diff options
Diffstat (limited to 'target/linux/config/Config.in.netfilter.core')
| -rw-r--r-- | target/linux/config/Config.in.netfilter.core | 163 |
1 files changed, 76 insertions, 87 deletions
diff --git a/target/linux/config/Config.in.netfilter.core b/target/linux/config/Config.in.netfilter.core index d5665bbdc..5a42efd04 100644 --- a/target/linux/config/Config.in.netfilter.core +++ b/target/linux/config/Config.in.netfilter.core @@ -1,12 +1,5 @@ -config ADK_KERNEL_NETFILTER_NETLINK_LOG - tristate 'Netfilter LOG over NFNETLINK interface' - help - If this option is enabled, the kernel will include support - for logging packets via NFNETLINK. - config ADK_KERNEL_NF_CONNTRACK - prompt 'Netfilter connection tracking support' - tristate + tristate 'Netfilter connection tracking support' select ADK_KERNEL_NETFILTER_XTABLES default m if ADK_PACKAGE_IPTABLES default n @@ -18,64 +11,8 @@ config ADK_KERNEL_NF_CONNTRACK Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols. -config ADK_KERNEL_NETFILTER_XT_TARGET_CHECKSUM - tristate '"CHECKSUM" target support' - select ADK_KERNEL_IP_NF_IPTABLES - select ADK_KERNEL_NETFILTER_XTABLES - select ADK_KERNEL_IP_NF_MANGLE - select ADK_KERNEL_NETFILTER_ADVANCED - help - -config ADK_KERNEL_NETFILTER_XT_TARGET_CLASSIFY - tristate '"CLASSIFY" target support' - select ADK_KERNEL_NETFILTER_XTABLES - help - This option adds a `CLASSIFY' target, which enables the user to set - the priority of a packet. Some qdiscs can use this value for - classification, among these are: - - atm, cbq, dsmark, pfifo_fast, htb, prio - -config ADK_KERNEL_NETFILTER_XT_TARGET_CONNMARK - tristate '"CONNMARK" target support' - select ADK_KERNEL_NETFILTER_XTABLES - select ADK_KERNEL_NF_CONNTRACK - help - This option adds a `CONNMARK' target, which allows one to manipulate - the connection mark value. Similar to the MARK target, but - affects the connection mark value rather than the packet mark value. - -config ADK_KERNEL_NETFILTER_XT_TARGET_MARK - tristate '"MARK" target support' - select ADK_KERNEL_NETFILTER_XTABLES - help - This option adds a `MARK' target, which allows you to create rules - in the `mangle' table which alter the netfilter mark (nfmark) field - associated with the packet prior to routing. This can change - the routing method (see `Use netfilter MARK value as routing - key') and can also be used by other subsystems to change their - behavior. - -config ADK_KERNEL_NETFILTER_XT_TARGET_NFQUEUE - tristate '"NFQUEUE" target support' - select ADK_KERNEL_NETFILTER_XTABLES - help - This target replaced the old obsolete QUEUE target. - - As opposed to QUEUE, it supports 65535 different queues, - not just one. - -config ADK_KERNEL_NETFILTER_XT_TARGET_LOG - tristate 'LOG target support' - depends on ADK_KERNEL_IP_NF_FILTER - help - This option adds a `LOG' target, which allows you to create rules in - any iptables table which records the packet header to the syslog. - -config ADK_KERNEL_NETFILTER_XT_TARGET_TCPMSS - tristate 'TCPMSS target' - select ADK_KERNEL_NETFILTER_XTABLES - help +menu "Netfilter connection tracking support for special protocols" +depends on ADK_KERNEL_NF_CONNTRACK config ADK_KERNEL_NF_CONNTRACK_MARK bool 'Connection mark tracking support' @@ -106,12 +43,6 @@ config ADK_KERNEL_NF_CONNTRACK_FTP required for tracking them, and doing masquerading and other forms of Network Address Translation on them. -#config ADK_KERNEL_NF_CONNTRACK_RTSP -# tristate 'RTSP protocol support' -# depends on ADK_KERNEL_NF_CONNTRACK -# help -# Tracking RTSP connections might be required for IPTV. - config ADK_KERNEL_NF_CONNTRACK_IRC tristate 'IRC protocol support' depends on ADK_KERNEL_NF_CONNTRACK @@ -126,7 +57,7 @@ config ADK_KERNEL_NF_CONNTRACK_IRC have others initiate chats, or everything else in IRC. config ADK_KERNEL_NF_CONNTRACK_NETBIOS_NS - tristate 'NetBIOS name service protocol support (EXPERIMENTAL)' + tristate 'NetBIOS name service protocol support' depends on ADK_KERNEL_NF_CONNTRACK help NetBIOS name service requests are sent as broadcast messages from an @@ -151,18 +82,6 @@ config ADK_KERNEL_NF_CONNTRACK_TFTP If you are using a tftp client behind -j SNAT or -j MASQUERADING you will need this. -#config ADK_KERNEL_NF_CONNTRACK_AMANDA -# tristate 'Amanda backup protocol support' -# depends on ADK_KERNEL_NF_CONNTRACK -# #FIXME TEXTSEARCH && TEXTSEARCH_KMP -# help -# If you are running the Amanda backup package <http://www.amanda.org/> -# on this machine or machines that will be MASQUERADED through this -# machine, then you may want to enable this feature. This allows the -# connection tracking and natting code to allow the sub-channels that -# Amanda requires for communication of the backup data, messages and -# index. - config ADK_KERNEL_NF_CONNTRACK_PPTP tristate 'PPTP protocol support' depends on ADK_KERNEL_NF_CONNTRACK @@ -178,7 +97,7 @@ config ADK_KERNEL_NF_CONNTRACK_PPTP net/ipv4/netfilter/ip_conntrack_pptp.c config ADK_KERNEL_NF_CONNTRACK_H323 - tristate 'H.323 protocol support (EXPERIMENTAL)' + tristate 'H.323 protocol support' depends on ADK_KERNEL_NF_CONNTRACK help H.323 is a VoIP signalling protocol from ITU-T. As one of the most @@ -195,7 +114,7 @@ config ADK_KERNEL_NF_CONNTRACK_H323 visit http://nath323.sourceforge.net/. config ADK_KERNEL_NF_CONNTRACK_SIP - tristate 'SIP protocol support (EXPERIMENTAL)' + tristate 'SIP protocol support' depends on ADK_KERNEL_NF_CONNTRACK help SIP is an application-layer control protocol that can establish, @@ -204,3 +123,73 @@ config ADK_KERNEL_NF_CONNTRACK_SIP the ip_nat_sip modules you can support the protocol on a connection tracking/NATing firewall. +endmenu + +config ADK_KERNEL_NETFILTER_NETLINK_LOG + tristate 'Netfilter LOG over NFNETLINK interface' + help + If this option is enabled, the kernel will include support + for logging packets via NFNETLINK. + +menu "Netfilter target support" + +config ADK_KERNEL_NETFILTER_XT_TARGET_CHECKSUM + tristate '"CHECKSUM" target support' + select ADK_KERNEL_IP_NF_IPTABLES + select ADK_KERNEL_NETFILTER_XTABLES + select ADK_KERNEL_IP_NF_MANGLE + select ADK_KERNEL_NETFILTER_ADVANCED + help + +config ADK_KERNEL_NETFILTER_XT_TARGET_CLASSIFY + tristate '"CLASSIFY" target support' + select ADK_KERNEL_NETFILTER_XTABLES + help + This option adds a `CLASSIFY' target, which enables the user to set + the priority of a packet. Some qdiscs can use this value for + classification, among these are: + + atm, cbq, dsmark, pfifo_fast, htb, prio + +config ADK_KERNEL_NETFILTER_XT_TARGET_CONNMARK + tristate '"CONNMARK" target support' + select ADK_KERNEL_NETFILTER_XTABLES + select ADK_KERNEL_NF_CONNTRACK + help + This option adds a `CONNMARK' target, which allows one to manipulate + the connection mark value. Similar to the MARK target, but + affects the connection mark value rather than the packet mark value. + +config ADK_KERNEL_NETFILTER_XT_TARGET_MARK + tristate '"MARK" target support' + select ADK_KERNEL_NETFILTER_XTABLES + help + This option adds a `MARK' target, which allows you to create rules + in the `mangle' table which alter the netfilter mark (nfmark) field + associated with the packet prior to routing. This can change + the routing method (see `Use netfilter MARK value as routing + key') and can also be used by other subsystems to change their + behavior. + +config ADK_KERNEL_NETFILTER_XT_TARGET_NFQUEUE + tristate '"NFQUEUE" target support' + select ADK_KERNEL_NETFILTER_XTABLES + help + This target replaced the old obsolete QUEUE target. + + As opposed to QUEUE, it supports 65535 different queues, + not just one. + +config ADK_KERNEL_NETFILTER_XT_TARGET_LOG + tristate '"LOG" target support' + depends on ADK_KERNEL_IP_NF_FILTER + help + This option adds a `LOG' target, which allows you to create rules in + any iptables table which records the packet header to the syslog. + +config ADK_KERNEL_NETFILTER_XT_TARGET_TCPMSS + tristate '"TCPMSS" target support' + select ADK_KERNEL_NETFILTER_XTABLES + help + +endmenu |