diff -Nur linux-3.7.3.orig/net/Kconfig linux-3.7.3/net/Kconfig
--- linux-3.7.3.orig/net/Kconfig	2013-01-17 17:47:40.000000000 +0100
+++ linux-3.7.3/net/Kconfig	2013-01-19 18:19:55.000000000 +0100
@@ -163,7 +163,7 @@
 config NETFILTER_ADVANCED
 	bool "Advanced netfilter configuration"
 	depends on NETFILTER
-	default y
+	default n
 	help
 	  If you say Y here you can select between all the netfilter modules.
 	  If you say N the more unusual ones will not be shown and the
@@ -175,7 +175,7 @@
 	bool "Bridged IP/ARP packets filtering"
 	depends on BRIDGE && NETFILTER && INET
 	depends on NETFILTER_ADVANCED
-	default y
+	default n
 	---help---
 	  Enabling this option will let arptables resp. iptables see bridged
 	  ARP resp. IP traffic. If you want a bridging firewall, you probably
diff -Nur linux-3.7.3.orig/net/netfilter/Kconfig linux-3.7.3/net/netfilter/Kconfig
--- linux-3.7.3.orig/net/netfilter/Kconfig	2013-01-17 17:47:40.000000000 +0100
+++ linux-3.7.3/net/netfilter/Kconfig	2013-01-19 18:21:41.000000000 +0100
@@ -22,7 +22,6 @@
 	  
 config NETFILTER_NETLINK_LOG
 	tristate "Netfilter LOG over NFNETLINK interface"
-	default m if NETFILTER_ADVANCED=n
 	select NETFILTER_NETLINK
 	help
 	  If this option is enabled, the kernel will include support
@@ -34,7 +33,6 @@
 
 config NF_CONNTRACK
 	tristate "Netfilter connection tracking support"
-	default m if NETFILTER_ADVANCED=n
 	help
 	  Connection tracking keeps a record of what packets have passed
 	  through your machine, in order to figure out how they are related
@@ -60,7 +58,6 @@
 config NF_CONNTRACK_SECMARK
 	bool  'Connection tracking security mark support'
 	depends on NETWORK_SECMARK
-	default m if NETFILTER_ADVANCED=n
 	help
 	  This option enables security markings to be applied to
 	  connections.  Typically they are copied to connections from
@@ -177,7 +174,6 @@
 
 config NF_CONNTRACK_FTP
 	tristate "FTP protocol support"
-	default m if NETFILTER_ADVANCED=n
 	help
 	  Tracking FTP connections is problematic: special helpers are
 	  required for tracking them, and doing masquerading and other forms
@@ -211,7 +207,6 @@
 
 config NF_CONNTRACK_IRC
 	tristate "IRC protocol support"
-	default m if NETFILTER_ADVANCED=n
 	help
 	  There is a commonly-used extension to IRC called
 	  Direct Client-to-Client Protocol (DCC).  This enables users to send
@@ -296,7 +291,6 @@
 
 config NF_CONNTRACK_SIP
 	tristate "SIP protocol support"
-	default m if NETFILTER_ADVANCED=n
 	help
 	  SIP is an application-layer control protocol that can establish,
 	  modify, and terminate multimedia sessions (conferences) such as
@@ -320,7 +314,6 @@
 config NF_CT_NETLINK
 	tristate 'Connection tracking netlink interface'
 	select NETFILTER_NETLINK
-	default m if NETFILTER_ADVANCED=n
 	help
 	  This option enables support for a netlink-based userspace interface
 
@@ -424,7 +417,6 @@
 
 config NETFILTER_XTABLES
 	tristate "Netfilter Xtables support (required for ip_tables)"
-	default m if NETFILTER_ADVANCED=n
 	help
 	  This is required if you intend to use any of ip_tables,
 	  ip6_tables or arp_tables.
@@ -435,7 +427,6 @@
 
 config NETFILTER_XT_MARK
 	tristate 'nfmark target and match support'
-	default m if NETFILTER_ADVANCED=n
 	---help---
 	This option adds the "MARK" target and "mark" match.
 
@@ -527,7 +518,6 @@
 config NETFILTER_XT_TARGET_CONNSECMARK
 	tristate '"CONNSECMARK" target support'
 	depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK
-	default m if NETFILTER_ADVANCED=n
 	help
 	  The CONNSECMARK target copies security markings from packets
 	  to connections, and restores security markings from connections
@@ -632,7 +622,6 @@
 
 config NETFILTER_XT_TARGET_LOG
 	tristate "LOG target support"
-	default m if NETFILTER_ADVANCED=n
 	help
 	  This option adds a `LOG' target, which allows you to create rules in
 	  any iptables table which records the packet header to the syslog.
@@ -660,7 +649,6 @@
 
 config NETFILTER_XT_TARGET_NFLOG
 	tristate '"NFLOG" target support'
-	default m if NETFILTER_ADVANCED=n
 	select NETFILTER_NETLINK_LOG
 	help
 	  This option enables the NFLOG target, which allows to LOG
@@ -741,7 +729,6 @@
 config NETFILTER_XT_TARGET_SECMARK
 	tristate '"SECMARK" target support'
 	depends on NETWORK_SECMARK
-	default m if NETFILTER_ADVANCED=n
 	help
 	  The SECMARK target allows security marking of network
 	  packets, for use with security subsystems.
@@ -751,7 +738,6 @@
 config NETFILTER_XT_TARGET_TCPMSS
 	tristate '"TCPMSS" target support'
 	depends on (IPV6 || IPV6=n)
-	default m if NETFILTER_ADVANCED=n
 	---help---
 	  This option adds a `TCPMSS' target, which allows you to alter the
 	  MSS value of TCP SYN packets, to control the maximum size for that
@@ -856,7 +842,6 @@
 config NETFILTER_XT_MATCH_CONNTRACK
 	tristate '"conntrack" connection tracking match support'
 	depends on NF_CONNTRACK
-	default m if NETFILTER_ADVANCED=n
 	help
 	  This is a general conntrack match module, a superset of the state match.
 
@@ -1063,7 +1048,6 @@
 config NETFILTER_XT_MATCH_POLICY
 	tristate 'IPsec "policy" match support'
 	depends on XFRM
-	default m if NETFILTER_ADVANCED=n
 	help
 	  Policy matching allows you to match packets based on the
 	  IPsec policy that was used during decapsulation/will
@@ -1170,7 +1154,6 @@
 config NETFILTER_XT_MATCH_STATE
 	tristate '"state" match support'
 	depends on NF_CONNTRACK
-	default m if NETFILTER_ADVANCED=n
 	help
 	  Connection state matching allows you to match packets based on their
 	  relationship to a tracked connection (ie. previous packets).  This