diff options
author | Waldemar Brodkorb <wbx@openadk.org> | 2010-04-25 03:14:44 +0200 |
---|---|---|
committer | Waldemar Brodkorb <wbx@openadk.org> | 2010-04-25 03:14:44 +0200 |
commit | ab0fccc6bc1991aa1a9e37fde4b6e27361b7ff44 (patch) | |
tree | b9f6af73a541cff06e8b19e533aec19f3f442c4f /target/linux/config/Config.in.netfilter.ip4 | |
parent | 201380b2d06fef0ede1fd9777b7874950c220a2a (diff) |
fix nat helpers for ipv4, add rtsp nat helper
Diffstat (limited to 'target/linux/config/Config.in.netfilter.ip4')
-rw-r--r-- | target/linux/config/Config.in.netfilter.ip4 | 123 |
1 files changed, 1 insertions, 122 deletions
diff --git a/target/linux/config/Config.in.netfilter.ip4 b/target/linux/config/Config.in.netfilter.ip4 index 34eb14449..95a71b917 100644 --- a/target/linux/config/Config.in.netfilter.ip4 +++ b/target/linux/config/Config.in.netfilter.ip4 @@ -8,7 +8,7 @@ config ADK_KPACKAGE_KMOD_NF_CONNTRACK_IPV4 config ADK_KPACKAGE_KMOD_IP_NF_CT_ACCT bool 'Connection tracking flow accounting' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK + depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK help If this option is enabled, the connection tracking code will keep per-flow packet and byte counters. @@ -16,127 +16,6 @@ config ADK_KPACKAGE_KMOD_IP_NF_CT_ACCT Those counters can be used for flow-based accounting or the `connbytes' match. -config ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK_MARK - bool 'Connection mark tracking support' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - select ADK_KERNEL_IP_NF_MATCH_CONNMARK - help - This option enables support for connection marks, used by the - `CONNMARK' target and `connmark' match. Similar to the mark value - of packets, but this mark value is kept in the conntrack session - instead of the individual packets. - -config ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK_SECMARK - bool 'Connection tracking security mark support' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - #FIXME select NETWORK_SECMARK - help - This option enables security markings to be applied to - connections. Typically they are copied to connections from - packets using the CONNSECMARK target and copied back from - connections to packets with the same target, with the packets - being originally labeled via SECMARK. - -config ADK_KPACKAGE_KMOD_IP_NF_FTP - tristate 'FTP protocol support' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - help - Tracking FTP connections is problematic: special helpers are - required for tracking them, and doing masquerading and other forms - of Network Address Translation on them. - -config ADK_KPACKAGE_KMOD_IP_NF_IRC - tristate 'IRC protocol support' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - help - There is a commonly-used extension to IRC called - Direct Client-to-Client Protocol (DCC). This enables users to send - files to each other, and also chat to each other without the need - of a server. DCC Sending is used anywhere you send files over IRC, - and DCC Chat is most commonly used by Eggdrop bots. If you are - using NAT, this extension will enable you to send files and initiate - chats. Note that you do NOT need this extension to get files or - have others initiate chats, or everything else in IRC. - -config ADK_KPACKAGE_KMOD_IP_NF_NETBIOS_NS - tristate 'NetBIOS name service protocol support (EXPERIMENTAL)' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - help - NetBIOS name service requests are sent as broadcast messages from an - unprivileged port and responded to with unicast messages to the - same port. This make them hard to firewall properly because connection - tracking doesn't deal with broadcasts. This helper tracks locally - originating NetBIOS name service requests and the corresponding - responses. It relies on correct IP address configuration, specifically - netmask and broadcast address. When properly configured, the output - of "ip address show" should look similar to this: - - $ ip -4 address show eth0 - 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 - inet 172.16.2.252/24 brd 172.16.2.255 scope global eth0 - -config ADK_KPACKAGE_KMOD_IP_NF_TFTP - tristate 'TFTP protocol support' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - help - TFTP connection tracking helper, this is required depending - on how restrictive your ruleset is. - If you are using a tftp client behind -j SNAT or -j MASQUERADING - you will need this. - -config ADK_KPACKAGE_KMOD_IP_NF_AMANDA - tristate 'Amanda backup protocol support' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - #FIXME TEXTSEARCH && TEXTSEARCH_KMP - help - If you are running the Amanda backup package <http://www.amanda.org/> - on this machine or machines that will be MASQUERADED through this - machine, then you may want to enable this feature. This allows the - connection tracking and natting code to allow the sub-channels that - Amanda requires for communication of the backup data, messages and - index. - -config ADK_KPACKAGE_KMOD_IP_NF_PPTP - tristate 'PPTP protocol support' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - help - This module adds support for PPTP (Point to Point Tunnelling - Protocol, RFC2637) connection tracking and NAT. - - If you are running PPTP sessions over a stateful firewall or NAT - box, you may want to enable this feature. - - Please note that not all PPTP modes of operation are supported yet. - For more info, read top of the file - net/ipv4/netfilter/ip_conntrack_pptp.c - -config ADK_KPACKAGE_KMOD_IP_NF_H323 - tristate 'H.323 protocol support (EXPERIMENTAL)' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - help - H.323 is a VoIP signalling protocol from ITU-T. As one of the most - important VoIP protocols, it is widely used by voice hardware and - software including voice gateways, IP phones, Netmeeting, OpenPhone, - Gnomemeeting, etc. - - With this module you can support H.323 on a connection tracking/NAT - firewall. - - This module supports RAS, Fast Start, H.245 Tunnelling, Call - Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat, - whiteboard, file transfer, etc. For more information, please - visit http://nath323.sourceforge.net/. - -config ADK_KPACKAGE_KMOD_IP_NF_SIP - tristate 'SIP protocol support (EXPERIMENTAL)' - depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK - help - SIP is an application-layer control protocol that can establish, - modify, and terminate multimedia sessions (conferences) such as - Internet telephony calls. With the ip_conntrack_sip and - the ip_nat_sip modules you can support the protocol on a connection - tracking/NATing firewall. - config ADK_KPACKAGE_KMOD_IP_NF_IPTABLES tristate 'IP tables support (required for filtering/masq/NAT)' |