net/bridge/netfilter/Kconfig at v3.14-rc8

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / bridge / netfilter / Kconfig
at v3.14-rc8 225 lines 7.1 kB view raw
wrap content
  1#
  2# Bridge netfilter configuration
  3#
  4#
  5config NF_TABLES_BRIDGE
  6	depends on NF_TABLES
  7	tristate "Ethernet Bridge nf_tables support"
  8
  9menuconfig BRIDGE_NF_EBTABLES
 10	tristate "Ethernet Bridge tables (ebtables) support"
 11	depends on BRIDGE && NETFILTER
 12	select NETFILTER_XTABLES
 13	help
 14	  ebtables is a general, extensible frame/packet identification
 15	  framework. Say 'Y' or 'M' here if you want to do Ethernet
 16	  filtering/NAT/brouting on the Ethernet bridge.
 17
 18if BRIDGE_NF_EBTABLES
 19
 20#
 21# tables
 22#
 23config BRIDGE_EBT_BROUTE
 24	tristate "ebt: broute table support"
 25	help
 26	  The ebtables broute table is used to define rules that decide between
 27	  bridging and routing frames, giving Linux the functionality of a
 28	  brouter. See the man page for ebtables(8) and examples on the ebtables
 29	  website.
 30
 31	  To compile it as a module, choose M here.  If unsure, say N.
 32
 33config BRIDGE_EBT_T_FILTER
 34	tristate "ebt: filter table support"
 35	help
 36	  The ebtables filter table is used to define frame filtering rules at
 37	  local input, forwarding and local output. See the man page for
 38	  ebtables(8).
 39
 40	  To compile it as a module, choose M here.  If unsure, say N.
 41
 42config BRIDGE_EBT_T_NAT
 43	tristate "ebt: nat table support"
 44	help
 45	  The ebtables nat table is used to define rules that alter the MAC
 46	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
 47	  See the man page for ebtables(8).
 48
 49	  To compile it as a module, choose M here.  If unsure, say N.
 50#
 51# matches
 52#
 53config BRIDGE_EBT_802_3
 54	tristate "ebt: 802.3 filter support"
 55	help
 56	  This option adds matching support for 802.3 Ethernet frames.
 57
 58	  To compile it as a module, choose M here.  If unsure, say N.
 59
 60config BRIDGE_EBT_AMONG
 61	tristate "ebt: among filter support"
 62	help
 63	  This option adds the among match, which allows matching the MAC source
 64	  and/or destination address on a list of addresses. Optionally,
 65	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
 66
 67	  To compile it as a module, choose M here.  If unsure, say N.
 68
 69config BRIDGE_EBT_ARP
 70	tristate "ebt: ARP filter support"
 71	help
 72	  This option adds the ARP match, which allows ARP and RARP header field
 73	  filtering.
 74
 75	  To compile it as a module, choose M here.  If unsure, say N.
 76
 77config BRIDGE_EBT_IP
 78	tristate "ebt: IP filter support"
 79	help
 80	  This option adds the IP match, which allows basic IP header field
 81	  filtering.
 82
 83	  To compile it as a module, choose M here.  If unsure, say N.
 84
 85config BRIDGE_EBT_IP6
 86	tristate "ebt: IP6 filter support"
 87	depends on BRIDGE_NF_EBTABLES && IPV6
 88	help
 89	  This option adds the IP6 match, which allows basic IPV6 header field
 90	  filtering.
 91
 92	  To compile it as a module, choose M here.  If unsure, say N.
 93
 94config BRIDGE_EBT_LIMIT
 95	tristate "ebt: limit match support"
 96	help
 97	  This option adds the limit match, which allows you to control
 98	  the rate at which a rule can be matched. This match is the
 99	  equivalent of the iptables limit match.
100
101	  If you want to compile it as a module, say M here and read
102	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
103
104config BRIDGE_EBT_MARK
105	tristate "ebt: mark filter support"
106	help
107	  This option adds the mark match, which allows matching frames based on
108	  the 'nfmark' value in the frame. This can be set by the mark target.
109	  This value is the same as the one used in the iptables mark match and
110	  target.
111
112	  To compile it as a module, choose M here.  If unsure, say N.
113
114config BRIDGE_EBT_PKTTYPE
115	tristate "ebt: packet type filter support"
116	help
117	  This option adds the packet type match, which allows matching on the
118	  type of packet based on its Ethernet "class" (as determined by
119	  the generic networking code): broadcast, multicast,
120	  for this host alone or for another host.
121
122	  To compile it as a module, choose M here.  If unsure, say N.
123
124config BRIDGE_EBT_STP
125	tristate "ebt: STP filter support"
126	help
127	  This option adds the Spanning Tree Protocol match, which
128	  allows STP header field filtering.
129
130	  To compile it as a module, choose M here.  If unsure, say N.
131
132config BRIDGE_EBT_VLAN
133	tristate "ebt: 802.1Q VLAN filter support"
134	help
135	  This option adds the 802.1Q vlan match, which allows the filtering of
136	  802.1Q vlan fields.
137
138	  To compile it as a module, choose M here.  If unsure, say N.
139#
140# targets
141#
142config BRIDGE_EBT_ARPREPLY
143	tristate "ebt: arp reply target support"
144	depends on BRIDGE_NF_EBTABLES && INET
145	help
146	  This option adds the arp reply target, which allows
147	  automatically sending arp replies to arp requests.
148
149	  To compile it as a module, choose M here.  If unsure, say N.
150
151config BRIDGE_EBT_DNAT
152	tristate "ebt: dnat target support"
153	help
154	  This option adds the MAC DNAT target, which allows altering the MAC
155	  destination address of frames.
156
157	  To compile it as a module, choose M here.  If unsure, say N.
158
159config BRIDGE_EBT_MARK_T
160	tristate "ebt: mark target support"
161	help
162	  This option adds the mark target, which allows marking frames by
163	  setting the 'nfmark' value in the frame.
164	  This value is the same as the one used in the iptables mark match and
165	  target.
166
167	  To compile it as a module, choose M here.  If unsure, say N.
168
169config BRIDGE_EBT_REDIRECT
170	tristate "ebt: redirect target support"
171	help
172	  This option adds the MAC redirect target, which allows altering the MAC
173	  destination address of a frame to that of the device it arrived on.
174
175	  To compile it as a module, choose M here.  If unsure, say N.
176
177config BRIDGE_EBT_SNAT
178	tristate "ebt: snat target support"
179	help
180	  This option adds the MAC SNAT target, which allows altering the MAC
181	  source address of frames.
182
183	  To compile it as a module, choose M here.  If unsure, say N.
184#
185# watchers
186#
187config BRIDGE_EBT_LOG
188	tristate "ebt: log support"
189	help
190	  This option adds the log watcher, that you can use in any rule
191	  in any ebtables table. It records info about the frame header
192	  to the syslog.
193
194	  To compile it as a module, choose M here.  If unsure, say N.
195
196config BRIDGE_EBT_ULOG
197	tristate "ebt: ulog support (OBSOLETE)"
198	help
199	  This option enables the old bridge-specific "ebt_ulog" implementation
200	  which has been obsoleted by the new "nfnetlink_log" code (see
201	  CONFIG_NETFILTER_NETLINK_LOG).
202
203	  This option adds the ulog watcher, that you can use in any rule
204	  in any ebtables table. The packet is passed to a userspace
205	  logging daemon using netlink multicast sockets. This differs
206	  from the log watcher in the sense that the complete packet is
207	  sent to userspace instead of a descriptive text and that
208	  netlink multicast sockets are used instead of the syslog.
209
210	  To compile it as a module, choose M here.  If unsure, say N.
211
212config BRIDGE_EBT_NFLOG
213	tristate "ebt: nflog support"
214	help
215	  This option enables the nflog watcher, which allows to LOG
216	  messages through the netfilter logging API, which can use
217	  either the old LOG target, the old ULOG target or nfnetlink_log
218	  as backend.
219
220	  This option adds the nflog watcher, that you can use in any rule
221	  in any ebtables table.
222
223	  To compile it as a module, choose M here.  If unsure, say N.
224
225endif # BRIDGE_NF_EBTABLES