aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/Kconfig100
1 files changed, 50 insertions, 50 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index de18bba619f2..9ad74e8bc5bd 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -340,6 +340,18 @@ config NETFILTER_XT_TARGET_CONNMARK
340 <file:Documentation/kbuild/modules.txt>. The module will be called 340 <file:Documentation/kbuild/modules.txt>. The module will be called
341 ipt_CONNMARK.ko. If unsure, say `N'. 341 ipt_CONNMARK.ko. If unsure, say `N'.
342 342
343config NETFILTER_XT_TARGET_CONNSECMARK
344 tristate '"CONNSECMARK" target support'
345 depends on NETFILTER_XTABLES && NF_CONNTRACK && NF_CONNTRACK_SECMARK
346 default m if NETFILTER_ADVANCED=n
347 help
348 The CONNSECMARK target copies security markings from packets
349 to connections, and restores security markings from connections
350 to packets (if the packets are not already marked). This would
351 normally be used in conjunction with the SECMARK target.
352
353 To compile it as a module, choose M here. If unsure, say N.
354
343config NETFILTER_XT_TARGET_DSCP 355config NETFILTER_XT_TARGET_DSCP
344 tristate '"DSCP" and "TOS" target support' 356 tristate '"DSCP" and "TOS" target support'
345 depends on NETFILTER_XTABLES 357 depends on NETFILTER_XTABLES
@@ -371,18 +383,6 @@ config NETFILTER_XT_TARGET_MARK
371 383
372 To compile it as a module, choose M here. If unsure, say N. 384 To compile it as a module, choose M here. If unsure, say N.
373 385
374config NETFILTER_XT_TARGET_NFQUEUE
375 tristate '"NFQUEUE" target Support'
376 depends on NETFILTER_XTABLES
377 depends on NETFILTER_ADVANCED
378 help
379 This target replaced the old obsolete QUEUE target.
380
381 As opposed to QUEUE, it supports 65535 different queues,
382 not just one.
383
384 To compile it as a module, choose M here. If unsure, say N.
385
386config NETFILTER_XT_TARGET_NFLOG 386config NETFILTER_XT_TARGET_NFLOG
387 tristate '"NFLOG" target support' 387 tristate '"NFLOG" target support'
388 depends on NETFILTER_XTABLES 388 depends on NETFILTER_XTABLES
@@ -395,6 +395,18 @@ config NETFILTER_XT_TARGET_NFLOG
395 395
396 To compile it as a module, choose M here. If unsure, say N. 396 To compile it as a module, choose M here. If unsure, say N.
397 397
398config NETFILTER_XT_TARGET_NFQUEUE
399 tristate '"NFQUEUE" target Support'
400 depends on NETFILTER_XTABLES
401 depends on NETFILTER_ADVANCED
402 help
403 This target replaced the old obsolete QUEUE target.
404
405 As opposed to QUEUE, it supports 65535 different queues,
406 not just one.
407
408 To compile it as a module, choose M here. If unsure, say N.
409
398config NETFILTER_XT_TARGET_NOTRACK 410config NETFILTER_XT_TARGET_NOTRACK
399 tristate '"NOTRACK" target support' 411 tristate '"NOTRACK" target support'
400 depends on NETFILTER_XTABLES 412 depends on NETFILTER_XTABLES
@@ -459,18 +471,6 @@ config NETFILTER_XT_TARGET_SECMARK
459 471
460 To compile it as a module, choose M here. If unsure, say N. 472 To compile it as a module, choose M here. If unsure, say N.
461 473
462config NETFILTER_XT_TARGET_CONNSECMARK
463 tristate '"CONNSECMARK" target support'
464 depends on NETFILTER_XTABLES && NF_CONNTRACK && NF_CONNTRACK_SECMARK
465 default m if NETFILTER_ADVANCED=n
466 help
467 The CONNSECMARK target copies security markings from packets
468 to connections, and restores security markings from connections
469 to packets (if the packets are not already marked). This would
470 normally be used in conjunction with the SECMARK target.
471
472 To compile it as a module, choose M here. If unsure, say N.
473
474config NETFILTER_XT_TARGET_TCPMSS 474config NETFILTER_XT_TARGET_TCPMSS
475 tristate '"TCPMSS" target support' 475 tristate '"TCPMSS" target support'
476 depends on NETFILTER_XTABLES && (IPV6 || IPV6=n) 476 depends on NETFILTER_XTABLES && (IPV6 || IPV6=n)
@@ -607,6 +607,21 @@ config NETFILTER_XT_MATCH_ESP
607 607
608 To compile it as a module, choose M here. If unsure, say N. 608 To compile it as a module, choose M here. If unsure, say N.
609 609
610config NETFILTER_XT_MATCH_HASHLIMIT
611 tristate '"hashlimit" match support'
612 depends on NETFILTER_XTABLES && (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
613 depends on NETFILTER_ADVANCED
614 help
615 This option adds a `hashlimit' match.
616
617 As opposed to `limit', this match dynamically creates a hash table
618 of limit buckets, based on your selection of source/destination
619 addresses and/or ports.
620
621 It enables you to express policies like `10kpps for any given
622 destination address' or `500pps from any given source address'
623 with a single rule.
624
610config NETFILTER_XT_MATCH_HELPER 625config NETFILTER_XT_MATCH_HELPER
611 tristate '"helper" match support' 626 tristate '"helper" match support'
612 depends on NETFILTER_XTABLES 627 depends on NETFILTER_XTABLES
@@ -671,6 +686,17 @@ config NETFILTER_XT_MATCH_MARK
671 686
672 To compile it as a module, choose M here. If unsure, say N. 687 To compile it as a module, choose M here. If unsure, say N.
673 688
689config NETFILTER_XT_MATCH_MULTIPORT
690 tristate '"multiport" Multiple port match support'
691 depends on NETFILTER_XTABLES
692 depends on NETFILTER_ADVANCED
693 help
694 Multiport matching allows you to match TCP or UDP packets based on
695 a series of source or destination ports: normally a rule can only
696 match a single range of ports.
697
698 To compile it as a module, choose M here. If unsure, say N.
699
674config NETFILTER_XT_MATCH_OWNER 700config NETFILTER_XT_MATCH_OWNER
675 tristate '"owner" match support' 701 tristate '"owner" match support'
676 depends on NETFILTER_XTABLES 702 depends on NETFILTER_XTABLES
@@ -691,17 +717,6 @@ config NETFILTER_XT_MATCH_POLICY
691 717
692 To compile it as a module, choose M here. If unsure, say N. 718 To compile it as a module, choose M here. If unsure, say N.
693 719
694config NETFILTER_XT_MATCH_MULTIPORT
695 tristate '"multiport" Multiple port match support'
696 depends on NETFILTER_XTABLES
697 depends on NETFILTER_ADVANCED
698 help
699 Multiport matching allows you to match TCP or UDP packets based on
700 a series of source or destination ports: normally a rule can only
701 match a single range of ports.
702
703 To compile it as a module, choose M here. If unsure, say N.
704
705config NETFILTER_XT_MATCH_PHYSDEV 720config NETFILTER_XT_MATCH_PHYSDEV
706 tristate '"physdev" match support' 721 tristate '"physdev" match support'
707 depends on NETFILTER_XTABLES && BRIDGE && BRIDGE_NETFILTER 722 depends on NETFILTER_XTABLES && BRIDGE && BRIDGE_NETFILTER
@@ -884,20 +899,5 @@ config NETFILTER_XT_MATCH_U32
884 899
885 Details and examples are in the kernel module source. 900 Details and examples are in the kernel module source.
886 901
887config NETFILTER_XT_MATCH_HASHLIMIT
888 tristate '"hashlimit" match support'
889 depends on NETFILTER_XTABLES && (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
890 depends on NETFILTER_ADVANCED
891 help
892 This option adds a `hashlimit' match.
893
894 As opposed to `limit', this match dynamically creates a hash table
895 of limit buckets, based on your selection of source/destination
896 addresses and/or ports.
897
898 It enables you to express policies like `10kpps for any given
899 destination address' or `500pps from any given source address'
900 with a single rule.
901
902endmenu 902endmenu
903 903