diff options
| author | Waldemar Brodkorb <wbx@openadk.org> | 2009-11-29 19:45:19 +0100 |
|---|---|---|
| committer | Waldemar Brodkorb <wbx@openadk.org> | 2009-11-29 19:45:19 +0100 |
| commit | b3a54c520195f3cab1109cb90de8179e4dff433f (patch) | |
| tree | 6728c4cdb14fd18a6b7c040c7d395a2d5603fc74 | |
| parent | 81b38e16646cc758202b51b5174da63e2e09646a (diff) | |
add bridging firewall stuff
- tested with a transparent squid proxy
- fix some minor other stuff
- not completely ready
| -rw-r--r-- | mk/modules.mk | 39 | ||||
| -rwxr-xr-x | package/base-files/extra/init | 3 | ||||
| -rwxr-xr-x | package/base-files/extra/sbin/update | 9 | ||||
| -rw-r--r-- | package/busybox/config/procps/Config.in | 2 | ||||
| -rw-r--r-- | package/cfinstall/src/cfinstall | 2 | ||||
| -rw-r--r-- | package/ebtables/Makefile | 2 | ||||
| -rw-r--r-- | package/ebtables/patches/patch-Makefile | 26 | ||||
| -rw-r--r-- | package/grub-bin/Makefile | 2 | ||||
| -rw-r--r-- | package/squid/Makefile | 3 | ||||
| -rw-r--r-- | package/squid/files/squid.conf | 39 | ||||
| -rw-r--r-- | package/squid/files/squid.init | 37 | ||||
| -rw-r--r-- | package/squid/files/squid.postinst | 6 | ||||
| -rw-r--r-- | target/linux/config/Config.in.netfilter | 247 |
13 files changed, 374 insertions, 43 deletions
diff --git a/mk/modules.mk b/mk/modules.mk index bdb8fa897..19ab1b14d 100644 --- a/mk/modules.mk +++ b/mk/modules.mk @@ -269,6 +269,45 @@ $(eval $(call KMOD_template,INET_XFRM_MODE_BEET,net-ipsec-beet,\ ## Filtering / Firewalling ## # +# Ethernet Bridging firewall +# +$(eval $(call KMOD_template,BRIDGE_NF_EBTABLES,nf-ebtables,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtables \ +,55)) + +$(eval $(call KMOD_template,BRIDGE_EBT_BROUTE,nf-ebtables-broute,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_broute \ +,60)) + +$(eval $(call KMOD_template,BRIDGE_EBT_T_FILTER,nf-ebtables-filter,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_filter \ +,60)) + +$(eval $(call KMOD_template,BRIDGE_EBT_T_NAT,nf-ebtables-nat,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebtable_nat \ +,60)) + +$(eval $(call KMOD_template,BRIDGE_EBT_802_3,nf-ebtables-802-3,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_802_3 \ +,65)) + +$(eval $(call KMOD_template,BRIDGE_EBT_AMONG,nf-ebtables-among,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_among \ +,65)) + +$(eval $(call KMOD_template,BRIDGE_EBT_ARP,nf-ebtables-arp,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_arpreply \ +,65)) + +$(eval $(call KMOD_template,BRIDGE_EBT_IP,nf-ebtables-ip,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_ip \ +,65)) + +$(eval $(call KMOD_template,BRIDGE_EBT_REDIRECT,nf-ebtables-redirect,\ + $(MODULES_DIR)/kernel/net/bridge/netfilter/ebt_redirect \ +,65)) + +# # Netfilter Core # $(eval $(call KMOD_template,NETFILTER_XT_TARGET_CLASSIFY,nf-classify,\ diff --git a/package/base-files/extra/init b/package/base-files/extra/init index 9013065d0..db8c3a676 100755 --- a/package/base-files/extra/init +++ b/package/base-files/extra/init @@ -1,5 +1,5 @@ #!/bin/sh -echo "Pre-boot initializing" +echo "Starting system ..." export PATH=/bin:/sbin:/usr/bin:/usr/sbin mount -nt proc proc /proc mount -o nosuid,nodev,noexec -t sysfs sysfs /sys @@ -19,5 +19,4 @@ mount -o remount,rw / cat /etc/.rnd >/dev/urandom 2>&1 [ -f /etc/fstab ] && mount -a [ -x /sbin/cfgfs ] && { cfgfs setup; mount -o remount,ro /;} -echo "Starting system" exec /sbin/init diff --git a/package/base-files/extra/sbin/update b/package/base-files/extra/sbin/update index 83807ccf5..10d6e58c2 100755 --- a/package/base-files/extra/sbin/update +++ b/package/base-files/extra/sbin/update @@ -18,17 +18,17 @@ check_exit() { } extract_from_file() { - cat $1 | gunzip -c | tar -xvf - + cat $1 | gunzip -c | tar -xf - check_exit } extract_from_ssh() { - ssh $1 "cat $2" | gunzip -c | tar -xvf - + ssh $1 "cat $2" | gunzip -c | tar -xf - check_exit } extract_from_http() { - wget -O - $1 | gunzip -c | tar -xvf - + wget -O - $1 | gunzip -c | tar -xf - check_exit } @@ -61,5 +61,4 @@ esac sync mount -o bind /etc /tmp/.cfgfs/root -echo "Check with cfgfs status if you need to merge and save any changes in /etc." -echo "You should reboot now." +echo "Update sucessful. You should reboot now." diff --git a/package/busybox/config/procps/Config.in b/package/busybox/config/procps/Config.in index acec4e45e..c0c600b4e 100644 --- a/package/busybox/config/procps/Config.in +++ b/package/busybox/config/procps/Config.in @@ -64,7 +64,7 @@ config BUSYBOX_PIDOF config BUSYBOX_FEATURE_PIDOF_SINGLE bool "Enable argument for single shot (-s)" - default n + default y depends on BUSYBOX_PIDOF help Support argument '-s' for returning only the first pid found. diff --git a/package/cfinstall/src/cfinstall b/package/cfinstall/src/cfinstall index 0c1a61779..7e9a0d1ad 100644 --- a/package/cfinstall/src/cfinstall +++ b/package/cfinstall/src/cfinstall @@ -35,7 +35,7 @@ chroot /mnt mount -t proc /proc /proc chroot /mnt mount -t sysfs /sys /sys cat << EOF > /mnt/boot/grub/grub.cfg set default=0 -set timeout=5 +set timeout=1 serial --unit=0 --speed=$speed terminal_output serial terminal_input serial diff --git a/package/ebtables/Makefile b/package/ebtables/Makefile index 05392d4b9..2a2c7dfe3 100644 --- a/package/ebtables/Makefile +++ b/package/ebtables/Makefile @@ -23,7 +23,9 @@ BUILD_STYLE:= auto INSTALL_STYLE:= auto post-install: + ${INSTALL_DIR} ${IDIR_EBTABLES}/etc ${INSTALL_DIR} ${IDIR_EBTABLES}/usr/sbin ${IDIR_EBTABLES}/usr/lib + ${INSTALL_DATA} ${WRKINST}/etc/ethertypes ${IDIR_EBTABLES}/etc ${INSTALL_BIN} ${WRKINST}/usr/sbin/ebtables ${IDIR_EBTABLES}/usr/sbin ${CP} ${WRKINST}/usr/lib/*.so ${IDIR_EBTABLES}/usr/lib diff --git a/package/ebtables/patches/patch-Makefile b/package/ebtables/patches/patch-Makefile index 455893dcc..62528ec30 100644 --- a/package/ebtables/patches/patch-Makefile +++ b/package/ebtables/patches/patch-Makefile @@ -1,6 +1,6 @@ --- ebtables-v2.0.9-1.orig/Makefile 2009-06-21 15:13:25.000000000 +0200 -+++ ebtables-v2.0.9-1/Makefile 2009-11-29 12:54:31.000000000 +0100 -@@ -8,10 +8,10 @@ PROGDATE:=June\ 2009 ++++ ebtables-v2.0.9-1/Makefile 2009-11-29 15:39:30.000000000 +0100 +@@ -8,17 +8,16 @@ PROGDATE:=June\ 2009 # default paths LIBDIR:=/usr/lib @@ -14,7 +14,25 @@ SYSCONFIGDIR:=/etc/sysconfig DESTDIR:= -@@ -154,28 +154,29 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/ +-CFLAGS:=-Wall -Wunused ++CFLAGS?=-Wall -Wunused + CFLAGS_SH_LIB:=-fPIC +-CC:=gcc +-LD:=ld ++CC?=gcc + + ifeq ($(shell uname -m),sparc64) + CFLAGS+=-DEBT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32 +@@ -85,7 +84,7 @@ ebtables-standalone.o: ebtables-standalo + + .PHONY: libebtc + libebtc: $(OBJECTS2) +- $(LD) -shared -soname libebtc.so -o libebtc.so -lc $(OBJECTS2) ++ $(CC) -shared -o libebtc.so -lc $(OBJECTS2) + + ebtables: $(OBJECTS) ebtables-standalone.o libebtc + $(CC) $(CFLAGS) $(CFLAGS_SH_LIB) -o $@ ebtables-standalone.o -I$(KERNEL_INCLUDES) -L. -Lextensions -lebtc $(EXT_LIBSI) \ +@@ -154,28 +153,29 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/ .PHONY: scripts scripts: ebtables-save ebtables.sysv ebtables-config cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_ @@ -51,7 +69,7 @@ .PHONY: install install: $(MANDIR)/man8/ebtables.8 $(ETHERTYPESFILE) exec scripts -@@ -199,18 +200,18 @@ release: +@@ -199,18 +199,18 @@ release: rm -f extensions/ebt_inat.c rm -rf $(CVSDIRS) mkdir -p include/linux/netfilter_bridge diff --git a/package/grub-bin/Makefile b/package/grub-bin/Makefile index 1d2fbb334..24f386acd 100644 --- a/package/grub-bin/Makefile +++ b/package/grub-bin/Makefile @@ -8,7 +8,7 @@ include ${TOPDIR}/rules.mk PKG_NAME:= grub-bin PKG_VERSION:= 1.97.1 PKG_RELEASE:= 1 -PKG_MD5SUM:= 99ddead9dcb689a7ec2431c1e6b3cf0d +PKG_MD5SUM:= 24961a39e63d8ec16d765aad3a301cda PKG_DESCR:= GRUB bootloader PKG_SECTION:= sys PKG_SITES:= http://openadk.org/distfiles/ diff --git a/package/squid/Makefile b/package/squid/Makefile index 9395c65c8..cfc35061c 100644 --- a/package/squid/Makefile +++ b/package/squid/Makefile @@ -146,6 +146,9 @@ post-configure: ${SED} 's#postdeps="-lstdc.*#postdeps="-lm"#' \ ${WRKBUILD}/libtool endif +post-configure: + ${SED} 's#\(hardcode_into_libs=\).*$$#\1no#' \ + ${WRKBUILD}/libtool post-install: ${INSTALL_MODS_y} ${INSTALL_MODS_m} ${INSTALL_DIR} ${IDIR_SQUID}/etc/squid diff --git a/package/squid/files/squid.conf b/package/squid/files/squid.conf index 86ffa60c7..9e6571192 100644 --- a/package/squid/files/squid.conf +++ b/package/squid/files/squid.conf @@ -1,27 +1,16 @@ visible_hostname linux +# for transparent proxy use following +# http_port 3128 transparent http_port 3128 -# acl -acl manager proto cache_object -acl localhost src 127.0.0.1/32 -acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 -acl localnet src 10.0.0.0/8 # RFC1918 possible internal network -acl localnet src 172.16.0.0/12 # RFC1918 possible internal network -acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -http_access allow localnet -http_access deny all +pid_filename /var/run/squid.pid +# logging +access_log syslog +cache_store_log none +cache_log /var/log/squid-cache.log +# security +cache_effective_user squid +cache_effective_group squid +# cache dir +cache_dir ufs /var/squid/cache 10M 16 256 +# allow all +http_access allow all diff --git a/package/squid/files/squid.init b/package/squid/files/squid.init new file mode 100644 index 000000000..5fd8e4c13 --- /dev/null +++ b/package/squid/files/squid.init @@ -0,0 +1,37 @@ +#!/bin/sh +#PKG squid +#INIT 70 + +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + test x"${squid:-NO}" = x"NO" && exit 0 + exec sh $0 start + ;; +start) + if [ ! -f /var/log/squid-cache.log ];then + touch /var/log/squid-cache.log + chown squid:squid /var/log/squid-cache.log + fi + if [ ! -d /var/squid/cache ];then + mkdir -p /var/squid/cache + chown squid:squid /var/squid/cache + squid -z + fi + squid + ;; +stop) + squid -k kill + ;; +restart) + sh $0 stop + sh $0 start + ;; + +*) + echo "usage: $0 {start | stop | restart}" + exit 1 +esac +exit $? diff --git a/package/squid/files/squid.postinst b/package/squid/files/squid.postinst new file mode 100644 index 000000000..6a08126c9 --- /dev/null +++ b/package/squid/files/squid.postinst @@ -0,0 +1,6 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +gid=$(get_next_gid) +add_user squid $(get_next_uid) $gid /var/squid/cache +add_group squid $gid +add_rcconf squid squid NO diff --git a/target/linux/config/Config.in.netfilter b/target/linux/config/Config.in.netfilter index a4dc9b7c7..fc3c2682f 100644 --- a/target/linux/config/Config.in.netfilter +++ b/target/linux/config/Config.in.netfilter @@ -8,6 +8,10 @@ config ADK_KERNEL_NETFILTER_ADVANCED bool default n +config ADK_KERNEL_BRIDGE_NETFILTER + bool + default n + config ADK_KERNEL_NETFILTER_XTABLES bool select ADK_KERNEL_NETFILTER @@ -397,7 +401,7 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ULOG config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT tristate 'REDIRECT target support' - depends on ADK_KPACKAGE_KMOD_IP_NF_NAT + depends on ADK_KPACKAGE_KMOD_NF_NAT help REDIRECT is a special case of NAT: all incoming connections are mapped onto the incoming interface's address, causing the packets to @@ -406,7 +410,7 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP tristate 'NETMAP target support' - depends on ADK_KPACKAGE_KMOD_IP_NF_NAT + depends on ADK_KPACKAGE_KMOD_NF_NAT help NETMAP is an implementation of static 1:1 NAT mapping of network addresses. It maps the network address part, while keeping the host @@ -415,14 +419,14 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP config ADK_KPACKAGE_KMOD_IP_NF_TARGET_SAME tristate 'SAME target support' - depends on ADK_KPACKAGE_KMOD_IP_NF_NAT + depends on ADK_KPACKAGE_KMOD_NF_NAT help This option adds a `SAME' target, which works like the standard SNAT target, but attempts to give clients the same IP for all connections. config ADK_KPACKAGE_KMOD_IP_NF_MANGLE tristate 'Packet mangling' - depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES + depends on ADK_KPACKAGE_KMOD_NF_NAT help This option adds a `mangle' table to iptables: see the man page for iptables(8). This table is used for various packet alterations @@ -441,4 +445,239 @@ config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ECN ECN support in general. endmenu + +menu "Ethernet bridge firewalling" + +config ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + tristate 'Ethernet Bridge tables (ebtables) support' + select ADK_KERNEL_BRIDGE_NETFILTER + help + ebtables is a general, extensible frame/packet identification + framework. Say 'Y' or 'M' here if you want to do Ethernet + filtering/NAT/brouting on the Ethernet bridge. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_BROUTE + tristate "ebt: broute table support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + The ebtables broute table is used to define rules that decide between + bridging and routing frames, giving Linux the functionality of a + brouter. See the man page for ebtables(8) and examples on the ebtables + website. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_FILTER + tristate "ebt: filter table support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + The ebtables filter table is used to define frame filtering rules at + local input, forwarding and local output. See the man page for + ebtables(8). + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_NAT + tristate "ebt: nat table support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + The ebtables nat table is used to define rules that alter the MAC + source address (MAC SNAT) or the MAC destination address (MAC DNAT). + See the man page for ebtables(8). + + To compile it as a module, choose M here. If unsure, say N. +# +# matches +# +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_802_3 + tristate "ebt: 802.3 filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds matching support for 802.3 Ethernet frames. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_AMONG + tristate "ebt: among filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the among match, which allows matching the MAC source + and/or destination address on a list of addresses. Optionally, + MAC/IP address pairs can be matched, f.e. for anti-spoofing rules. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARP + tristate "ebt: ARP filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the ARP match, which allows ARP and RARP header field + filtering. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP + tristate "ebt: IP filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the IP match, which allows basic IP header field + filtering. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP6 + tristate "ebt: IP6 filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES && ADK_KPACKAGE_KMOD_IPV6 + help + This option adds the IP6 match, which allows basic IPV6 header field + filtering. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LIMIT + tristate "ebt: limit match support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the limit match, which allows you to control + the rate at which a rule can be matched. This match is the + equivalent of the iptables limit match. + + If you want to compile it as a module, say M here and read + <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK + tristate "ebt: mark filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the mark match, which allows matching frames based on + the 'nfmark' value in the frame. This can be set by the mark target. + This value is the same as the one used in the iptables mark match and + target. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_PKTTYPE + tristate "ebt: packet type filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the packet type match, which allows matching on the + type of packet based on its Ethernet "class" (as determined by + the generic networking code): broadcast, multicast, + for this host alone or for another host. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_STP + tristate "ebt: STP filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the Spanning Tree Protocol match, which + allows STP header field filtering. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_VLAN + tristate "ebt: 802.1Q VLAN filter support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the 802.1Q vlan match, which allows the filtering of + 802.1Q vlan fields. + + To compile it as a module, choose M here. If unsure, say N. +# +# targets +# +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARPREPLY + tristate "ebt: arp reply target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the arp reply target, which allows + automatically sending arp replies to arp requests. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_DNAT + tristate "ebt: dnat target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the MAC DNAT target, which allows altering the MAC + destination address of frames. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK_T + tristate "ebt: mark target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the mark target, which allows marking frames by + setting the 'nfmark' value in the frame. + This value is the same as the one used in the iptables mark match and + target. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_REDIRECT + tristate "ebt: redirect target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the MAC redirect target, which allows altering the MAC + destination address of a frame to that of the device it arrived on. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_SNAT + tristate "ebt: snat target support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the MAC SNAT target, which allows altering the MAC + source address of frames. + + To compile it as a module, choose M here. If unsure, say N. +# +# watchers +# +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LOG + tristate "ebt: log support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option adds the log watcher, that you can use in any rule + in any ebtables table. It records info about the frame header + to the syslog. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ULOG + tristate "ebt: ulog support (OBSOLETE)" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option enables the old bridge-specific "ebt_ulog" implementation + which has been obsoleted by the new "nfnetlink_log" code (see + CONFIG_NETFILTER_NETLINK_LOG). + + This option adds the ulog watcher, that you can use in any rule + in any ebtables table. The packet is passed to a userspace + logging daemon using netlink multicast sockets. This differs + from the log watcher in the sense that the complete packet is + sent to userspace instead of a descriptive text and that + netlink multicast sockets are used instead of the syslog. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_KPACKAGE_KMOD_BRIDGE_EBT_NFLOG + tristate "ebt: nflog support" + depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES + help + This option enables the nflog watcher, which allows to LOG + messages through the netfilter logging API, which can use + either the old LOG target, the old ULOG target or nfnetlink_log + as backend. + + This option adds the nflog watcher, that you can use in any rule + in any ebtables table. + + To compile it as a module, choose M here. If unsure, say N. + + +endmenu + endmenu |