net/bridge/netfilter/Kconfig at v4.14-rc1

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / bridge / netfilter / Kconfig
at v4.14-rc1 228 lines 6.9 kB view raw
wrap content
  1#
  2# Bridge netfilter configuration
  3#
  4#
  5menuconfig NF_TABLES_BRIDGE
  6	depends on BRIDGE && NETFILTER && NF_TABLES
  7	tristate "Ethernet Bridge nf_tables support"
  8
  9if NF_TABLES_BRIDGE
 10
 11config NFT_BRIDGE_META
 12	tristate "Netfilter nf_table bridge meta support"
 13	depends on NFT_META
 14	help
 15	  Add support for bridge dedicated meta key.
 16
 17config NFT_BRIDGE_REJECT
 18	tristate "Netfilter nf_tables bridge reject support"
 19	depends on NFT_REJECT && NFT_REJECT_IPV4 && NFT_REJECT_IPV6
 20	help
 21	  Add support to reject packets.
 22
 23config NF_LOG_BRIDGE
 24	tristate "Bridge packet logging"
 25	select NF_LOG_COMMON
 26
 27endif # NF_TABLES_BRIDGE
 28
 29menuconfig BRIDGE_NF_EBTABLES
 30	tristate "Ethernet Bridge tables (ebtables) support"
 31	depends on BRIDGE && NETFILTER && NETFILTER_XTABLES
 32	help
 33	  ebtables is a general, extensible frame/packet identification
 34	  framework. Say 'Y' or 'M' here if you want to do Ethernet
 35	  filtering/NAT/brouting on the Ethernet bridge.
 36
 37if BRIDGE_NF_EBTABLES
 38
 39#
 40# tables
 41#
 42config BRIDGE_EBT_BROUTE
 43	tristate "ebt: broute table support"
 44	help
 45	  The ebtables broute table is used to define rules that decide between
 46	  bridging and routing frames, giving Linux the functionality of a
 47	  brouter. See the man page for ebtables(8) and examples on the ebtables
 48	  website.
 49
 50	  To compile it as a module, choose M here.  If unsure, say N.
 51
 52config BRIDGE_EBT_T_FILTER
 53	tristate "ebt: filter table support"
 54	help
 55	  The ebtables filter table is used to define frame filtering rules at
 56	  local input, forwarding and local output. See the man page for
 57	  ebtables(8).
 58
 59	  To compile it as a module, choose M here.  If unsure, say N.
 60
 61config BRIDGE_EBT_T_NAT
 62	tristate "ebt: nat table support"
 63	help
 64	  The ebtables nat table is used to define rules that alter the MAC
 65	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
 66	  See the man page for ebtables(8).
 67
 68	  To compile it as a module, choose M here.  If unsure, say N.
 69#
 70# matches
 71#
 72config BRIDGE_EBT_802_3
 73	tristate "ebt: 802.3 filter support"
 74	help
 75	  This option adds matching support for 802.3 Ethernet frames.
 76
 77	  To compile it as a module, choose M here.  If unsure, say N.
 78
 79config BRIDGE_EBT_AMONG
 80	tristate "ebt: among filter support"
 81	help
 82	  This option adds the among match, which allows matching the MAC source
 83	  and/or destination address on a list of addresses. Optionally,
 84	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
 85
 86	  To compile it as a module, choose M here.  If unsure, say N.
 87
 88config BRIDGE_EBT_ARP
 89	tristate "ebt: ARP filter support"
 90	help
 91	  This option adds the ARP match, which allows ARP and RARP header field
 92	  filtering.
 93
 94	  To compile it as a module, choose M here.  If unsure, say N.
 95
 96config BRIDGE_EBT_IP
 97	tristate "ebt: IP filter support"
 98	help
 99	  This option adds the IP match, which allows basic IP header field
100	  filtering.
101
102	  To compile it as a module, choose M here.  If unsure, say N.
103
104config BRIDGE_EBT_IP6
105	tristate "ebt: IP6 filter support"
106	depends on BRIDGE_NF_EBTABLES && IPV6
107	help
108	  This option adds the IP6 match, which allows basic IPV6 header field
109	  filtering.
110
111	  To compile it as a module, choose M here.  If unsure, say N.
112
113config BRIDGE_EBT_LIMIT
114	tristate "ebt: limit match support"
115	help
116	  This option adds the limit match, which allows you to control
117	  the rate at which a rule can be matched. This match is the
118	  equivalent of the iptables limit match.
119
120	  If you want to compile it as a module, say M here and read
121	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
122
123config BRIDGE_EBT_MARK
124	tristate "ebt: mark filter support"
125	help
126	  This option adds the mark match, which allows matching frames based on
127	  the 'nfmark' value in the frame. This can be set by the mark target.
128	  This value is the same as the one used in the iptables mark match and
129	  target.
130
131	  To compile it as a module, choose M here.  If unsure, say N.
132
133config BRIDGE_EBT_PKTTYPE
134	tristate "ebt: packet type filter support"
135	help
136	  This option adds the packet type match, which allows matching on the
137	  type of packet based on its Ethernet "class" (as determined by
138	  the generic networking code): broadcast, multicast,
139	  for this host alone or for another host.
140
141	  To compile it as a module, choose M here.  If unsure, say N.
142
143config BRIDGE_EBT_STP
144	tristate "ebt: STP filter support"
145	help
146	  This option adds the Spanning Tree Protocol match, which
147	  allows STP header field filtering.
148
149	  To compile it as a module, choose M here.  If unsure, say N.
150
151config BRIDGE_EBT_VLAN
152	tristate "ebt: 802.1Q VLAN filter support"
153	help
154	  This option adds the 802.1Q vlan match, which allows the filtering of
155	  802.1Q vlan fields.
156
157	  To compile it as a module, choose M here.  If unsure, say N.
158#
159# targets
160#
161config BRIDGE_EBT_ARPREPLY
162	tristate "ebt: arp reply target support"
163	depends on BRIDGE_NF_EBTABLES && INET
164	help
165	  This option adds the arp reply target, which allows
166	  automatically sending arp replies to arp requests.
167
168	  To compile it as a module, choose M here.  If unsure, say N.
169
170config BRIDGE_EBT_DNAT
171	tristate "ebt: dnat target support"
172	help
173	  This option adds the MAC DNAT target, which allows altering the MAC
174	  destination address of frames.
175
176	  To compile it as a module, choose M here.  If unsure, say N.
177
178config BRIDGE_EBT_MARK_T
179	tristate "ebt: mark target support"
180	help
181	  This option adds the mark target, which allows marking frames by
182	  setting the 'nfmark' value in the frame.
183	  This value is the same as the one used in the iptables mark match and
184	  target.
185
186	  To compile it as a module, choose M here.  If unsure, say N.
187
188config BRIDGE_EBT_REDIRECT
189	tristate "ebt: redirect target support"
190	help
191	  This option adds the MAC redirect target, which allows altering the MAC
192	  destination address of a frame to that of the device it arrived on.
193
194	  To compile it as a module, choose M here.  If unsure, say N.
195
196config BRIDGE_EBT_SNAT
197	tristate "ebt: snat target support"
198	help
199	  This option adds the MAC SNAT target, which allows altering the MAC
200	  source address of frames.
201
202	  To compile it as a module, choose M here.  If unsure, say N.
203#
204# watchers
205#
206config BRIDGE_EBT_LOG
207	tristate "ebt: log support"
208	help
209	  This option adds the log watcher, that you can use in any rule
210	  in any ebtables table. It records info about the frame header
211	  to the syslog.
212
213	  To compile it as a module, choose M here.  If unsure, say N.
214
215config BRIDGE_EBT_NFLOG
216	tristate "ebt: nflog support"
217	help
218	  This option enables the nflog watcher, which allows to LOG
219	  messages through the netfilter logging API, which can use
220	  either the old LOG target, the old ULOG target or nfnetlink_log
221	  as backend.
222
223	  This option adds the nflog watcher, that you can use in any rule
224	  in any ebtables table.
225
226	  To compile it as a module, choose M here.  If unsure, say N.
227
228endif # BRIDGE_NF_EBTABLES