aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/ipv4/netfilter/Kconfig36
-rw-r--r--net/ipv6/netfilter/Kconfig17
-rw-r--r--net/netfilter/Kconfig84
3 files changed, 41 insertions, 96 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 087b82906848..3816e1dc9295 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -61,10 +61,11 @@ config IP_NF_IPTABLES
61 61
62 To compile it as a module, choose M here. If unsure, say N. 62 To compile it as a module, choose M here. If unsure, say N.
63 63
64if IP_NF_IPTABLES
65
64# The matches. 66# The matches.
65config IP_NF_MATCH_ADDRTYPE 67config IP_NF_MATCH_ADDRTYPE
66 tristate '"addrtype" address type match support' 68 tristate '"addrtype" address type match support'
67 depends on IP_NF_IPTABLES
68 depends on NETFILTER_ADVANCED 69 depends on NETFILTER_ADVANCED
69 help 70 help
70 This option allows you to match what routing thinks of an address, 71 This option allows you to match what routing thinks of an address,
@@ -75,7 +76,6 @@ config IP_NF_MATCH_ADDRTYPE
75 76
76config IP_NF_MATCH_AH 77config IP_NF_MATCH_AH
77 tristate '"ah" match support' 78 tristate '"ah" match support'
78 depends on IP_NF_IPTABLES
79 depends on NETFILTER_ADVANCED 79 depends on NETFILTER_ADVANCED
80 help 80 help
81 This match extension allows you to match a range of SPIs 81 This match extension allows you to match a range of SPIs
@@ -85,7 +85,6 @@ config IP_NF_MATCH_AH
85 85
86config IP_NF_MATCH_ECN 86config IP_NF_MATCH_ECN
87 tristate '"ecn" match support' 87 tristate '"ecn" match support'
88 depends on IP_NF_IPTABLES
89 depends on NETFILTER_ADVANCED 88 depends on NETFILTER_ADVANCED
90 help 89 help
91 This option adds a `ECN' match, which allows you to match against 90 This option adds a `ECN' match, which allows you to match against
@@ -95,7 +94,6 @@ config IP_NF_MATCH_ECN
95 94
96config IP_NF_MATCH_TTL 95config IP_NF_MATCH_TTL
97 tristate '"ttl" match support' 96 tristate '"ttl" match support'
98 depends on IP_NF_IPTABLES
99 depends on NETFILTER_ADVANCED 97 depends on NETFILTER_ADVANCED
100 help 98 help
101 This adds CONFIG_IP_NF_MATCH_TTL option, which enabled the user 99 This adds CONFIG_IP_NF_MATCH_TTL option, which enabled the user
@@ -106,7 +104,6 @@ config IP_NF_MATCH_TTL
106# `filter', generic and specific targets 104# `filter', generic and specific targets
107config IP_NF_FILTER 105config IP_NF_FILTER
108 tristate "Packet filtering" 106 tristate "Packet filtering"
109 depends on IP_NF_IPTABLES
110 default m if NETFILTER_ADVANCED=n 107 default m if NETFILTER_ADVANCED=n
111 help 108 help
112 Packet filtering defines a table `filter', which has a series of 109 Packet filtering defines a table `filter', which has a series of
@@ -128,7 +125,6 @@ config IP_NF_TARGET_REJECT
128 125
129config IP_NF_TARGET_LOG 126config IP_NF_TARGET_LOG
130 tristate "LOG target support" 127 tristate "LOG target support"
131 depends on IP_NF_IPTABLES
132 default m if NETFILTER_ADVANCED=n 128 default m if NETFILTER_ADVANCED=n
133 help 129 help
134 This option adds a `LOG' target, which allows you to create rules in 130 This option adds a `LOG' target, which allows you to create rules in
@@ -138,7 +134,6 @@ config IP_NF_TARGET_LOG
138 134
139config IP_NF_TARGET_ULOG 135config IP_NF_TARGET_ULOG
140 tristate "ULOG target support" 136 tristate "ULOG target support"
141 depends on IP_NF_IPTABLES
142 default m if NETFILTER_ADVANCED=n 137 default m if NETFILTER_ADVANCED=n
143 ---help--- 138 ---help---
144 139
@@ -159,7 +154,7 @@ config IP_NF_TARGET_ULOG
159# NAT + specific targets: nf_conntrack 154# NAT + specific targets: nf_conntrack
160config NF_NAT 155config NF_NAT
161 tristate "Full NAT" 156 tristate "Full NAT"
162 depends on IP_NF_IPTABLES && NF_CONNTRACK_IPV4 157 depends on NF_CONNTRACK_IPV4
163 default m if NETFILTER_ADVANCED=n 158 default m if NETFILTER_ADVANCED=n
164 help 159 help
165 The Full NAT option allows masquerading, port forwarding and other 160 The Full NAT option allows masquerading, port forwarding and other
@@ -254,44 +249,43 @@ config NF_NAT_PROTO_SCTP
254 249
255config NF_NAT_FTP 250config NF_NAT_FTP
256 tristate 251 tristate
257 depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT 252 depends on NF_CONNTRACK && NF_NAT
258 default NF_NAT && NF_CONNTRACK_FTP 253 default NF_NAT && NF_CONNTRACK_FTP
259 254
260config NF_NAT_IRC 255config NF_NAT_IRC
261 tristate 256 tristate
262 depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT 257 depends on NF_CONNTRACK && NF_NAT
263 default NF_NAT && NF_CONNTRACK_IRC 258 default NF_NAT && NF_CONNTRACK_IRC
264 259
265config NF_NAT_TFTP 260config NF_NAT_TFTP
266 tristate 261 tristate
267 depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT 262 depends on NF_CONNTRACK && NF_NAT
268 default NF_NAT && NF_CONNTRACK_TFTP 263 default NF_NAT && NF_CONNTRACK_TFTP
269 264
270config NF_NAT_AMANDA 265config NF_NAT_AMANDA
271 tristate 266 tristate
272 depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT 267 depends on NF_CONNTRACK && NF_NAT
273 default NF_NAT && NF_CONNTRACK_AMANDA 268 default NF_NAT && NF_CONNTRACK_AMANDA
274 269
275config NF_NAT_PPTP 270config NF_NAT_PPTP
276 tristate 271 tristate
277 depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT 272 depends on NF_CONNTRACK && NF_NAT
278 default NF_NAT && NF_CONNTRACK_PPTP 273 default NF_NAT && NF_CONNTRACK_PPTP
279 select NF_NAT_PROTO_GRE 274 select NF_NAT_PROTO_GRE
280 275
281config NF_NAT_H323 276config NF_NAT_H323
282 tristate 277 tristate
283 depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT 278 depends on NF_CONNTRACK && NF_NAT
284 default NF_NAT && NF_CONNTRACK_H323 279 default NF_NAT && NF_CONNTRACK_H323
285 280
286config NF_NAT_SIP 281config NF_NAT_SIP
287 tristate 282 tristate
288 depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT 283 depends on NF_CONNTRACK && NF_NAT
289 default NF_NAT && NF_CONNTRACK_SIP 284 default NF_NAT && NF_CONNTRACK_SIP
290 285
291# mangle + specific targets 286# mangle + specific targets
292config IP_NF_MANGLE 287config IP_NF_MANGLE
293 tristate "Packet mangling" 288 tristate "Packet mangling"
294 depends on IP_NF_IPTABLES
295 default m if NETFILTER_ADVANCED=n 289 default m if NETFILTER_ADVANCED=n
296 help 290 help
297 This option adds a `mangle' table to iptables: see the man page for 291 This option adds a `mangle' table to iptables: see the man page for
@@ -346,7 +340,6 @@ config IP_NF_TARGET_TTL
346# raw + specific targets 340# raw + specific targets
347config IP_NF_RAW 341config IP_NF_RAW
348 tristate 'raw table support (required for NOTRACK/TRACE)' 342 tristate 'raw table support (required for NOTRACK/TRACE)'
349 depends on IP_NF_IPTABLES
350 depends on NETFILTER_ADVANCED 343 depends on NETFILTER_ADVANCED
351 help 344 help
352 This option adds a `raw' table to iptables. This table is the very 345 This option adds a `raw' table to iptables. This table is the very
@@ -359,7 +352,6 @@ config IP_NF_RAW
359# security table for MAC policy 352# security table for MAC policy
360config IP_NF_SECURITY 353config IP_NF_SECURITY
361 tristate "Security table" 354 tristate "Security table"
362 depends on IP_NF_IPTABLES
363 depends on SECURITY 355 depends on SECURITY
364 depends on NETFILTER_ADVANCED 356 depends on NETFILTER_ADVANCED
365 help 357 help
@@ -368,6 +360,8 @@ config IP_NF_SECURITY
368 360
369 If unsure, say N. 361 If unsure, say N.
370 362
363endif # IP_NF_IPTABLES
364
371# ARP tables 365# ARP tables
372config IP_NF_ARPTABLES 366config IP_NF_ARPTABLES
373 tristate "ARP tables support" 367 tristate "ARP tables support"
@@ -380,9 +374,10 @@ config IP_NF_ARPTABLES
380 374
381 To compile it as a module, choose M here. If unsure, say N. 375 To compile it as a module, choose M here. If unsure, say N.
382 376
377if IP_NF_ARPTABLES
378
383config IP_NF_ARPFILTER 379config IP_NF_ARPFILTER
384 tristate "ARP packet filtering" 380 tristate "ARP packet filtering"
385 depends on IP_NF_ARPTABLES
386 help 381 help
387 ARP packet filtering defines a table `filter', which has a series of 382 ARP packet filtering defines a table `filter', which has a series of
388 rules for simple ARP packet filtering at local input and 383 rules for simple ARP packet filtering at local input and
@@ -393,10 +388,11 @@ config IP_NF_ARPFILTER
393 388
394config IP_NF_ARP_MANGLE 389config IP_NF_ARP_MANGLE
395 tristate "ARP payload mangling" 390 tristate "ARP payload mangling"
396 depends on IP_NF_ARPTABLES
397 help 391 help
398 Allows altering the ARP packet payload: source and destination 392 Allows altering the ARP packet payload: source and destination
399 hardware and network addresses. 393 hardware and network addresses.
400 394
395endif # IP_NF_ARPTABLES
396
401endmenu 397endmenu
402 398
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 91ffba08c29f..53ea512c4608 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -55,10 +55,11 @@ config IP6_NF_IPTABLES
55 55
56 To compile it as a module, choose M here. If unsure, say N. 56 To compile it as a module, choose M here. If unsure, say N.
57 57
58if IP6_NF_IPTABLES
59
58# The simple matches. 60# The simple matches.
59config IP6_NF_MATCH_AH 61config IP6_NF_MATCH_AH
60 tristate '"ah" match support' 62 tristate '"ah" match support'
61 depends on IP6_NF_IPTABLES
62 depends on NETFILTER_ADVANCED 63 depends on NETFILTER_ADVANCED
63 help 64 help
64 This module allows one to match AH packets. 65 This module allows one to match AH packets.
@@ -67,7 +68,6 @@ config IP6_NF_MATCH_AH
67 68
68config IP6_NF_MATCH_EUI64 69config IP6_NF_MATCH_EUI64
69 tristate '"eui64" address check' 70 tristate '"eui64" address check'
70 depends on IP6_NF_IPTABLES
71 depends on NETFILTER_ADVANCED 71 depends on NETFILTER_ADVANCED
72 help 72 help
73 This module performs checking on the IPv6 source address 73 This module performs checking on the IPv6 source address
@@ -78,7 +78,6 @@ config IP6_NF_MATCH_EUI64
78 78
79config IP6_NF_MATCH_FRAG 79config IP6_NF_MATCH_FRAG
80 tristate '"frag" Fragmentation header match support' 80 tristate '"frag" Fragmentation header match support'
81 depends on IP6_NF_IPTABLES
82 depends on NETFILTER_ADVANCED 81 depends on NETFILTER_ADVANCED
83 help 82 help
84 frag matching allows you to match packets based on the fragmentation 83 frag matching allows you to match packets based on the fragmentation
@@ -88,7 +87,6 @@ config IP6_NF_MATCH_FRAG
88 87
89config IP6_NF_MATCH_OPTS 88config IP6_NF_MATCH_OPTS
90 tristate '"hbh" hop-by-hop and "dst" opts header match support' 89 tristate '"hbh" hop-by-hop and "dst" opts header match support'
91 depends on IP6_NF_IPTABLES
92 depends on NETFILTER_ADVANCED 90 depends on NETFILTER_ADVANCED
93 help 91 help
94 This allows one to match packets based on the hop-by-hop 92 This allows one to match packets based on the hop-by-hop
@@ -98,7 +96,6 @@ config IP6_NF_MATCH_OPTS
98 96
99config IP6_NF_MATCH_HL 97config IP6_NF_MATCH_HL
100 tristate '"hl" match support' 98 tristate '"hl" match support'
101 depends on IP6_NF_IPTABLES
102 depends on NETFILTER_ADVANCED 99 depends on NETFILTER_ADVANCED
103 help 100 help
104 HL matching allows you to match packets based on the hop 101 HL matching allows you to match packets based on the hop
@@ -108,7 +105,6 @@ config IP6_NF_MATCH_HL
108 105
109config IP6_NF_MATCH_IPV6HEADER 106config IP6_NF_MATCH_IPV6HEADER
110 tristate '"ipv6header" IPv6 Extension Headers Match' 107 tristate '"ipv6header" IPv6 Extension Headers Match'
111 depends on IP6_NF_IPTABLES
112 default m if NETFILTER_ADVANCED=n 108 default m if NETFILTER_ADVANCED=n
113 help 109 help
114 This module allows one to match packets based upon 110 This module allows one to match packets based upon
@@ -118,7 +114,6 @@ config IP6_NF_MATCH_IPV6HEADER
118 114
119config IP6_NF_MATCH_MH 115config IP6_NF_MATCH_MH
120 tristate '"mh" match support' 116 tristate '"mh" match support'
121 depends on IP6_NF_IPTABLES
122 depends on NETFILTER_ADVANCED 117 depends on NETFILTER_ADVANCED
123 help 118 help
124 This module allows one to match MH packets. 119 This module allows one to match MH packets.
@@ -127,7 +122,6 @@ config IP6_NF_MATCH_MH
127 122
128config IP6_NF_MATCH_RT 123config IP6_NF_MATCH_RT
129 tristate '"rt" Routing header match support' 124 tristate '"rt" Routing header match support'
130 depends on IP6_NF_IPTABLES
131 depends on NETFILTER_ADVANCED 125 depends on NETFILTER_ADVANCED
132 help 126 help
133 rt matching allows you to match packets based on the routing 127 rt matching allows you to match packets based on the routing
@@ -138,7 +132,6 @@ config IP6_NF_MATCH_RT
138# The targets 132# The targets
139config IP6_NF_TARGET_LOG 133config IP6_NF_TARGET_LOG
140 tristate "LOG target support" 134 tristate "LOG target support"
141 depends on IP6_NF_IPTABLES
142 default m if NETFILTER_ADVANCED=n 135 default m if NETFILTER_ADVANCED=n
143 help 136 help
144 This option adds a `LOG' target, which allows you to create rules in 137 This option adds a `LOG' target, which allows you to create rules in
@@ -148,7 +141,6 @@ config IP6_NF_TARGET_LOG
148 141
149config IP6_NF_FILTER 142config IP6_NF_FILTER
150 tristate "Packet filtering" 143 tristate "Packet filtering"
151 depends on IP6_NF_IPTABLES
152 default m if NETFILTER_ADVANCED=n 144 default m if NETFILTER_ADVANCED=n
153 help 145 help
154 Packet filtering defines a table `filter', which has a series of 146 Packet filtering defines a table `filter', which has a series of
@@ -170,7 +162,6 @@ config IP6_NF_TARGET_REJECT
170 162
171config IP6_NF_MANGLE 163config IP6_NF_MANGLE
172 tristate "Packet mangling" 164 tristate "Packet mangling"
173 depends on IP6_NF_IPTABLES
174 default m if NETFILTER_ADVANCED=n 165 default m if NETFILTER_ADVANCED=n
175 help 166 help
176 This option adds a `mangle' table to iptables: see the man page for 167 This option adds a `mangle' table to iptables: see the man page for
@@ -198,7 +189,6 @@ config IP6_NF_TARGET_HL
198 189
199config IP6_NF_RAW 190config IP6_NF_RAW
200 tristate 'raw table support (required for TRACE)' 191 tristate 'raw table support (required for TRACE)'
201 depends on IP6_NF_IPTABLES
202 depends on NETFILTER_ADVANCED 192 depends on NETFILTER_ADVANCED
203 help 193 help
204 This option adds a `raw' table to ip6tables. This table is the very 194 This option adds a `raw' table to ip6tables. This table is the very
@@ -211,7 +201,6 @@ config IP6_NF_RAW
211# security table for MAC policy 201# security table for MAC policy
212config IP6_NF_SECURITY 202config IP6_NF_SECURITY
213 tristate "Security table" 203 tristate "Security table"
214 depends on IP6_NF_IPTABLES
215 depends on SECURITY 204 depends on SECURITY
216 depends on NETFILTER_ADVANCED 205 depends on NETFILTER_ADVANCED
217 help 206 help
@@ -220,5 +209,7 @@ config IP6_NF_SECURITY
220 209
221 If unsure, say N. 210 If unsure, say N.
222 211
212endif # IP6_NF_IPTABLES
213
223endmenu 214endmenu
224 215
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 9ad74e8bc5bd..899e78051d8b 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -38,10 +38,11 @@ config NF_CONNTRACK
38 38
39 To compile it as a module, choose M here. If unsure, say N. 39 To compile it as a module, choose M here. If unsure, say N.
40 40
41if NF_CONNTRACK
42
41config NF_CT_ACCT 43config NF_CT_ACCT
42 bool "Connection tracking flow accounting" 44 bool "Connection tracking flow accounting"
43 depends on NETFILTER_ADVANCED 45 depends on NETFILTER_ADVANCED
44 depends on NF_CONNTRACK
45 help 46 help
46 If this option is enabled, the connection tracking code will 47 If this option is enabled, the connection tracking code will
47 keep per-flow packet and byte counters. 48 keep per-flow packet and byte counters.
@@ -63,7 +64,6 @@ config NF_CT_ACCT
63config NF_CONNTRACK_MARK 64config NF_CONNTRACK_MARK
64 bool 'Connection mark tracking support' 65 bool 'Connection mark tracking support'
65 depends on NETFILTER_ADVANCED 66 depends on NETFILTER_ADVANCED
66 depends on NF_CONNTRACK
67 help 67 help
68 This option enables support for connection marks, used by the 68 This option enables support for connection marks, used by the
69 `CONNMARK' target and `connmark' match. Similar to the mark value 69 `CONNMARK' target and `connmark' match. Similar to the mark value
@@ -72,7 +72,7 @@ config NF_CONNTRACK_MARK
72 72
73config NF_CONNTRACK_SECMARK 73config NF_CONNTRACK_SECMARK
74 bool 'Connection tracking security mark support' 74 bool 'Connection tracking security mark support'
75 depends on NF_CONNTRACK && NETWORK_SECMARK 75 depends on NETWORK_SECMARK
76 default m if NETFILTER_ADVANCED=n 76 default m if NETFILTER_ADVANCED=n
77 help 77 help
78 This option enables security markings to be applied to 78 This option enables security markings to be applied to
@@ -85,7 +85,6 @@ config NF_CONNTRACK_SECMARK
85 85
86config NF_CONNTRACK_EVENTS 86config NF_CONNTRACK_EVENTS
87 bool "Connection tracking events" 87 bool "Connection tracking events"
88 depends on NF_CONNTRACK
89 depends on NETFILTER_ADVANCED 88 depends on NETFILTER_ADVANCED
90 help 89 help
91 If this option is enabled, the connection tracking code will 90 If this option is enabled, the connection tracking code will
@@ -96,7 +95,7 @@ config NF_CONNTRACK_EVENTS
96 95
97config NF_CT_PROTO_DCCP 96config NF_CT_PROTO_DCCP
98 tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' 97 tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)'
99 depends on EXPERIMENTAL && NF_CONNTRACK 98 depends on EXPERIMENTAL
100 depends on NETFILTER_ADVANCED 99 depends on NETFILTER_ADVANCED
101 default IP_DCCP 100 default IP_DCCP
102 help 101 help
@@ -107,11 +106,10 @@ config NF_CT_PROTO_DCCP
107 106
108config NF_CT_PROTO_GRE 107config NF_CT_PROTO_GRE
109 tristate 108 tristate
110 depends on NF_CONNTRACK
111 109
112config NF_CT_PROTO_SCTP 110config NF_CT_PROTO_SCTP
113 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' 111 tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
114 depends on EXPERIMENTAL && NF_CONNTRACK 112 depends on EXPERIMENTAL
115 depends on NETFILTER_ADVANCED 113 depends on NETFILTER_ADVANCED
116 default IP_SCTP 114 default IP_SCTP
117 help 115 help
@@ -123,7 +121,6 @@ config NF_CT_PROTO_SCTP
123 121
124config NF_CT_PROTO_UDPLITE 122config NF_CT_PROTO_UDPLITE
125 tristate 'UDP-Lite protocol connection tracking support' 123 tristate 'UDP-Lite protocol connection tracking support'
126 depends on NF_CONNTRACK
127 depends on NETFILTER_ADVANCED 124 depends on NETFILTER_ADVANCED
128 help 125 help
129 With this option enabled, the layer 3 independent connection 126 With this option enabled, the layer 3 independent connection
@@ -134,7 +131,6 @@ config NF_CT_PROTO_UDPLITE
134 131
135config NF_CONNTRACK_AMANDA 132config NF_CONNTRACK_AMANDA
136 tristate "Amanda backup protocol support" 133 tristate "Amanda backup protocol support"
137 depends on NF_CONNTRACK
138 depends on NETFILTER_ADVANCED 134 depends on NETFILTER_ADVANCED
139 select TEXTSEARCH 135 select TEXTSEARCH
140 select TEXTSEARCH_KMP 136 select TEXTSEARCH_KMP
@@ -150,7 +146,6 @@ config NF_CONNTRACK_AMANDA
150 146
151config NF_CONNTRACK_FTP 147config NF_CONNTRACK_FTP
152 tristate "FTP protocol support" 148 tristate "FTP protocol support"
153 depends on NF_CONNTRACK
154 default m if NETFILTER_ADVANCED=n 149 default m if NETFILTER_ADVANCED=n
155 help 150 help
156 Tracking FTP connections is problematic: special helpers are 151 Tracking FTP connections is problematic: special helpers are
@@ -165,7 +160,7 @@ config NF_CONNTRACK_FTP
165 160
166config NF_CONNTRACK_H323 161config NF_CONNTRACK_H323
167 tristate "H.323 protocol support" 162 tristate "H.323 protocol support"
168 depends on NF_CONNTRACK && (IPV6 || IPV6=n) 163 depends on (IPV6 || IPV6=n)
169 depends on NETFILTER_ADVANCED 164 depends on NETFILTER_ADVANCED
170 help 165 help
171 H.323 is a VoIP signalling protocol from ITU-T. As one of the most 166 H.323 is a VoIP signalling protocol from ITU-T. As one of the most
@@ -185,7 +180,6 @@ config NF_CONNTRACK_H323
185 180
186config NF_CONNTRACK_IRC 181config NF_CONNTRACK_IRC
187 tristate "IRC protocol support" 182 tristate "IRC protocol support"
188 depends on NF_CONNTRACK
189 default m if NETFILTER_ADVANCED=n 183 default m if NETFILTER_ADVANCED=n
190 help 184 help
191 There is a commonly-used extension to IRC called 185 There is a commonly-used extension to IRC called
@@ -201,7 +195,6 @@ config NF_CONNTRACK_IRC
201 195
202config NF_CONNTRACK_NETBIOS_NS 196config NF_CONNTRACK_NETBIOS_NS
203 tristate "NetBIOS name service protocol support" 197 tristate "NetBIOS name service protocol support"
204 depends on NF_CONNTRACK
205 depends on NETFILTER_ADVANCED 198 depends on NETFILTER_ADVANCED
206 help 199 help
207 NetBIOS name service requests are sent as broadcast messages from an 200 NetBIOS name service requests are sent as broadcast messages from an
@@ -221,7 +214,6 @@ config NF_CONNTRACK_NETBIOS_NS
221 214
222config NF_CONNTRACK_PPTP 215config NF_CONNTRACK_PPTP
223 tristate "PPtP protocol support" 216 tristate "PPtP protocol support"
224 depends on NF_CONNTRACK
225 depends on NETFILTER_ADVANCED 217 depends on NETFILTER_ADVANCED
226 select NF_CT_PROTO_GRE 218 select NF_CT_PROTO_GRE
227 help 219 help
@@ -241,7 +233,7 @@ config NF_CONNTRACK_PPTP
241 233
242config NF_CONNTRACK_SANE 234config NF_CONNTRACK_SANE
243 tristate "SANE protocol support (EXPERIMENTAL)" 235 tristate "SANE protocol support (EXPERIMENTAL)"
244 depends on EXPERIMENTAL && NF_CONNTRACK 236 depends on EXPERIMENTAL
245 depends on NETFILTER_ADVANCED 237 depends on NETFILTER_ADVANCED
246 help 238 help
247 SANE is a protocol for remote access to scanners as implemented 239 SANE is a protocol for remote access to scanners as implemented
@@ -255,7 +247,6 @@ config NF_CONNTRACK_SANE
255 247
256config NF_CONNTRACK_SIP 248config NF_CONNTRACK_SIP
257 tristate "SIP protocol support" 249 tristate "SIP protocol support"
258 depends on NF_CONNTRACK
259 default m if NETFILTER_ADVANCED=n 250 default m if NETFILTER_ADVANCED=n
260 help 251 help
261 SIP is an application-layer control protocol that can establish, 252 SIP is an application-layer control protocol that can establish,
@@ -268,7 +259,6 @@ config NF_CONNTRACK_SIP
268 259
269config NF_CONNTRACK_TFTP 260config NF_CONNTRACK_TFTP
270 tristate "TFTP protocol support" 261 tristate "TFTP protocol support"
271 depends on NF_CONNTRACK
272 depends on NETFILTER_ADVANCED 262 depends on NETFILTER_ADVANCED
273 help 263 help
274 TFTP connection tracking helper, this is required depending 264 TFTP connection tracking helper, this is required depending
@@ -280,7 +270,6 @@ config NF_CONNTRACK_TFTP
280 270
281config NF_CT_NETLINK 271config NF_CT_NETLINK
282 tristate 'Connection tracking netlink interface' 272 tristate 'Connection tracking netlink interface'
283 depends on NF_CONNTRACK
284 select NETFILTER_NETLINK 273 select NETFILTER_NETLINK
285 depends on NF_NAT=n || NF_NAT 274 depends on NF_NAT=n || NF_NAT
286 default m if NETFILTER_ADVANCED=n 275 default m if NETFILTER_ADVANCED=n
@@ -302,6 +291,8 @@ config NETFILTER_TPROXY
302 291
303 To compile it as a module, choose M here. If unsure, say N. 292 To compile it as a module, choose M here. If unsure, say N.
304 293
294endif # NF_CONNTRACK
295
305config NETFILTER_XTABLES 296config NETFILTER_XTABLES
306 tristate "Netfilter Xtables support (required for ip_tables)" 297 tristate "Netfilter Xtables support (required for ip_tables)"
307 default m if NETFILTER_ADVANCED=n 298 default m if NETFILTER_ADVANCED=n
@@ -309,11 +300,12 @@ config NETFILTER_XTABLES
309 This is required if you intend to use any of ip_tables, 300 This is required if you intend to use any of ip_tables,
310 ip6_tables or arp_tables. 301 ip6_tables or arp_tables.
311 302
303if NETFILTER_XTABLES
304
312# alphabetically ordered list of targets 305# alphabetically ordered list of targets
313 306
314config NETFILTER_XT_TARGET_CLASSIFY 307config NETFILTER_XT_TARGET_CLASSIFY
315 tristate '"CLASSIFY" target support' 308 tristate '"CLASSIFY" target support'
316 depends on NETFILTER_XTABLES
317 depends on NETFILTER_ADVANCED 309 depends on NETFILTER_ADVANCED
318 help 310 help
319 This option adds a `CLASSIFY' target, which enables the user to set 311 This option adds a `CLASSIFY' target, which enables the user to set
@@ -326,7 +318,6 @@ config NETFILTER_XT_TARGET_CLASSIFY
326 318
327config NETFILTER_XT_TARGET_CONNMARK 319config NETFILTER_XT_TARGET_CONNMARK
328 tristate '"CONNMARK" target support' 320 tristate '"CONNMARK" target support'
329 depends on NETFILTER_XTABLES
330 depends on IP_NF_MANGLE || IP6_NF_MANGLE 321 depends on IP_NF_MANGLE || IP6_NF_MANGLE
331 depends on NF_CONNTRACK 322 depends on NF_CONNTRACK
332 depends on NETFILTER_ADVANCED 323 depends on NETFILTER_ADVANCED
@@ -342,7 +333,7 @@ config NETFILTER_XT_TARGET_CONNMARK
342 333
343config NETFILTER_XT_TARGET_CONNSECMARK 334config NETFILTER_XT_TARGET_CONNSECMARK
344 tristate '"CONNSECMARK" target support' 335 tristate '"CONNSECMARK" target support'
345 depends on NETFILTER_XTABLES && NF_CONNTRACK && NF_CONNTRACK_SECMARK 336 depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK
346 default m if NETFILTER_ADVANCED=n 337 default m if NETFILTER_ADVANCED=n
347 help 338 help
348 The CONNSECMARK target copies security markings from packets 339 The CONNSECMARK target copies security markings from packets
@@ -354,7 +345,6 @@ config NETFILTER_XT_TARGET_CONNSECMARK
354 345
355config NETFILTER_XT_TARGET_DSCP 346config NETFILTER_XT_TARGET_DSCP
356 tristate '"DSCP" and "TOS" target support' 347 tristate '"DSCP" and "TOS" target support'
357 depends on NETFILTER_XTABLES
358 depends on IP_NF_MANGLE || IP6_NF_MANGLE 348 depends on IP_NF_MANGLE || IP6_NF_MANGLE
359 depends on NETFILTER_ADVANCED 349 depends on NETFILTER_ADVANCED
360 help 350 help
@@ -371,7 +361,6 @@ config NETFILTER_XT_TARGET_DSCP
371 361
372config NETFILTER_XT_TARGET_MARK 362config NETFILTER_XT_TARGET_MARK
373 tristate '"MARK" target support' 363 tristate '"MARK" target support'
374 depends on NETFILTER_XTABLES
375 default m if NETFILTER_ADVANCED=n 364 default m if NETFILTER_ADVANCED=n
376 help 365 help
377 This option adds a `MARK' target, which allows you to create rules 366 This option adds a `MARK' target, which allows you to create rules
@@ -385,7 +374,6 @@ config NETFILTER_XT_TARGET_MARK
385 374
386config NETFILTER_XT_TARGET_NFLOG 375config NETFILTER_XT_TARGET_NFLOG
387 tristate '"NFLOG" target support' 376 tristate '"NFLOG" target support'
388 depends on NETFILTER_XTABLES
389 default m if NETFILTER_ADVANCED=n 377 default m if NETFILTER_ADVANCED=n
390 help 378 help
391 This option enables the NFLOG target, which allows to LOG 379 This option enables the NFLOG target, which allows to LOG
@@ -397,7 +385,6 @@ config NETFILTER_XT_TARGET_NFLOG
397 385
398config NETFILTER_XT_TARGET_NFQUEUE 386config NETFILTER_XT_TARGET_NFQUEUE
399 tristate '"NFQUEUE" target Support' 387 tristate '"NFQUEUE" target Support'
400 depends on NETFILTER_XTABLES
401 depends on NETFILTER_ADVANCED 388 depends on NETFILTER_ADVANCED
402 help 389 help
403 This target replaced the old obsolete QUEUE target. 390 This target replaced the old obsolete QUEUE target.
@@ -409,7 +396,6 @@ config NETFILTER_XT_TARGET_NFQUEUE
409 396
410config NETFILTER_XT_TARGET_NOTRACK 397config NETFILTER_XT_TARGET_NOTRACK
411 tristate '"NOTRACK" target support' 398 tristate '"NOTRACK" target support'
412 depends on NETFILTER_XTABLES
413 depends on IP_NF_RAW || IP6_NF_RAW 399 depends on IP_NF_RAW || IP6_NF_RAW
414 depends on NF_CONNTRACK 400 depends on NF_CONNTRACK
415 depends on NETFILTER_ADVANCED 401 depends on NETFILTER_ADVANCED
@@ -424,7 +410,6 @@ config NETFILTER_XT_TARGET_NOTRACK
424 410
425config NETFILTER_XT_TARGET_RATEEST 411config NETFILTER_XT_TARGET_RATEEST
426 tristate '"RATEEST" target support' 412 tristate '"RATEEST" target support'
427 depends on NETFILTER_XTABLES
428 depends on NETFILTER_ADVANCED 413 depends on NETFILTER_ADVANCED
429 help 414 help
430 This option adds a `RATEEST' target, which allows to measure 415 This option adds a `RATEEST' target, which allows to measure
@@ -450,7 +435,6 @@ config NETFILTER_XT_TARGET_TPROXY
450 435
451config NETFILTER_XT_TARGET_TRACE 436config NETFILTER_XT_TARGET_TRACE
452 tristate '"TRACE" target support' 437 tristate '"TRACE" target support'
453 depends on NETFILTER_XTABLES
454 depends on IP_NF_RAW || IP6_NF_RAW 438 depends on IP_NF_RAW || IP6_NF_RAW
455 depends on NETFILTER_ADVANCED 439 depends on NETFILTER_ADVANCED
456 help 440 help
@@ -463,7 +447,7 @@ config NETFILTER_XT_TARGET_TRACE
463 447
464config NETFILTER_XT_TARGET_SECMARK 448config NETFILTER_XT_TARGET_SECMARK
465 tristate '"SECMARK" target support' 449 tristate '"SECMARK" target support'
466 depends on NETFILTER_XTABLES && NETWORK_SECMARK 450 depends on NETWORK_SECMARK
467 default m if NETFILTER_ADVANCED=n 451 default m if NETFILTER_ADVANCED=n
468 help 452 help
469 The SECMARK target allows security marking of network 453 The SECMARK target allows security marking of network
@@ -473,7 +457,7 @@ config NETFILTER_XT_TARGET_SECMARK
473 457
474config NETFILTER_XT_TARGET_TCPMSS 458config NETFILTER_XT_TARGET_TCPMSS
475 tristate '"TCPMSS" target support' 459 tristate '"TCPMSS" target support'
476 depends on NETFILTER_XTABLES && (IPV6 || IPV6=n) 460 depends on (IPV6 || IPV6=n)
477 default m if NETFILTER_ADVANCED=n 461 default m if NETFILTER_ADVANCED=n
478 ---help--- 462 ---help---
479 This option adds a `TCPMSS' target, which allows you to alter the 463 This option adds a `TCPMSS' target, which allows you to alter the
@@ -500,7 +484,7 @@ config NETFILTER_XT_TARGET_TCPMSS
500 484
501config NETFILTER_XT_TARGET_TCPOPTSTRIP 485config NETFILTER_XT_TARGET_TCPOPTSTRIP
502 tristate '"TCPOPTSTRIP" target support (EXPERIMENTAL)' 486 tristate '"TCPOPTSTRIP" target support (EXPERIMENTAL)'
503 depends on EXPERIMENTAL && NETFILTER_XTABLES 487 depends on EXPERIMENTAL
504 depends on IP_NF_MANGLE || IP6_NF_MANGLE 488 depends on IP_NF_MANGLE || IP6_NF_MANGLE
505 depends on NETFILTER_ADVANCED 489 depends on NETFILTER_ADVANCED
506 help 490 help
@@ -509,7 +493,6 @@ config NETFILTER_XT_TARGET_TCPOPTSTRIP
509 493
510config NETFILTER_XT_MATCH_COMMENT 494config NETFILTER_XT_MATCH_COMMENT
511 tristate '"comment" match support' 495 tristate '"comment" match support'
512 depends on NETFILTER_XTABLES
513 depends on NETFILTER_ADVANCED 496 depends on NETFILTER_ADVANCED
514 help 497 help
515 This option adds a `comment' dummy-match, which allows you to put 498 This option adds a `comment' dummy-match, which allows you to put
@@ -520,7 +503,6 @@ config NETFILTER_XT_MATCH_COMMENT
520 503
521config NETFILTER_XT_MATCH_CONNBYTES 504config NETFILTER_XT_MATCH_CONNBYTES
522 tristate '"connbytes" per-connection counter match support' 505 tristate '"connbytes" per-connection counter match support'
523 depends on NETFILTER_XTABLES
524 depends on NF_CONNTRACK 506 depends on NF_CONNTRACK
525 depends on NETFILTER_ADVANCED 507 depends on NETFILTER_ADVANCED
526 select NF_CT_ACCT 508 select NF_CT_ACCT
@@ -533,7 +515,6 @@ config NETFILTER_XT_MATCH_CONNBYTES
533 515
534config NETFILTER_XT_MATCH_CONNLIMIT 516config NETFILTER_XT_MATCH_CONNLIMIT
535 tristate '"connlimit" match support"' 517 tristate '"connlimit" match support"'
536 depends on NETFILTER_XTABLES
537 depends on NF_CONNTRACK 518 depends on NF_CONNTRACK
538 depends on NETFILTER_ADVANCED 519 depends on NETFILTER_ADVANCED
539 ---help--- 520 ---help---
@@ -542,7 +523,6 @@ config NETFILTER_XT_MATCH_CONNLIMIT
542 523
543config NETFILTER_XT_MATCH_CONNMARK 524config NETFILTER_XT_MATCH_CONNMARK
544 tristate '"connmark" connection mark match support' 525 tristate '"connmark" connection mark match support'
545 depends on NETFILTER_XTABLES
546 depends on NF_CONNTRACK 526 depends on NF_CONNTRACK
547 depends on NETFILTER_ADVANCED 527 depends on NETFILTER_ADVANCED
548 select NF_CONNTRACK_MARK 528 select NF_CONNTRACK_MARK
@@ -556,7 +536,6 @@ config NETFILTER_XT_MATCH_CONNMARK
556 536
557config NETFILTER_XT_MATCH_CONNTRACK 537config NETFILTER_XT_MATCH_CONNTRACK
558 tristate '"conntrack" connection tracking match support' 538 tristate '"conntrack" connection tracking match support'
559 depends on NETFILTER_XTABLES
560 depends on NF_CONNTRACK 539 depends on NF_CONNTRACK
561 default m if NETFILTER_ADVANCED=n 540 default m if NETFILTER_ADVANCED=n
562 help 541 help
@@ -570,7 +549,6 @@ config NETFILTER_XT_MATCH_CONNTRACK
570 549
571config NETFILTER_XT_MATCH_DCCP 550config NETFILTER_XT_MATCH_DCCP
572 tristate '"dccp" protocol match support' 551 tristate '"dccp" protocol match support'
573 depends on NETFILTER_XTABLES
574 depends on NETFILTER_ADVANCED 552 depends on NETFILTER_ADVANCED
575 default IP_DCCP 553 default IP_DCCP
576 help 554 help
@@ -583,7 +561,6 @@ config NETFILTER_XT_MATCH_DCCP
583 561
584config NETFILTER_XT_MATCH_DSCP 562config NETFILTER_XT_MATCH_DSCP
585 tristate '"dscp" and "tos" match support' 563 tristate '"dscp" and "tos" match support'
586 depends on NETFILTER_XTABLES
587 depends on NETFILTER_ADVANCED 564 depends on NETFILTER_ADVANCED
588 help 565 help
589 This option adds a `DSCP' match, which allows you to match against 566 This option adds a `DSCP' match, which allows you to match against
@@ -599,7 +576,6 @@ config NETFILTER_XT_MATCH_DSCP
599 576
600config NETFILTER_XT_MATCH_ESP 577config NETFILTER_XT_MATCH_ESP
601 tristate '"esp" match support' 578 tristate '"esp" match support'
602 depends on NETFILTER_XTABLES
603 depends on NETFILTER_ADVANCED 579 depends on NETFILTER_ADVANCED
604 help 580 help
605 This match extension allows you to match a range of SPIs 581 This match extension allows you to match a range of SPIs
@@ -609,7 +585,7 @@ config NETFILTER_XT_MATCH_ESP
609 585
610config NETFILTER_XT_MATCH_HASHLIMIT 586config NETFILTER_XT_MATCH_HASHLIMIT
611 tristate '"hashlimit" match support' 587 tristate '"hashlimit" match support'
612 depends on NETFILTER_XTABLES && (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) 588 depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
613 depends on NETFILTER_ADVANCED 589 depends on NETFILTER_ADVANCED
614 help 590 help
615 This option adds a `hashlimit' match. 591 This option adds a `hashlimit' match.
@@ -624,7 +600,6 @@ config NETFILTER_XT_MATCH_HASHLIMIT
624 600
625config NETFILTER_XT_MATCH_HELPER 601config NETFILTER_XT_MATCH_HELPER
626 tristate '"helper" match support' 602 tristate '"helper" match support'
627 depends on NETFILTER_XTABLES
628 depends on NF_CONNTRACK 603 depends on NF_CONNTRACK
629 depends on NETFILTER_ADVANCED 604 depends on NETFILTER_ADVANCED
630 help 605 help
@@ -635,7 +610,6 @@ config NETFILTER_XT_MATCH_HELPER
635 610
636config NETFILTER_XT_MATCH_IPRANGE 611config NETFILTER_XT_MATCH_IPRANGE
637 tristate '"iprange" address range match support' 612 tristate '"iprange" address range match support'
638 depends on NETFILTER_XTABLES
639 depends on NETFILTER_ADVANCED 613 depends on NETFILTER_ADVANCED
640 ---help--- 614 ---help---
641 This option adds a "iprange" match, which allows you to match based on 615 This option adds a "iprange" match, which allows you to match based on
@@ -646,7 +620,6 @@ config NETFILTER_XT_MATCH_IPRANGE
646 620
647config NETFILTER_XT_MATCH_LENGTH 621config NETFILTER_XT_MATCH_LENGTH
648 tristate '"length" match support' 622 tristate '"length" match support'
649 depends on NETFILTER_XTABLES
650 depends on NETFILTER_ADVANCED 623 depends on NETFILTER_ADVANCED
651 help 624 help
652 This option allows you to match the length of a packet against a 625 This option allows you to match the length of a packet against a
@@ -656,7 +629,6 @@ config NETFILTER_XT_MATCH_LENGTH
656 629
657config NETFILTER_XT_MATCH_LIMIT 630config NETFILTER_XT_MATCH_LIMIT
658 tristate '"limit" match support' 631 tristate '"limit" match support'
659 depends on NETFILTER_XTABLES
660 depends on NETFILTER_ADVANCED 632 depends on NETFILTER_ADVANCED
661 help 633 help
662 limit matching allows you to control the rate at which a rule can be 634 limit matching allows you to control the rate at which a rule can be
@@ -667,7 +639,6 @@ config NETFILTER_XT_MATCH_LIMIT
667 639
668config NETFILTER_XT_MATCH_MAC 640config NETFILTER_XT_MATCH_MAC
669 tristate '"mac" address match support' 641 tristate '"mac" address match support'
670 depends on NETFILTER_XTABLES
671 depends on NETFILTER_ADVANCED 642 depends on NETFILTER_ADVANCED
672 help 643 help
673 MAC matching allows you to match packets based on the source 644 MAC matching allows you to match packets based on the source
@@ -677,7 +648,6 @@ config NETFILTER_XT_MATCH_MAC
677 648
678config NETFILTER_XT_MATCH_MARK 649config NETFILTER_XT_MATCH_MARK
679 tristate '"mark" match support' 650 tristate '"mark" match support'
680 depends on NETFILTER_XTABLES
681 default m if NETFILTER_ADVANCED=n 651 default m if NETFILTER_ADVANCED=n
682 help 652 help
683 Netfilter mark matching allows you to match packets based on the 653 Netfilter mark matching allows you to match packets based on the
@@ -688,7 +658,6 @@ config NETFILTER_XT_MATCH_MARK
688 658
689config NETFILTER_XT_MATCH_MULTIPORT 659config NETFILTER_XT_MATCH_MULTIPORT
690 tristate '"multiport" Multiple port match support' 660 tristate '"multiport" Multiple port match support'
691 depends on NETFILTER_XTABLES
692 depends on NETFILTER_ADVANCED 661 depends on NETFILTER_ADVANCED
693 help 662 help
694 Multiport matching allows you to match TCP or UDP packets based on 663 Multiport matching allows you to match TCP or UDP packets based on
@@ -699,7 +668,6 @@ config NETFILTER_XT_MATCH_MULTIPORT
699 668
700config NETFILTER_XT_MATCH_OWNER 669config NETFILTER_XT_MATCH_OWNER
701 tristate '"owner" match support' 670 tristate '"owner" match support'
702 depends on NETFILTER_XTABLES
703 depends on NETFILTER_ADVANCED 671 depends on NETFILTER_ADVANCED
704 ---help--- 672 ---help---
705 Socket owner matching allows you to match locally-generated packets 673 Socket owner matching allows you to match locally-generated packets
@@ -708,7 +676,7 @@ config NETFILTER_XT_MATCH_OWNER
708 676
709config NETFILTER_XT_MATCH_POLICY 677config NETFILTER_XT_MATCH_POLICY
710 tristate 'IPsec "policy" match support' 678 tristate 'IPsec "policy" match support'
711 depends on NETFILTER_XTABLES && XFRM 679 depends on XFRM
712 default m if NETFILTER_ADVANCED=n 680 default m if NETFILTER_ADVANCED=n
713 help 681 help
714 Policy matching allows you to match packets based on the 682 Policy matching allows you to match packets based on the
@@ -719,7 +687,7 @@ config NETFILTER_XT_MATCH_POLICY
719 687
720config NETFILTER_XT_MATCH_PHYSDEV 688config NETFILTER_XT_MATCH_PHYSDEV
721 tristate '"physdev" match support' 689 tristate '"physdev" match support'
722 depends on NETFILTER_XTABLES && BRIDGE && BRIDGE_NETFILTER 690 depends on BRIDGE && BRIDGE_NETFILTER
723 depends on NETFILTER_ADVANCED 691 depends on NETFILTER_ADVANCED
724 help 692 help
725 Physdev packet matching matches against the physical bridge ports 693 Physdev packet matching matches against the physical bridge ports
@@ -729,7 +697,6 @@ config NETFILTER_XT_MATCH_PHYSDEV
729 697
730config NETFILTER_XT_MATCH_PKTTYPE 698config NETFILTER_XT_MATCH_PKTTYPE
731 tristate '"pkttype" packet type match support' 699 tristate '"pkttype" packet type match support'
732 depends on NETFILTER_XTABLES
733 depends on NETFILTER_ADVANCED 700 depends on NETFILTER_ADVANCED
734 help 701 help
735 Packet type matching allows you to match a packet by 702 Packet type matching allows you to match a packet by
@@ -742,7 +709,6 @@ config NETFILTER_XT_MATCH_PKTTYPE
742 709
743config NETFILTER_XT_MATCH_QUOTA 710config NETFILTER_XT_MATCH_QUOTA
744 tristate '"quota" match support' 711 tristate '"quota" match support'
745 depends on NETFILTER_XTABLES
746 depends on NETFILTER_ADVANCED 712 depends on NETFILTER_ADVANCED
747 help 713 help
748 This option adds a `quota' match, which allows to match on a 714 This option adds a `quota' match, which allows to match on a
@@ -753,7 +719,6 @@ config NETFILTER_XT_MATCH_QUOTA
753 719
754config NETFILTER_XT_MATCH_RATEEST 720config NETFILTER_XT_MATCH_RATEEST
755 tristate '"rateest" match support' 721 tristate '"rateest" match support'
756 depends on NETFILTER_XTABLES
757 depends on NETFILTER_ADVANCED 722 depends on NETFILTER_ADVANCED
758 select NETFILTER_XT_TARGET_RATEEST 723 select NETFILTER_XT_TARGET_RATEEST
759 help 724 help
@@ -764,7 +729,6 @@ config NETFILTER_XT_MATCH_RATEEST
764 729
765config NETFILTER_XT_MATCH_REALM 730config NETFILTER_XT_MATCH_REALM
766 tristate '"realm" match support' 731 tristate '"realm" match support'
767 depends on NETFILTER_XTABLES
768 depends on NETFILTER_ADVANCED 732 depends on NETFILTER_ADVANCED
769 select NET_CLS_ROUTE 733 select NET_CLS_ROUTE
770 help 734 help
@@ -779,7 +743,6 @@ config NETFILTER_XT_MATCH_REALM
779 743
780config NETFILTER_XT_MATCH_RECENT 744config NETFILTER_XT_MATCH_RECENT
781 tristate '"recent" match support' 745 tristate '"recent" match support'
782 depends on NETFILTER_XTABLES
783 depends on NETFILTER_ADVANCED 746 depends on NETFILTER_ADVANCED
784 ---help--- 747 ---help---
785 This match is used for creating one or many lists of recently 748 This match is used for creating one or many lists of recently
@@ -797,7 +760,7 @@ config NETFILTER_XT_MATCH_RECENT_PROC_COMPAT
797 760
798config NETFILTER_XT_MATCH_SCTP 761config NETFILTER_XT_MATCH_SCTP
799 tristate '"sctp" protocol match support (EXPERIMENTAL)' 762 tristate '"sctp" protocol match support (EXPERIMENTAL)'
800 depends on NETFILTER_XTABLES && EXPERIMENTAL 763 depends on EXPERIMENTAL
801 depends on NETFILTER_ADVANCED 764 depends on NETFILTER_ADVANCED
802 default IP_SCTP 765 default IP_SCTP
803 help 766 help
@@ -825,7 +788,6 @@ config NETFILTER_XT_MATCH_SOCKET
825 788
826config NETFILTER_XT_MATCH_STATE 789config NETFILTER_XT_MATCH_STATE
827 tristate '"state" match support' 790 tristate '"state" match support'
828 depends on NETFILTER_XTABLES
829 depends on NF_CONNTRACK 791 depends on NF_CONNTRACK
830 default m if NETFILTER_ADVANCED=n 792 default m if NETFILTER_ADVANCED=n
831 help 793 help
@@ -837,7 +799,6 @@ config NETFILTER_XT_MATCH_STATE
837 799
838config NETFILTER_XT_MATCH_STATISTIC 800config NETFILTER_XT_MATCH_STATISTIC
839 tristate '"statistic" match support' 801 tristate '"statistic" match support'
840 depends on NETFILTER_XTABLES
841 depends on NETFILTER_ADVANCED 802 depends on NETFILTER_ADVANCED
842 help 803 help
843 This option adds a `statistic' match, which allows you to match 804 This option adds a `statistic' match, which allows you to match
@@ -847,7 +808,6 @@ config NETFILTER_XT_MATCH_STATISTIC
847 808
848config NETFILTER_XT_MATCH_STRING 809config NETFILTER_XT_MATCH_STRING
849 tristate '"string" match support' 810 tristate '"string" match support'
850 depends on NETFILTER_XTABLES
851 depends on NETFILTER_ADVANCED 811 depends on NETFILTER_ADVANCED
852 select TEXTSEARCH 812 select TEXTSEARCH
853 select TEXTSEARCH_KMP 813 select TEXTSEARCH_KMP
@@ -861,7 +821,6 @@ config NETFILTER_XT_MATCH_STRING
861 821
862config NETFILTER_XT_MATCH_TCPMSS 822config NETFILTER_XT_MATCH_TCPMSS
863 tristate '"tcpmss" match support' 823 tristate '"tcpmss" match support'
864 depends on NETFILTER_XTABLES
865 depends on NETFILTER_ADVANCED 824 depends on NETFILTER_ADVANCED
866 help 825 help
867 This option adds a `tcpmss' match, which allows you to examine the 826 This option adds a `tcpmss' match, which allows you to examine the
@@ -872,7 +831,6 @@ config NETFILTER_XT_MATCH_TCPMSS
872 831
873config NETFILTER_XT_MATCH_TIME 832config NETFILTER_XT_MATCH_TIME
874 tristate '"time" match support' 833 tristate '"time" match support'
875 depends on NETFILTER_XTABLES
876 depends on NETFILTER_ADVANCED 834 depends on NETFILTER_ADVANCED
877 ---help--- 835 ---help---
878 This option adds a "time" match, which allows you to match based on 836 This option adds a "time" match, which allows you to match based on
@@ -887,7 +845,6 @@ config NETFILTER_XT_MATCH_TIME
887 845
888config NETFILTER_XT_MATCH_U32 846config NETFILTER_XT_MATCH_U32
889 tristate '"u32" match support' 847 tristate '"u32" match support'
890 depends on NETFILTER_XTABLES
891 depends on NETFILTER_ADVANCED 848 depends on NETFILTER_ADVANCED
892 ---help--- 849 ---help---
893 u32 allows you to extract quantities of up to 4 bytes from a packet, 850 u32 allows you to extract quantities of up to 4 bytes from a packet,
@@ -899,5 +856,6 @@ config NETFILTER_XT_MATCH_U32
899 856
900 Details and examples are in the kernel module source. 857 Details and examples are in the kernel module source.
901 858
902endmenu 859endif # NETFILTER_XTABLES
903 860
861endmenu
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-27 17:20:02 -0500