From 9bb871a0bb4c239239944d28bd4d5cfa19d84f62 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Sat, 3 Mar 2018 15:46:47 +0100 Subject: add support for waldux --- target/waldux/config/Config.in.netfilter.ebt | 218 +++++++++++++++++++++++++++ 1 file changed, 218 insertions(+) create mode 100644 target/waldux/config/Config.in.netfilter.ebt (limited to 'target/waldux/config/Config.in.netfilter.ebt') diff --git a/target/waldux/config/Config.in.netfilter.ebt b/target/waldux/config/Config.in.netfilter.ebt new file mode 100644 index 000000000..6b7c72fa5 --- /dev/null +++ b/target/waldux/config/Config.in.netfilter.ebt @@ -0,0 +1,218 @@ +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +config ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + tristate 'Ethernet Bridge tables support' + select ADK_WALDUX_KERNEL_BRIDGE_NETFILTER + default n + help + ebtables is a general, extensible frame/packet identification + framework. Say 'Y' or 'M' here if you want to do Ethernet + filtering/NAT/brouting on the Ethernet bridge. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_BROUTE + tristate "broute table support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + The ebtables broute table is used to define rules that decide between + bridging and routing frames, giving Linux the functionality of a + brouter. See the man page for ebtables(8) and examples on the ebtables + website. + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_T_FILTER + tristate "filter table support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + The ebtables filter table is used to define frame filtering rules at + local input, forwarding and local output. See the man page for + ebtables(8). + + To compile it as a module, choose M here. If unsure, say N. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_T_NAT + tristate "nat table support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + The ebtables nat table is used to define rules that alter the MAC + source address (MAC SNAT) or the MAC destination address (MAC DNAT). + See the man page for ebtables(8). + +# +# matches +# +config ADK_WALDUX_KERNEL_BRIDGE_EBT_802_3 + tristate "802.3 filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds matching support for 802.3 Ethernet frames. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_AMONG + tristate "among filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the among match, which allows matching the MAC source + and/or destination address on a list of addresses. Optionally, + MAC/IP address pairs can be matched, f.e. for anti-spoofing rules. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_ARP + tristate "ARP filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the ARP match, which allows ARP and RARP header field + filtering. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_IP + tristate "IP filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the IP match, which allows basic IP header field + filtering. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_IP6 + tristate "IP6 filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES && ADK_WALDUX_KERNEL_IPV6 + default n + help + This option adds the IP6 match, which allows basic IPV6 header field + filtering. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_LIMIT + tristate "limit match support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the limit match, which allows you to control + the rate at which a rule can be matched. This match is the + equivalent of the iptables limit match. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_MARK + tristate "mark filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the mark match, which allows matching frames based on + the 'nfmark' value in the frame. This can be set by the mark target. + This value is the same as the one used in the iptables mark match and + target. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_PKTTYPE + tristate "packet type filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the packet type match, which allows matching on the + type of packet based on its Ethernet "class" (as determined by + the generic networking code): broadcast, multicast, + for this host alone or for another host. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_STP + tristate "STP filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the Spanning Tree Protocol match, which + allows STP header field filtering. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_VLAN + tristate "802.1Q VLAN filter support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the 802.1Q vlan match, which allows the filtering of + 802.1Q vlan fields. + +# +# targets +# +config ADK_WALDUX_KERNEL_BRIDGE_EBT_ARPREPLY + tristate "arp reply target support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the arp reply target, which allows + automatically sending arp replies to arp requests. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_DNAT + tristate "dnat target support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the MAC DNAT target, which allows altering the MAC + destination address of frames. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_MARK_T + tristate "mark target support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the mark target, which allows marking frames by + setting the 'nfmark' value in the frame. + This value is the same as the one used in the iptables mark match and + target. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_REDIRECT + tristate "redirect target support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the MAC redirect target, which allows altering the MAC + destination address of a frame to that of the device it arrived on. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_SNAT + tristate "snat target support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the MAC SNAT target, which allows altering the MAC + source address of frames. + +# +# watchers +# +config ADK_WALDUX_KERNEL_BRIDGE_EBT_LOG + tristate "log support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option adds the log watcher, that you can use in any rule + in any ebtables table. It records info about the frame header + to the syslog. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_ULOG + tristate "ulog support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option enables the old bridge-specific "ebt_ulog" implementation + which has been obsoleted by the new "nfnetlink_log" code (see + CONFIG_NETFILTER_NETLINK_LOG). + + This option adds the ulog watcher, that you can use in any rule + in any ebtables table. The packet is passed to a userspace + logging daemon using netlink multicast sockets. This differs + from the log watcher in the sense that the complete packet is + sent to userspace instead of a descriptive text and that + netlink multicast sockets are used instead of the syslog. + +config ADK_WALDUX_KERNEL_BRIDGE_EBT_NFLOG + tristate "nflog support" + depends on ADK_WALDUX_KERNEL_BRIDGE_NF_EBTABLES + default n + help + This option enables the nflog watcher, which allows to LOG + messages through the netfilter logging API, which can use + either the old LOG target, the old ULOG target or nfnetlink_log + as backend. + + This option adds the nflog watcher, that you can use in any rule + in any ebtables table. + -- cgit v1.2.3