diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:18 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:18 -0400 |
commit | c2df73de246ae75705af8ceed4f385b261dea108 (patch) | |
tree | 9372e24e1569cf83f592ea93f899909c391ddad1 /net/netfilter | |
parent | aba0d34800d7f56493b4d5548cc06498a4d69124 (diff) |
netfilter: xtables: use "if" blocks in Kconfig
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/Kconfig | 84 |
1 files changed, 21 insertions, 63 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 9ad74e8bc5bd..899e78051d8b 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
@@ -38,10 +38,11 @@ config NF_CONNTRACK | |||
38 | 38 | ||
39 | To compile it as a module, choose M here. If unsure, say N. | 39 | To compile it as a module, choose M here. If unsure, say N. |
40 | 40 | ||
41 | if NF_CONNTRACK | ||
42 | |||
41 | config NF_CT_ACCT | 43 | config NF_CT_ACCT |
42 | bool "Connection tracking flow accounting" | 44 | bool "Connection tracking flow accounting" |
43 | depends on NETFILTER_ADVANCED | 45 | depends on NETFILTER_ADVANCED |
44 | depends on NF_CONNTRACK | ||
45 | help | 46 | help |
46 | If this option is enabled, the connection tracking code will | 47 | If this option is enabled, the connection tracking code will |
47 | keep per-flow packet and byte counters. | 48 | keep per-flow packet and byte counters. |
@@ -63,7 +64,6 @@ config NF_CT_ACCT | |||
63 | config NF_CONNTRACK_MARK | 64 | config NF_CONNTRACK_MARK |
64 | bool 'Connection mark tracking support' | 65 | bool 'Connection mark tracking support' |
65 | depends on NETFILTER_ADVANCED | 66 | depends on NETFILTER_ADVANCED |
66 | depends on NF_CONNTRACK | ||
67 | help | 67 | help |
68 | This option enables support for connection marks, used by the | 68 | This option enables support for connection marks, used by the |
69 | `CONNMARK' target and `connmark' match. Similar to the mark value | 69 | `CONNMARK' target and `connmark' match. Similar to the mark value |
@@ -72,7 +72,7 @@ config NF_CONNTRACK_MARK | |||
72 | 72 | ||
73 | config NF_CONNTRACK_SECMARK | 73 | config NF_CONNTRACK_SECMARK |
74 | bool 'Connection tracking security mark support' | 74 | bool 'Connection tracking security mark support' |
75 | depends on NF_CONNTRACK && NETWORK_SECMARK | 75 | depends on NETWORK_SECMARK |
76 | default m if NETFILTER_ADVANCED=n | 76 | default m if NETFILTER_ADVANCED=n |
77 | help | 77 | help |
78 | This option enables security markings to be applied to | 78 | This option enables security markings to be applied to |
@@ -85,7 +85,6 @@ config NF_CONNTRACK_SECMARK | |||
85 | 85 | ||
86 | config NF_CONNTRACK_EVENTS | 86 | config NF_CONNTRACK_EVENTS |
87 | bool "Connection tracking events" | 87 | bool "Connection tracking events" |
88 | depends on NF_CONNTRACK | ||
89 | depends on NETFILTER_ADVANCED | 88 | depends on NETFILTER_ADVANCED |
90 | help | 89 | help |
91 | If this option is enabled, the connection tracking code will | 90 | If this option is enabled, the connection tracking code will |
@@ -96,7 +95,7 @@ config NF_CONNTRACK_EVENTS | |||
96 | 95 | ||
97 | config NF_CT_PROTO_DCCP | 96 | config NF_CT_PROTO_DCCP |
98 | tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' | 97 | tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' |
99 | depends on EXPERIMENTAL && NF_CONNTRACK | 98 | depends on EXPERIMENTAL |
100 | depends on NETFILTER_ADVANCED | 99 | depends on NETFILTER_ADVANCED |
101 | default IP_DCCP | 100 | default IP_DCCP |
102 | help | 101 | help |
@@ -107,11 +106,10 @@ config NF_CT_PROTO_DCCP | |||
107 | 106 | ||
108 | config NF_CT_PROTO_GRE | 107 | config NF_CT_PROTO_GRE |
109 | tristate | 108 | tristate |
110 | depends on NF_CONNTRACK | ||
111 | 109 | ||
112 | config NF_CT_PROTO_SCTP | 110 | config NF_CT_PROTO_SCTP |
113 | tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' | 111 | tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' |
114 | depends on EXPERIMENTAL && NF_CONNTRACK | 112 | depends on EXPERIMENTAL |
115 | depends on NETFILTER_ADVANCED | 113 | depends on NETFILTER_ADVANCED |
116 | default IP_SCTP | 114 | default IP_SCTP |
117 | help | 115 | help |
@@ -123,7 +121,6 @@ config NF_CT_PROTO_SCTP | |||
123 | 121 | ||
124 | config NF_CT_PROTO_UDPLITE | 122 | config NF_CT_PROTO_UDPLITE |
125 | tristate 'UDP-Lite protocol connection tracking support' | 123 | tristate 'UDP-Lite protocol connection tracking support' |
126 | depends on NF_CONNTRACK | ||
127 | depends on NETFILTER_ADVANCED | 124 | depends on NETFILTER_ADVANCED |
128 | help | 125 | help |
129 | With this option enabled, the layer 3 independent connection | 126 | With this option enabled, the layer 3 independent connection |
@@ -134,7 +131,6 @@ config NF_CT_PROTO_UDPLITE | |||
134 | 131 | ||
135 | config NF_CONNTRACK_AMANDA | 132 | config NF_CONNTRACK_AMANDA |
136 | tristate "Amanda backup protocol support" | 133 | tristate "Amanda backup protocol support" |
137 | depends on NF_CONNTRACK | ||
138 | depends on NETFILTER_ADVANCED | 134 | depends on NETFILTER_ADVANCED |
139 | select TEXTSEARCH | 135 | select TEXTSEARCH |
140 | select TEXTSEARCH_KMP | 136 | select TEXTSEARCH_KMP |
@@ -150,7 +146,6 @@ config NF_CONNTRACK_AMANDA | |||
150 | 146 | ||
151 | config NF_CONNTRACK_FTP | 147 | config NF_CONNTRACK_FTP |
152 | tristate "FTP protocol support" | 148 | tristate "FTP protocol support" |
153 | depends on NF_CONNTRACK | ||
154 | default m if NETFILTER_ADVANCED=n | 149 | default m if NETFILTER_ADVANCED=n |
155 | help | 150 | help |
156 | Tracking FTP connections is problematic: special helpers are | 151 | Tracking FTP connections is problematic: special helpers are |
@@ -165,7 +160,7 @@ config NF_CONNTRACK_FTP | |||
165 | 160 | ||
166 | config NF_CONNTRACK_H323 | 161 | config NF_CONNTRACK_H323 |
167 | tristate "H.323 protocol support" | 162 | tristate "H.323 protocol support" |
168 | depends on NF_CONNTRACK && (IPV6 || IPV6=n) | 163 | depends on (IPV6 || IPV6=n) |
169 | depends on NETFILTER_ADVANCED | 164 | depends on NETFILTER_ADVANCED |
170 | help | 165 | help |
171 | H.323 is a VoIP signalling protocol from ITU-T. As one of the most | 166 | H.323 is a VoIP signalling protocol from ITU-T. As one of the most |
@@ -185,7 +180,6 @@ config NF_CONNTRACK_H323 | |||
185 | 180 | ||
186 | config NF_CONNTRACK_IRC | 181 | config NF_CONNTRACK_IRC |
187 | tristate "IRC protocol support" | 182 | tristate "IRC protocol support" |
188 | depends on NF_CONNTRACK | ||
189 | default m if NETFILTER_ADVANCED=n | 183 | default m if NETFILTER_ADVANCED=n |
190 | help | 184 | help |
191 | There is a commonly-used extension to IRC called | 185 | There is a commonly-used extension to IRC called |
@@ -201,7 +195,6 @@ config NF_CONNTRACK_IRC | |||
201 | 195 | ||
202 | config NF_CONNTRACK_NETBIOS_NS | 196 | config NF_CONNTRACK_NETBIOS_NS |
203 | tristate "NetBIOS name service protocol support" | 197 | tristate "NetBIOS name service protocol support" |
204 | depends on NF_CONNTRACK | ||
205 | depends on NETFILTER_ADVANCED | 198 | depends on NETFILTER_ADVANCED |
206 | help | 199 | help |
207 | NetBIOS name service requests are sent as broadcast messages from an | 200 | NetBIOS name service requests are sent as broadcast messages from an |
@@ -221,7 +214,6 @@ config NF_CONNTRACK_NETBIOS_NS | |||
221 | 214 | ||
222 | config NF_CONNTRACK_PPTP | 215 | config NF_CONNTRACK_PPTP |
223 | tristate "PPtP protocol support" | 216 | tristate "PPtP protocol support" |
224 | depends on NF_CONNTRACK | ||
225 | depends on NETFILTER_ADVANCED | 217 | depends on NETFILTER_ADVANCED |
226 | select NF_CT_PROTO_GRE | 218 | select NF_CT_PROTO_GRE |
227 | help | 219 | help |
@@ -241,7 +233,7 @@ config NF_CONNTRACK_PPTP | |||
241 | 233 | ||
242 | config NF_CONNTRACK_SANE | 234 | config NF_CONNTRACK_SANE |
243 | tristate "SANE protocol support (EXPERIMENTAL)" | 235 | tristate "SANE protocol support (EXPERIMENTAL)" |
244 | depends on EXPERIMENTAL && NF_CONNTRACK | 236 | depends on EXPERIMENTAL |
245 | depends on NETFILTER_ADVANCED | 237 | depends on NETFILTER_ADVANCED |
246 | help | 238 | help |
247 | SANE is a protocol for remote access to scanners as implemented | 239 | SANE is a protocol for remote access to scanners as implemented |
@@ -255,7 +247,6 @@ config NF_CONNTRACK_SANE | |||
255 | 247 | ||
256 | config NF_CONNTRACK_SIP | 248 | config NF_CONNTRACK_SIP |
257 | tristate "SIP protocol support" | 249 | tristate "SIP protocol support" |
258 | depends on NF_CONNTRACK | ||
259 | default m if NETFILTER_ADVANCED=n | 250 | default m if NETFILTER_ADVANCED=n |
260 | help | 251 | help |
261 | SIP is an application-layer control protocol that can establish, | 252 | SIP is an application-layer control protocol that can establish, |
@@ -268,7 +259,6 @@ config NF_CONNTRACK_SIP | |||
268 | 259 | ||
269 | config NF_CONNTRACK_TFTP | 260 | config NF_CONNTRACK_TFTP |
270 | tristate "TFTP protocol support" | 261 | tristate "TFTP protocol support" |
271 | depends on NF_CONNTRACK | ||
272 | depends on NETFILTER_ADVANCED | 262 | depends on NETFILTER_ADVANCED |
273 | help | 263 | help |
274 | TFTP connection tracking helper, this is required depending | 264 | TFTP connection tracking helper, this is required depending |
@@ -280,7 +270,6 @@ config NF_CONNTRACK_TFTP | |||
280 | 270 | ||
281 | config NF_CT_NETLINK | 271 | config NF_CT_NETLINK |
282 | tristate 'Connection tracking netlink interface' | 272 | tristate 'Connection tracking netlink interface' |
283 | depends on NF_CONNTRACK | ||
284 | select NETFILTER_NETLINK | 273 | select NETFILTER_NETLINK |
285 | depends on NF_NAT=n || NF_NAT | 274 | depends on NF_NAT=n || NF_NAT |
286 | default m if NETFILTER_ADVANCED=n | 275 | default m if NETFILTER_ADVANCED=n |
@@ -302,6 +291,8 @@ config NETFILTER_TPROXY | |||
302 | 291 | ||
303 | To compile it as a module, choose M here. If unsure, say N. | 292 | To compile it as a module, choose M here. If unsure, say N. |
304 | 293 | ||
294 | endif # NF_CONNTRACK | ||
295 | |||
305 | config NETFILTER_XTABLES | 296 | config NETFILTER_XTABLES |
306 | tristate "Netfilter Xtables support (required for ip_tables)" | 297 | tristate "Netfilter Xtables support (required for ip_tables)" |
307 | default m if NETFILTER_ADVANCED=n | 298 | default m if NETFILTER_ADVANCED=n |
@@ -309,11 +300,12 @@ config NETFILTER_XTABLES | |||
309 | This is required if you intend to use any of ip_tables, | 300 | This is required if you intend to use any of ip_tables, |
310 | ip6_tables or arp_tables. | 301 | ip6_tables or arp_tables. |
311 | 302 | ||
303 | if NETFILTER_XTABLES | ||
304 | |||
312 | # alphabetically ordered list of targets | 305 | # alphabetically ordered list of targets |
313 | 306 | ||
314 | config NETFILTER_XT_TARGET_CLASSIFY | 307 | config NETFILTER_XT_TARGET_CLASSIFY |
315 | tristate '"CLASSIFY" target support' | 308 | tristate '"CLASSIFY" target support' |
316 | depends on NETFILTER_XTABLES | ||
317 | depends on NETFILTER_ADVANCED | 309 | depends on NETFILTER_ADVANCED |
318 | help | 310 | help |
319 | This option adds a `CLASSIFY' target, which enables the user to set | 311 | This option adds a `CLASSIFY' target, which enables the user to set |
@@ -326,7 +318,6 @@ config NETFILTER_XT_TARGET_CLASSIFY | |||
326 | 318 | ||
327 | config NETFILTER_XT_TARGET_CONNMARK | 319 | config NETFILTER_XT_TARGET_CONNMARK |
328 | tristate '"CONNMARK" target support' | 320 | tristate '"CONNMARK" target support' |
329 | depends on NETFILTER_XTABLES | ||
330 | depends on IP_NF_MANGLE || IP6_NF_MANGLE | 321 | depends on IP_NF_MANGLE || IP6_NF_MANGLE |
331 | depends on NF_CONNTRACK | 322 | depends on NF_CONNTRACK |
332 | depends on NETFILTER_ADVANCED | 323 | depends on NETFILTER_ADVANCED |
@@ -342,7 +333,7 @@ config NETFILTER_XT_TARGET_CONNMARK | |||
342 | 333 | ||
343 | config NETFILTER_XT_TARGET_CONNSECMARK | 334 | config NETFILTER_XT_TARGET_CONNSECMARK |
344 | tristate '"CONNSECMARK" target support' | 335 | tristate '"CONNSECMARK" target support' |
345 | depends on NETFILTER_XTABLES && NF_CONNTRACK && NF_CONNTRACK_SECMARK | 336 | depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK |
346 | default m if NETFILTER_ADVANCED=n | 337 | default m if NETFILTER_ADVANCED=n |
347 | help | 338 | help |
348 | The CONNSECMARK target copies security markings from packets | 339 | The CONNSECMARK target copies security markings from packets |
@@ -354,7 +345,6 @@ config NETFILTER_XT_TARGET_CONNSECMARK | |||
354 | 345 | ||
355 | config NETFILTER_XT_TARGET_DSCP | 346 | config NETFILTER_XT_TARGET_DSCP |
356 | tristate '"DSCP" and "TOS" target support' | 347 | tristate '"DSCP" and "TOS" target support' |
357 | depends on NETFILTER_XTABLES | ||
358 | depends on IP_NF_MANGLE || IP6_NF_MANGLE | 348 | depends on IP_NF_MANGLE || IP6_NF_MANGLE |
359 | depends on NETFILTER_ADVANCED | 349 | depends on NETFILTER_ADVANCED |
360 | help | 350 | help |
@@ -371,7 +361,6 @@ config NETFILTER_XT_TARGET_DSCP | |||
371 | 361 | ||
372 | config NETFILTER_XT_TARGET_MARK | 362 | config NETFILTER_XT_TARGET_MARK |
373 | tristate '"MARK" target support' | 363 | tristate '"MARK" target support' |
374 | depends on NETFILTER_XTABLES | ||
375 | default m if NETFILTER_ADVANCED=n | 364 | default m if NETFILTER_ADVANCED=n |
376 | help | 365 | help |
377 | This option adds a `MARK' target, which allows you to create rules | 366 | This option adds a `MARK' target, which allows you to create rules |
@@ -385,7 +374,6 @@ config NETFILTER_XT_TARGET_MARK | |||
385 | 374 | ||
386 | config NETFILTER_XT_TARGET_NFLOG | 375 | config NETFILTER_XT_TARGET_NFLOG |
387 | tristate '"NFLOG" target support' | 376 | tristate '"NFLOG" target support' |
388 | depends on NETFILTER_XTABLES | ||
389 | default m if NETFILTER_ADVANCED=n | 377 | default m if NETFILTER_ADVANCED=n |
390 | help | 378 | help |
391 | This option enables the NFLOG target, which allows to LOG | 379 | This option enables the NFLOG target, which allows to LOG |
@@ -397,7 +385,6 @@ config NETFILTER_XT_TARGET_NFLOG | |||
397 | 385 | ||
398 | config NETFILTER_XT_TARGET_NFQUEUE | 386 | config NETFILTER_XT_TARGET_NFQUEUE |
399 | tristate '"NFQUEUE" target Support' | 387 | tristate '"NFQUEUE" target Support' |
400 | depends on NETFILTER_XTABLES | ||
401 | depends on NETFILTER_ADVANCED | 388 | depends on NETFILTER_ADVANCED |
402 | help | 389 | help |
403 | This target replaced the old obsolete QUEUE target. | 390 | This target replaced the old obsolete QUEUE target. |
@@ -409,7 +396,6 @@ config NETFILTER_XT_TARGET_NFQUEUE | |||
409 | 396 | ||
410 | config NETFILTER_XT_TARGET_NOTRACK | 397 | config NETFILTER_XT_TARGET_NOTRACK |
411 | tristate '"NOTRACK" target support' | 398 | tristate '"NOTRACK" target support' |
412 | depends on NETFILTER_XTABLES | ||
413 | depends on IP_NF_RAW || IP6_NF_RAW | 399 | depends on IP_NF_RAW || IP6_NF_RAW |
414 | depends on NF_CONNTRACK | 400 | depends on NF_CONNTRACK |
415 | depends on NETFILTER_ADVANCED | 401 | depends on NETFILTER_ADVANCED |
@@ -424,7 +410,6 @@ config NETFILTER_XT_TARGET_NOTRACK | |||
424 | 410 | ||
425 | config NETFILTER_XT_TARGET_RATEEST | 411 | config NETFILTER_XT_TARGET_RATEEST |
426 | tristate '"RATEEST" target support' | 412 | tristate '"RATEEST" target support' |
427 | depends on NETFILTER_XTABLES | ||
428 | depends on NETFILTER_ADVANCED | 413 | depends on NETFILTER_ADVANCED |
429 | help | 414 | help |
430 | This option adds a `RATEEST' target, which allows to measure | 415 | This option adds a `RATEEST' target, which allows to measure |
@@ -450,7 +435,6 @@ config NETFILTER_XT_TARGET_TPROXY | |||
450 | 435 | ||
451 | config NETFILTER_XT_TARGET_TRACE | 436 | config NETFILTER_XT_TARGET_TRACE |
452 | tristate '"TRACE" target support' | 437 | tristate '"TRACE" target support' |
453 | depends on NETFILTER_XTABLES | ||
454 | depends on IP_NF_RAW || IP6_NF_RAW | 438 | depends on IP_NF_RAW || IP6_NF_RAW |
455 | depends on NETFILTER_ADVANCED | 439 | depends on NETFILTER_ADVANCED |
456 | help | 440 | help |
@@ -463,7 +447,7 @@ config NETFILTER_XT_TARGET_TRACE | |||
463 | 447 | ||
464 | config NETFILTER_XT_TARGET_SECMARK | 448 | config NETFILTER_XT_TARGET_SECMARK |
465 | tristate '"SECMARK" target support' | 449 | tristate '"SECMARK" target support' |
466 | depends on NETFILTER_XTABLES && NETWORK_SECMARK | 450 | depends on NETWORK_SECMARK |
467 | default m if NETFILTER_ADVANCED=n | 451 | default m if NETFILTER_ADVANCED=n |
468 | help | 452 | help |
469 | The SECMARK target allows security marking of network | 453 | The SECMARK target allows security marking of network |
@@ -473,7 +457,7 @@ config NETFILTER_XT_TARGET_SECMARK | |||
473 | 457 | ||
474 | config NETFILTER_XT_TARGET_TCPMSS | 458 | config NETFILTER_XT_TARGET_TCPMSS |
475 | tristate '"TCPMSS" target support' | 459 | tristate '"TCPMSS" target support' |
476 | depends on NETFILTER_XTABLES && (IPV6 || IPV6=n) | 460 | depends on (IPV6 || IPV6=n) |
477 | default m if NETFILTER_ADVANCED=n | 461 | default m if NETFILTER_ADVANCED=n |
478 | ---help--- | 462 | ---help--- |
479 | This option adds a `TCPMSS' target, which allows you to alter the | 463 | This option adds a `TCPMSS' target, which allows you to alter the |
@@ -500,7 +484,7 @@ config NETFILTER_XT_TARGET_TCPMSS | |||
500 | 484 | ||
501 | config NETFILTER_XT_TARGET_TCPOPTSTRIP | 485 | config NETFILTER_XT_TARGET_TCPOPTSTRIP |
502 | tristate '"TCPOPTSTRIP" target support (EXPERIMENTAL)' | 486 | tristate '"TCPOPTSTRIP" target support (EXPERIMENTAL)' |
503 | depends on EXPERIMENTAL && NETFILTER_XTABLES | 487 | depends on EXPERIMENTAL |
504 | depends on IP_NF_MANGLE || IP6_NF_MANGLE | 488 | depends on IP_NF_MANGLE || IP6_NF_MANGLE |
505 | depends on NETFILTER_ADVANCED | 489 | depends on NETFILTER_ADVANCED |
506 | help | 490 | help |
@@ -509,7 +493,6 @@ config NETFILTER_XT_TARGET_TCPOPTSTRIP | |||
509 | 493 | ||
510 | config NETFILTER_XT_MATCH_COMMENT | 494 | config NETFILTER_XT_MATCH_COMMENT |
511 | tristate '"comment" match support' | 495 | tristate '"comment" match support' |
512 | depends on NETFILTER_XTABLES | ||
513 | depends on NETFILTER_ADVANCED | 496 | depends on NETFILTER_ADVANCED |
514 | help | 497 | help |
515 | This option adds a `comment' dummy-match, which allows you to put | 498 | This option adds a `comment' dummy-match, which allows you to put |
@@ -520,7 +503,6 @@ config NETFILTER_XT_MATCH_COMMENT | |||
520 | 503 | ||
521 | config NETFILTER_XT_MATCH_CONNBYTES | 504 | config NETFILTER_XT_MATCH_CONNBYTES |
522 | tristate '"connbytes" per-connection counter match support' | 505 | tristate '"connbytes" per-connection counter match support' |
523 | depends on NETFILTER_XTABLES | ||
524 | depends on NF_CONNTRACK | 506 | depends on NF_CONNTRACK |
525 | depends on NETFILTER_ADVANCED | 507 | depends on NETFILTER_ADVANCED |
526 | select NF_CT_ACCT | 508 | select NF_CT_ACCT |
@@ -533,7 +515,6 @@ config NETFILTER_XT_MATCH_CONNBYTES | |||
533 | 515 | ||
534 | config NETFILTER_XT_MATCH_CONNLIMIT | 516 | config NETFILTER_XT_MATCH_CONNLIMIT |
535 | tristate '"connlimit" match support"' | 517 | tristate '"connlimit" match support"' |
536 | depends on NETFILTER_XTABLES | ||
537 | depends on NF_CONNTRACK | 518 | depends on NF_CONNTRACK |
538 | depends on NETFILTER_ADVANCED | 519 | depends on NETFILTER_ADVANCED |
539 | ---help--- | 520 | ---help--- |
@@ -542,7 +523,6 @@ config NETFILTER_XT_MATCH_CONNLIMIT | |||
542 | 523 | ||
543 | config NETFILTER_XT_MATCH_CONNMARK | 524 | config NETFILTER_XT_MATCH_CONNMARK |
544 | tristate '"connmark" connection mark match support' | 525 | tristate '"connmark" connection mark match support' |
545 | depends on NETFILTER_XTABLES | ||
546 | depends on NF_CONNTRACK | 526 | depends on NF_CONNTRACK |
547 | depends on NETFILTER_ADVANCED | 527 | depends on NETFILTER_ADVANCED |
548 | select NF_CONNTRACK_MARK | 528 | select NF_CONNTRACK_MARK |
@@ -556,7 +536,6 @@ config NETFILTER_XT_MATCH_CONNMARK | |||
556 | 536 | ||
557 | config NETFILTER_XT_MATCH_CONNTRACK | 537 | config NETFILTER_XT_MATCH_CONNTRACK |
558 | tristate '"conntrack" connection tracking match support' | 538 | tristate '"conntrack" connection tracking match support' |
559 | depends on NETFILTER_XTABLES | ||
560 | depends on NF_CONNTRACK | 539 | depends on NF_CONNTRACK |
561 | default m if NETFILTER_ADVANCED=n | 540 | default m if NETFILTER_ADVANCED=n |
562 | help | 541 | help |
@@ -570,7 +549,6 @@ config NETFILTER_XT_MATCH_CONNTRACK | |||
570 | 549 | ||
571 | config NETFILTER_XT_MATCH_DCCP | 550 | config NETFILTER_XT_MATCH_DCCP |
572 | tristate '"dccp" protocol match support' | 551 | tristate '"dccp" protocol match support' |
573 | depends on NETFILTER_XTABLES | ||
574 | depends on NETFILTER_ADVANCED | 552 | depends on NETFILTER_ADVANCED |
575 | default IP_DCCP | 553 | default IP_DCCP |
576 | help | 554 | help |
@@ -583,7 +561,6 @@ config NETFILTER_XT_MATCH_DCCP | |||
583 | 561 | ||
584 | config NETFILTER_XT_MATCH_DSCP | 562 | config NETFILTER_XT_MATCH_DSCP |
585 | tristate '"dscp" and "tos" match support' | 563 | tristate '"dscp" and "tos" match support' |
586 | depends on NETFILTER_XTABLES | ||
587 | depends on NETFILTER_ADVANCED | 564 | depends on NETFILTER_ADVANCED |
588 | help | 565 | help |
589 | This option adds a `DSCP' match, which allows you to match against | 566 | This option adds a `DSCP' match, which allows you to match against |
@@ -599,7 +576,6 @@ config NETFILTER_XT_MATCH_DSCP | |||
599 | 576 | ||
600 | config NETFILTER_XT_MATCH_ESP | 577 | config NETFILTER_XT_MATCH_ESP |
601 | tristate '"esp" match support' | 578 | tristate '"esp" match support' |
602 | depends on NETFILTER_XTABLES | ||
603 | depends on NETFILTER_ADVANCED | 579 | depends on NETFILTER_ADVANCED |
604 | help | 580 | help |
605 | This match extension allows you to match a range of SPIs | 581 | This match extension allows you to match a range of SPIs |
@@ -609,7 +585,7 @@ config NETFILTER_XT_MATCH_ESP | |||
609 | 585 | ||
610 | config NETFILTER_XT_MATCH_HASHLIMIT | 586 | config NETFILTER_XT_MATCH_HASHLIMIT |
611 | tristate '"hashlimit" match support' | 587 | tristate '"hashlimit" match support' |
612 | depends on NETFILTER_XTABLES && (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) | 588 | depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) |
613 | depends on NETFILTER_ADVANCED | 589 | depends on NETFILTER_ADVANCED |
614 | help | 590 | help |
615 | This option adds a `hashlimit' match. | 591 | This option adds a `hashlimit' match. |
@@ -624,7 +600,6 @@ config NETFILTER_XT_MATCH_HASHLIMIT | |||
624 | 600 | ||
625 | config NETFILTER_XT_MATCH_HELPER | 601 | config NETFILTER_XT_MATCH_HELPER |
626 | tristate '"helper" match support' | 602 | tristate '"helper" match support' |
627 | depends on NETFILTER_XTABLES | ||
628 | depends on NF_CONNTRACK | 603 | depends on NF_CONNTRACK |
629 | depends on NETFILTER_ADVANCED | 604 | depends on NETFILTER_ADVANCED |
630 | help | 605 | help |
@@ -635,7 +610,6 @@ config NETFILTER_XT_MATCH_HELPER | |||
635 | 610 | ||
636 | config NETFILTER_XT_MATCH_IPRANGE | 611 | config NETFILTER_XT_MATCH_IPRANGE |
637 | tristate '"iprange" address range match support' | 612 | tristate '"iprange" address range match support' |
638 | depends on NETFILTER_XTABLES | ||
639 | depends on NETFILTER_ADVANCED | 613 | depends on NETFILTER_ADVANCED |
640 | ---help--- | 614 | ---help--- |
641 | This option adds a "iprange" match, which allows you to match based on | 615 | This option adds a "iprange" match, which allows you to match based on |
@@ -646,7 +620,6 @@ config NETFILTER_XT_MATCH_IPRANGE | |||
646 | 620 | ||
647 | config NETFILTER_XT_MATCH_LENGTH | 621 | config NETFILTER_XT_MATCH_LENGTH |
648 | tristate '"length" match support' | 622 | tristate '"length" match support' |
649 | depends on NETFILTER_XTABLES | ||
650 | depends on NETFILTER_ADVANCED | 623 | depends on NETFILTER_ADVANCED |
651 | help | 624 | help |
652 | This option allows you to match the length of a packet against a | 625 | This option allows you to match the length of a packet against a |
@@ -656,7 +629,6 @@ config NETFILTER_XT_MATCH_LENGTH | |||
656 | 629 | ||
657 | config NETFILTER_XT_MATCH_LIMIT | 630 | config NETFILTER_XT_MATCH_LIMIT |
658 | tristate '"limit" match support' | 631 | tristate '"limit" match support' |
659 | depends on NETFILTER_XTABLES | ||
660 | depends on NETFILTER_ADVANCED | 632 | depends on NETFILTER_ADVANCED |
661 | help | 633 | help |
662 | limit matching allows you to control the rate at which a rule can be | 634 | limit matching allows you to control the rate at which a rule can be |
@@ -667,7 +639,6 @@ config NETFILTER_XT_MATCH_LIMIT | |||
667 | 639 | ||
668 | config NETFILTER_XT_MATCH_MAC | 640 | config NETFILTER_XT_MATCH_MAC |
669 | tristate '"mac" address match support' | 641 | tristate '"mac" address match support' |
670 | depends on NETFILTER_XTABLES | ||
671 | depends on NETFILTER_ADVANCED | 642 | depends on NETFILTER_ADVANCED |
672 | help | 643 | help |
673 | MAC matching allows you to match packets based on the source | 644 | MAC matching allows you to match packets based on the source |
@@ -677,7 +648,6 @@ config NETFILTER_XT_MATCH_MAC | |||
677 | 648 | ||
678 | config NETFILTER_XT_MATCH_MARK | 649 | config NETFILTER_XT_MATCH_MARK |
679 | tristate '"mark" match support' | 650 | tristate '"mark" match support' |
680 | depends on NETFILTER_XTABLES | ||
681 | default m if NETFILTER_ADVANCED=n | 651 | default m if NETFILTER_ADVANCED=n |
682 | help | 652 | help |
683 | Netfilter mark matching allows you to match packets based on the | 653 | Netfilter mark matching allows you to match packets based on the |
@@ -688,7 +658,6 @@ config NETFILTER_XT_MATCH_MARK | |||
688 | 658 | ||
689 | config NETFILTER_XT_MATCH_MULTIPORT | 659 | config NETFILTER_XT_MATCH_MULTIPORT |
690 | tristate '"multiport" Multiple port match support' | 660 | tristate '"multiport" Multiple port match support' |
691 | depends on NETFILTER_XTABLES | ||
692 | depends on NETFILTER_ADVANCED | 661 | depends on NETFILTER_ADVANCED |
693 | help | 662 | help |
694 | Multiport matching allows you to match TCP or UDP packets based on | 663 | Multiport matching allows you to match TCP or UDP packets based on |
@@ -699,7 +668,6 @@ config NETFILTER_XT_MATCH_MULTIPORT | |||
699 | 668 | ||
700 | config NETFILTER_XT_MATCH_OWNER | 669 | config NETFILTER_XT_MATCH_OWNER |
701 | tristate '"owner" match support' | 670 | tristate '"owner" match support' |
702 | depends on NETFILTER_XTABLES | ||
703 | depends on NETFILTER_ADVANCED | 671 | depends on NETFILTER_ADVANCED |
704 | ---help--- | 672 | ---help--- |
705 | Socket owner matching allows you to match locally-generated packets | 673 | Socket owner matching allows you to match locally-generated packets |
@@ -708,7 +676,7 @@ config NETFILTER_XT_MATCH_OWNER | |||
708 | 676 | ||
709 | config NETFILTER_XT_MATCH_POLICY | 677 | config NETFILTER_XT_MATCH_POLICY |
710 | tristate 'IPsec "policy" match support' | 678 | tristate 'IPsec "policy" match support' |
711 | depends on NETFILTER_XTABLES && XFRM | 679 | depends on XFRM |
712 | default m if NETFILTER_ADVANCED=n | 680 | default m if NETFILTER_ADVANCED=n |
713 | help | 681 | help |
714 | Policy matching allows you to match packets based on the | 682 | Policy matching allows you to match packets based on the |
@@ -719,7 +687,7 @@ config NETFILTER_XT_MATCH_POLICY | |||
719 | 687 | ||
720 | config NETFILTER_XT_MATCH_PHYSDEV | 688 | config NETFILTER_XT_MATCH_PHYSDEV |
721 | tristate '"physdev" match support' | 689 | tristate '"physdev" match support' |
722 | depends on NETFILTER_XTABLES && BRIDGE && BRIDGE_NETFILTER | 690 | depends on BRIDGE && BRIDGE_NETFILTER |
723 | depends on NETFILTER_ADVANCED | 691 | depends on NETFILTER_ADVANCED |
724 | help | 692 | help |
725 | Physdev packet matching matches against the physical bridge ports | 693 | Physdev packet matching matches against the physical bridge ports |
@@ -729,7 +697,6 @@ config NETFILTER_XT_MATCH_PHYSDEV | |||
729 | 697 | ||
730 | config NETFILTER_XT_MATCH_PKTTYPE | 698 | config NETFILTER_XT_MATCH_PKTTYPE |
731 | tristate '"pkttype" packet type match support' | 699 | tristate '"pkttype" packet type match support' |
732 | depends on NETFILTER_XTABLES | ||
733 | depends on NETFILTER_ADVANCED | 700 | depends on NETFILTER_ADVANCED |
734 | help | 701 | help |
735 | Packet type matching allows you to match a packet by | 702 | Packet type matching allows you to match a packet by |
@@ -742,7 +709,6 @@ config NETFILTER_XT_MATCH_PKTTYPE | |||
742 | 709 | ||
743 | config NETFILTER_XT_MATCH_QUOTA | 710 | config NETFILTER_XT_MATCH_QUOTA |
744 | tristate '"quota" match support' | 711 | tristate '"quota" match support' |
745 | depends on NETFILTER_XTABLES | ||
746 | depends on NETFILTER_ADVANCED | 712 | depends on NETFILTER_ADVANCED |
747 | help | 713 | help |
748 | This option adds a `quota' match, which allows to match on a | 714 | This option adds a `quota' match, which allows to match on a |
@@ -753,7 +719,6 @@ config NETFILTER_XT_MATCH_QUOTA | |||
753 | 719 | ||
754 | config NETFILTER_XT_MATCH_RATEEST | 720 | config NETFILTER_XT_MATCH_RATEEST |
755 | tristate '"rateest" match support' | 721 | tristate '"rateest" match support' |
756 | depends on NETFILTER_XTABLES | ||
757 | depends on NETFILTER_ADVANCED | 722 | depends on NETFILTER_ADVANCED |
758 | select NETFILTER_XT_TARGET_RATEEST | 723 | select NETFILTER_XT_TARGET_RATEEST |
759 | help | 724 | help |
@@ -764,7 +729,6 @@ config NETFILTER_XT_MATCH_RATEEST | |||
764 | 729 | ||
765 | config NETFILTER_XT_MATCH_REALM | 730 | config NETFILTER_XT_MATCH_REALM |
766 | tristate '"realm" match support' | 731 | tristate '"realm" match support' |
767 | depends on NETFILTER_XTABLES | ||
768 | depends on NETFILTER_ADVANCED | 732 | depends on NETFILTER_ADVANCED |
769 | select NET_CLS_ROUTE | 733 | select NET_CLS_ROUTE |
770 | help | 734 | help |
@@ -779,7 +743,6 @@ config NETFILTER_XT_MATCH_REALM | |||
779 | 743 | ||
780 | config NETFILTER_XT_MATCH_RECENT | 744 | config NETFILTER_XT_MATCH_RECENT |
781 | tristate '"recent" match support' | 745 | tristate '"recent" match support' |
782 | depends on NETFILTER_XTABLES | ||
783 | depends on NETFILTER_ADVANCED | 746 | depends on NETFILTER_ADVANCED |
784 | ---help--- | 747 | ---help--- |
785 | This match is used for creating one or many lists of recently | 748 | This match is used for creating one or many lists of recently |
@@ -797,7 +760,7 @@ config NETFILTER_XT_MATCH_RECENT_PROC_COMPAT | |||
797 | 760 | ||
798 | config NETFILTER_XT_MATCH_SCTP | 761 | config NETFILTER_XT_MATCH_SCTP |
799 | tristate '"sctp" protocol match support (EXPERIMENTAL)' | 762 | tristate '"sctp" protocol match support (EXPERIMENTAL)' |
800 | depends on NETFILTER_XTABLES && EXPERIMENTAL | 763 | depends on EXPERIMENTAL |
801 | depends on NETFILTER_ADVANCED | 764 | depends on NETFILTER_ADVANCED |
802 | default IP_SCTP | 765 | default IP_SCTP |
803 | help | 766 | help |
@@ -825,7 +788,6 @@ config NETFILTER_XT_MATCH_SOCKET | |||
825 | 788 | ||
826 | config NETFILTER_XT_MATCH_STATE | 789 | config NETFILTER_XT_MATCH_STATE |
827 | tristate '"state" match support' | 790 | tristate '"state" match support' |
828 | depends on NETFILTER_XTABLES | ||
829 | depends on NF_CONNTRACK | 791 | depends on NF_CONNTRACK |
830 | default m if NETFILTER_ADVANCED=n | 792 | default m if NETFILTER_ADVANCED=n |
831 | help | 793 | help |
@@ -837,7 +799,6 @@ config NETFILTER_XT_MATCH_STATE | |||
837 | 799 | ||
838 | config NETFILTER_XT_MATCH_STATISTIC | 800 | config NETFILTER_XT_MATCH_STATISTIC |
839 | tristate '"statistic" match support' | 801 | tristate '"statistic" match support' |
840 | depends on NETFILTER_XTABLES | ||
841 | depends on NETFILTER_ADVANCED | 802 | depends on NETFILTER_ADVANCED |
842 | help | 803 | help |
843 | This option adds a `statistic' match, which allows you to match | 804 | This option adds a `statistic' match, which allows you to match |
@@ -847,7 +808,6 @@ config NETFILTER_XT_MATCH_STATISTIC | |||
847 | 808 | ||
848 | config NETFILTER_XT_MATCH_STRING | 809 | config NETFILTER_XT_MATCH_STRING |
849 | tristate '"string" match support' | 810 | tristate '"string" match support' |
850 | depends on NETFILTER_XTABLES | ||
851 | depends on NETFILTER_ADVANCED | 811 | depends on NETFILTER_ADVANCED |
852 | select TEXTSEARCH | 812 | select TEXTSEARCH |
853 | select TEXTSEARCH_KMP | 813 | select TEXTSEARCH_KMP |
@@ -861,7 +821,6 @@ config NETFILTER_XT_MATCH_STRING | |||
861 | 821 | ||
862 | config NETFILTER_XT_MATCH_TCPMSS | 822 | config NETFILTER_XT_MATCH_TCPMSS |
863 | tristate '"tcpmss" match support' | 823 | tristate '"tcpmss" match support' |
864 | depends on NETFILTER_XTABLES | ||
865 | depends on NETFILTER_ADVANCED | 824 | depends on NETFILTER_ADVANCED |
866 | help | 825 | help |
867 | This option adds a `tcpmss' match, which allows you to examine the | 826 | This option adds a `tcpmss' match, which allows you to examine the |
@@ -872,7 +831,6 @@ config NETFILTER_XT_MATCH_TCPMSS | |||
872 | 831 | ||
873 | config NETFILTER_XT_MATCH_TIME | 832 | config NETFILTER_XT_MATCH_TIME |
874 | tristate '"time" match support' | 833 | tristate '"time" match support' |
875 | depends on NETFILTER_XTABLES | ||
876 | depends on NETFILTER_ADVANCED | 834 | depends on NETFILTER_ADVANCED |
877 | ---help--- | 835 | ---help--- |
878 | This option adds a "time" match, which allows you to match based on | 836 | This option adds a "time" match, which allows you to match based on |
@@ -887,7 +845,6 @@ config NETFILTER_XT_MATCH_TIME | |||
887 | 845 | ||
888 | config NETFILTER_XT_MATCH_U32 | 846 | config NETFILTER_XT_MATCH_U32 |
889 | tristate '"u32" match support' | 847 | tristate '"u32" match support' |
890 | depends on NETFILTER_XTABLES | ||
891 | depends on NETFILTER_ADVANCED | 848 | depends on NETFILTER_ADVANCED |
892 | ---help--- | 849 | ---help--- |
893 | u32 allows you to extract quantities of up to 4 bytes from a packet, | 850 | u32 allows you to extract quantities of up to 4 bytes from a packet, |
@@ -899,5 +856,6 @@ config NETFILTER_XT_MATCH_U32 | |||
899 | 856 | ||
900 | Details and examples are in the kernel module source. | 857 | Details and examples are in the kernel module source. |
901 | 858 | ||
902 | endmenu | 859 | endif # NETFILTER_XTABLES |
903 | 860 | ||
861 | endmenu | ||