net/bridge/netfilter/Kconfig at v2.6.23-rc8

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / bridge / netfilter / Kconfig
at v2.6.23-rc8 215 lines 6.8 kB view raw
wrap content
  1#
  2# Bridge netfilter configuration
  3#
  4
  5menu "Bridge: Netfilter Configuration"
  6	depends on BRIDGE && NETFILTER
  7
  8config BRIDGE_NF_EBTABLES
  9	tristate "Ethernet Bridge tables (ebtables) support"
 10	help
 11	  ebtables is a general, extensible frame/packet identification
 12	  framework. Say 'Y' or 'M' here if you want to do Ethernet
 13	  filtering/NAT/brouting on the Ethernet bridge.
 14#
 15# tables
 16#
 17config BRIDGE_EBT_BROUTE
 18	tristate "ebt: broute table support"
 19	depends on BRIDGE_NF_EBTABLES
 20	help
 21	  The ebtables broute table is used to define rules that decide between
 22	  bridging and routing frames, giving Linux the functionality of a
 23	  brouter. See the man page for ebtables(8) and examples on the ebtables
 24	  website.
 25
 26	  To compile it as a module, choose M here.  If unsure, say N.
 27
 28config BRIDGE_EBT_T_FILTER
 29	tristate "ebt: filter table support"
 30	depends on BRIDGE_NF_EBTABLES
 31	help
 32	  The ebtables filter table is used to define frame filtering rules at
 33	  local input, forwarding and local output. See the man page for
 34	  ebtables(8).
 35
 36	  To compile it as a module, choose M here.  If unsure, say N.
 37
 38config BRIDGE_EBT_T_NAT
 39	tristate "ebt: nat table support"
 40	depends on BRIDGE_NF_EBTABLES
 41	help
 42	  The ebtables nat table is used to define rules that alter the MAC
 43	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
 44	  See the man page for ebtables(8).
 45
 46	  To compile it as a module, choose M here.  If unsure, say N.
 47#
 48# matches
 49#
 50config BRIDGE_EBT_802_3
 51	tristate "ebt: 802.3 filter support"
 52	depends on BRIDGE_NF_EBTABLES
 53	help
 54	  This option adds matching support for 802.3 Ethernet frames.
 55
 56	  To compile it as a module, choose M here.  If unsure, say N.
 57
 58config BRIDGE_EBT_AMONG
 59	tristate "ebt: among filter support"
 60	depends on BRIDGE_NF_EBTABLES
 61	help
 62	  This option adds the among match, which allows matching the MAC source
 63	  and/or destination address on a list of addresses. Optionally,
 64	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
 65
 66	  To compile it as a module, choose M here.  If unsure, say N.
 67
 68config BRIDGE_EBT_ARP
 69	tristate "ebt: ARP filter support"
 70	depends on BRIDGE_NF_EBTABLES
 71	help
 72	  This option adds the ARP match, which allows ARP and RARP header field
 73	  filtering.
 74
 75	  To compile it as a module, choose M here.  If unsure, say N.
 76
 77config BRIDGE_EBT_IP
 78	tristate "ebt: IP filter support"
 79	depends on BRIDGE_NF_EBTABLES
 80	help
 81	  This option adds the IP match, which allows basic IP header field
 82	  filtering.
 83
 84	  To compile it as a module, choose M here.  If unsure, say N.
 85
 86config BRIDGE_EBT_LIMIT
 87	tristate "ebt: limit match support"
 88	depends on BRIDGE_NF_EBTABLES
 89	help
 90	  This option adds the limit match, which allows you to control
 91	  the rate at which a rule can be matched. This match is the
 92	  equivalent of the iptables limit match.
 93
 94	  If you want to compile it as a module, say M here and read
 95	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
 96
 97config BRIDGE_EBT_MARK
 98	tristate "ebt: mark filter support"
 99	depends on BRIDGE_NF_EBTABLES
100	help
101	  This option adds the mark match, which allows matching frames based on
102	  the 'nfmark' value in the frame. This can be set by the mark target.
103	  This value is the same as the one used in the iptables mark match and
104	  target.
105
106	  To compile it as a module, choose M here.  If unsure, say N.
107
108config BRIDGE_EBT_PKTTYPE
109	tristate "ebt: packet type filter support"
110	depends on BRIDGE_NF_EBTABLES
111	help
112	  This option adds the packet type match, which allows matching on the
113	  type of packet based on its Ethernet "class" (as determined by
114	  the generic networking code): broadcast, multicast,
115	  for this host alone or for another host.
116
117	  To compile it as a module, choose M here.  If unsure, say N.
118
119config BRIDGE_EBT_STP
120	tristate "ebt: STP filter support"
121	depends on BRIDGE_NF_EBTABLES
122	help
123	  This option adds the Spanning Tree Protocol match, which
124	  allows STP header field filtering.
125
126	  To compile it as a module, choose M here.  If unsure, say N.
127
128config BRIDGE_EBT_VLAN
129	tristate "ebt: 802.1Q VLAN filter support"
130	depends on BRIDGE_NF_EBTABLES
131	help
132	  This option adds the 802.1Q vlan match, which allows the filtering of
133	  802.1Q vlan fields.
134
135	  To compile it as a module, choose M here.  If unsure, say N.
136#
137# targets
138#
139config BRIDGE_EBT_ARPREPLY
140	tristate "ebt: arp reply target support"
141	depends on BRIDGE_NF_EBTABLES && INET
142	help
143	  This option adds the arp reply target, which allows
144	  automatically sending arp replies to arp requests.
145
146	  To compile it as a module, choose M here.  If unsure, say N.
147
148config BRIDGE_EBT_DNAT
149	tristate "ebt: dnat target support"
150	depends on BRIDGE_NF_EBTABLES
151	help
152	  This option adds the MAC DNAT target, which allows altering the MAC
153	  destination address of frames.
154
155	  To compile it as a module, choose M here.  If unsure, say N.
156
157config BRIDGE_EBT_MARK_T
158	tristate "ebt: mark target support"
159	depends on BRIDGE_NF_EBTABLES
160	help
161	  This option adds the mark target, which allows marking frames by
162	  setting the 'nfmark' value in the frame.
163	  This value is the same as the one used in the iptables mark match and
164	  target.
165
166	  To compile it as a module, choose M here.  If unsure, say N.
167
168config BRIDGE_EBT_REDIRECT
169	tristate "ebt: redirect target support"
170	depends on BRIDGE_NF_EBTABLES
171	help
172	  This option adds the MAC redirect target, which allows altering the MAC
173	  destination address of a frame to that of the device it arrived on.
174
175	  To compile it as a module, choose M here.  If unsure, say N.
176
177config BRIDGE_EBT_SNAT
178	tristate "ebt: snat target support"
179	depends on BRIDGE_NF_EBTABLES
180	help
181	  This option adds the MAC SNAT target, which allows altering the MAC
182	  source address of frames.
183
184	  To compile it as a module, choose M here.  If unsure, say N.
185#
186# watchers
187#
188config BRIDGE_EBT_LOG
189	tristate "ebt: log support"
190	depends on BRIDGE_NF_EBTABLES
191	help
192	  This option adds the log watcher, that you can use in any rule
193	  in any ebtables table. It records info about the frame header
194	  to the syslog.
195
196	  To compile it as a module, choose M here.  If unsure, say N.
197
198config BRIDGE_EBT_ULOG
199	tristate "ebt: ulog support (OBSOLETE)"
200	depends on BRIDGE_NF_EBTABLES
201	help
202	  This option enables the old bridge-specific "ebt_ulog" implementation
203	  which has been obsoleted by the new "nfnetlink_log" code (see
204	  CONFIG_NETFILTER_NETLINK_LOG).
205
206	  This option adds the ulog watcher, that you can use in any rule
207	  in any ebtables table. The packet is passed to a userspace
208	  logging daemon using netlink multicast sockets. This differs
209	  from the log watcher in the sense that the complete packet is
210	  sent to userspace instead of a descriptive text and that
211	  netlink multicast sockets are used instead of the syslog.
212
213	  To compile it as a module, choose M here.  If unsure, say N.
214
215endmenu
Configure Feed

Configure Feed
