XT_MATCH_IPRANGE
637 tristate '"iprange" address range match support' 612 tristate '"iprange" address range match support'
638 depends on NETFILTER_XTABLES
639 depends on NETFILTER_ADVANCED 613 depends on NETFILTER_ADVANCED
640 ---help--- 614 ---help---
641 This option adds a "iprange" match, which allows you to match based on 615 This option adds a "iprange" match, which allows you to match based on
@@ -646,7 +620,6 @@ config NETFILTER_XT_MATCH_IPRANGE
646 620
647config NETFILTER_XT_MATCH_LENGTH 621config NETFILTER_XT_MATCH_LENGTH
648 tristate '"length" match support' 622 tristate '"length" match support'
649 depends on NETFILTER_XTABLES
650 depends on NETFILTER_ADVANCED 623 depends on NETFILTER_ADVANCED
651 help 624 help
652 This option allows you to match the length of a packet against a 625 This option allows you to match the length of a packet against a
@@ -656,7 +629,6 @@ config NETFILTER_XT_MATCH_LENGTH
656 629
657config NETFILTER_XT_MATCH_LIMIT 630config NETFILTER_XT_MATCH_LIMIT
658 tristate '"limit" match support' 631 tristate '"limit" match support'
659 depends on NETFILTER_XTABLES
660 depends on NETFILTER_ADVANCED 632 depends on NETFILTER_ADVANCED
661 help 633 help
662 limit matching allows you to control the rate at which a rule can be 634 limit matching allows you to control the rate at which a rule can be
@@ -667,7 +639,6 @@ config NETFILTER_XT_MATCH_LIMIT
667 639
668config NETFILTER_XT_MATCH_MAC 640config NETFILTER_XT_MATCH_MAC
669 tristate '"mac" address match support' 641 tristate '"mac" address match support'
670 depends on NETFILTER_XTABLES
671 depends on NETFILTER_ADVANCED 642 depends on NETFILTER_ADVANCED
672 help 643 help
673 MAC matching allows you to match packets based on the source 644 MAC matching allows you to match packets based on the source
@@ -677,7 +648,6 @@ config NETFILTER_XT_MATCH_MAC
677 648
678config NETFILTER_XT_MATCH_MARK 649config NETFILTER_XT_MATCH_MARK
679 tristate '"mark" match support' 650 tristate '"mark" match support'
680 depends on NETFILTER_XTABLES
681 default m if NETFILTER_ADVANCED=n 651 default m if NETFILTER_ADVANCED=n
682 help 652 help
683 Netfilter mark matching allows you to match packets based on the 653 Netfilter mark matching allows you to match packets based on the
@@ -688,7 +658,6 @@ config NETFILTER_XT_MATCH_MARK
688 658
689config NETFILTER_XT_MATCH_MULTIPORT 659config NETFILTER_XT_MATCH_MULTIPORT
690 tristate '"multiport" Multiple port match support' 660 tristate '"multiport" Multiple port match support'
691 depends on NETFILTER_XTABLES
692 depends on NETFILTER_ADVANCED 661 depends on NETFILTER_ADVANCED
693 help 662 help
694 Multiport matching allows you to match TCP or UDP packets based on 663 Multiport matching allows you to match TCP or UDP packets based on
@@ -699,7 +668,6 @@ config NETFILTER_XT_MATCH_MULTIPORT
699 668
700config NETFILTER_XT_MATCH_OWNER 669config NETFILTER_XT_MATCH_OWNER
701 tristate '"owner" match support' 670 tristate '"owner" match support'
702 depends on NETFILTER_XTABLES
703 depends on NETFILTER_ADVANCED 671 depends on NETFILTER_ADVANCED
704 ---help--- 672 ---help---
705 Socket owner matching allows you to match locally-generated packets 673 Socket owner matching allows you to match locally-generated packets
@@ -708,7 +676,7 @@ config NETFILTER_XT_MATCH_OWNER
708 676
709config NETFILTER_XT_MATCH_POLICY 677config NETFILTER_XT_MATCH_POLICY
710 tristate 'IPsec "policy" match support' 678 tristate 'IPsec "policy" match support'
711 depends on NETFILTER_XTABLES && XFRM 679 depends on XFRM
712 default m if NETFILTER_ADVANCED=n 680 default m if NETFILTER_ADVANCED=n
713 help 681 help
714 Policy matching allows you to match packets based on the 682 Policy matching allows you to match packets based on the
@@ -719,7 +687,7 @@ config NETFILTER_XT_MATCH_POLICY
719 687
720config NETFILTER_XT_MATCH_PHYSDEV 688config NETFILTER_XT_MATCH_PHYSDEV
721 tristate '"physdev" match support' 689 tristate '"physdev" match support'
722 depends on NETFILTER_XTABLES && BRIDGE && BRIDGE_NETFILTER 690 depends on BRIDGE && BRIDGE_NETFILTER
723 depends on NETFILTER_ADVANCED 691 depends on NETFILTER_ADVANCED
724 help 692 help
725 Physdev packet matching matches against the physical bridge ports 693 Physdev packet matching matches against the physical bridge ports
@@ -729,7 +697,6 @@ config NETFILTER_XT_MATCH_PHYSDEV
729 697
730config NETFILTER_XT_MATCH_PKTTYPE 698config NETFILTER_XT_MATCH_PKTTYPE
731 tristate '"pkttype" packet type match support' 699 tristate '"pkttype" packet type match support'
732 depends on NETFILTER_XTABLES
733 depends on NETFILTER_ADVANCED 700 depends on NETFILTER_ADVANCED
734 help 701 help
735 Packet type matching allows you to match a packet by 702 Packet type matching allows you to match a packet by
@@ -742,7 +709,6 @@ config NETFILTER_XT_MATCH_PKTTYPE
742 709
743config NETFILTER_XT_MATCH_QUOTA 710config NETFILTER_XT_MATCH_QUOTA
744 tristate '"quota" match support' 711 tristate '"quota" match support'
745 depends on NETFILTER_XTABLES
746 depends on NETFILTER_ADVANCED 712 depends on NETFILTER_ADVANCED
747 help 713 help
748 This option adds a `quota' match, which allows to match on a 714 This option adds a `quota' match, which allows to match on a
@@ -753,7 +719,6 @@ config NETFILTER_XT_MATCH_QUOTA
753 719
754config NETFILTER_XT_MATCH_RATEEST 720config NETFILTER_XT_MATCH_RATEEST
755 tristate '"rateest" match support' 721 tristate '"rateest" match support'
756 depends on NETFILTER_XTABLES
757 depends on NETFILTER_ADVANCED 722 depends on NETFILTER_ADVANCED
758 select NETFILTER_XT_TARGET_RATEEST 723 select NETFILTER_XT_TARGET_RATEEST
759 help 724 help
@@ -764,7 +729,6 @@ config NETFILTER_XT_MATCH_RATEEST
764 729
765config NETFILTER_XT_MATCH_REALM 730config NETFILTER_XT_MATCH_REALM
766 tristate '"realm" match support' 731 tristate '"realm" match support'
767 depends on NETFILTER_XTABLES
768 depends on NETFILTER_ADVANCED 732 depends on NETFILTER_ADVANCED
769 select NET_CLS_ROUTE 733 select NET_CLS_ROUTE
770 help 734 help
@@ -779,7 +743,6 @@ config NETFILTER_XT_MATCH_REALM
779 743
780config NETFILTER_XT_MATCH_RECENT 744config NETFILTER_XT_MATCH_RECENT
781 tristate '"recent" match support' 745 tristate '"recent" match support'
782 depends on NETFILTER_XTABLES
783 depends on NETFILTER_ADVANCED 746 depends on NETFILTER_ADVANCED
784 ---help--- 747 ---help---
785 This match is used for creating one or many lists of recently 748 This match is used for creating one or many lists of recently
@@ -797,7 +760,7 @@ config NETFILTER_XT_MATCH_RECENT_PROC_COMPAT
797 760
798config NETFILTER_XT_MATCH_SCTP 761config NETFILTER_XT_MATCH_SCTP
799 tristate '"sctp" protocol match support (EXPERIMENTAL)' 762 tristate '"sctp" protocol match support (EXPERIMENTAL)'
800 depends on NETFILTER_XTABLES && EXPERIMENTAL 763 depends on EXPERIMENTAL
801 depends on NETFILTER_ADVANCED 764 depends on NETFILTER_ADVANCED
802 default IP_SCTP 765 default IP_SCTP
803 help 766 help
@@ -825,7 +788,6 @@ config NETFILTER_XT_MATCH_SOCKET
825 788
826config NETFILTER_XT_MATCH_STATE 789config NETFILTER_XT_MATCH_STATE
827 tristate '"state" match support' 790 tristate '"state" match support'
828 depends on NETFILTER_XTABLES
829 depends on NF_CONNTRACK 791 depends on NF_CONNTRACK
830 default m if NETFILTER_ADVANCED=n 792 default m if NETFILTER_ADVANCED=n
831 help 793 help
@@ -837,7 +799,6 @@ config NETFILTER_XT_MATCH_STATE
837 799
838config NETFILTER_XT_MATCH_STATISTIC 800config NETFILTER_XT_MATCH_STATISTIC
839 tristate '"statistic" match support' 801 tristate '"statistic" match support'
840 depends on NETFILTER_XTABLES
841 depends on NETFILTER_ADVANCED 802 depends on NETFILTER_ADVANCED
842 help 803 help
843 This option adds a `statistic' match, which allows you to match 804 This option adds a `statistic' match, which allows you to match
@@ -847,7 +808,6 @@ config NETFILTER_XT_MATCH_STATISTIC
847 808
848config NETFILTER_XT_MATCH_STRING 809config NETFILTER_XT_MATCH_STRING
849 tristate '"string" match support' 810 tristate '"string" match support'
850 depends on NETFILTER_XTABLES
851 depends on NETFILTER_ADVANCED 811 depends on NETFILTER_ADVANCED
852 select TEXTSEARCH 812 select TEXTSEARCH
853 select TEXTSEARCH_KMP 813 select TEXTSEARCH_KMP
@@ -861,7 +821,6 @@ config NETFILTER_XT_MATCH_STRING
861 821
862config NETFILTER_XT_MATCH_TCPMSS 822config NETFILTER_XT_MATCH_TCPMSS
863 tristate '"tcpmss" match support' 823 tristate '"tcpmss" match support'
864 depends on NETFILTER_XTABLES
865 depends on NETFILTER_ADVANCED 824 depends on NETFILTER_ADVANCED
866 help 825 help
867 This option adds a `tcpmss' match, which allows you to examine the 826 This option adds a `tcpmss' match, which allows you to examine the
@@ -872,7 +831,6 @@ config NETFILTER_XT_MATCH_TCPMSS
872 831
873config NETFILTER_XT_MATCH_TIME 832config NETFILTER_XT_MATCH_TIME
874 tristate '"time" match support' 833 tristate '"time" match support'
875 depends on NETFILTER_XTABLES
876 depends on NETFILTER_ADVANCED 834 depends on NETFILTER_ADVANCED
877 ---help--- 835 ---help---
878 This option adds a "time" match, which allows you to match based on 836 This option adds a "time" match, which allows you to match based on
@@ -887,7 +845,6 @@ config NETFILTER_XT_MATCH_TIME
887 845
888config NETFILTER_XT_MATCH_U32 846config NETFILTER_XT_MATCH_U32
889 tristate '"u32" match support' 847 tristate '"u32" match support'
890 depends on NETFILTER_XTABLES
891 depends on NETFILTER_ADVANCED 848 depends on NETFILTER_ADVANCED
892 ---help--- 849 ---help---
893 u32 allows you to extract quantities of up to 4 bytes from a packet, 850 u32 allows you to extract quantities of up to 4 bytes from a packet,
@@ -899,5 +856,6 @@ config NETFILTER_XT_MATCH_U32
899 856
900 Details and examples are in the kernel module source. 857 Details and examples are in the kernel module source.
901 858
902endmenu 859endif # NETFILTER_XTABLES
903 860
861endmenu