net/bridge/netfilter/Kconfig at v5.2

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / bridge / netfilter / Kconfig
at v5.2 224 lines 6.8 kB view raw
wrap content
  1# SPDX-License-Identifier: GPL-2.0-only
  2#
  3# Bridge netfilter configuration
  4#
  5#
  6menuconfig NF_TABLES_BRIDGE
  7	depends on BRIDGE && NETFILTER && NF_TABLES
  8	select NETFILTER_FAMILY_BRIDGE
  9	bool "Ethernet Bridge nf_tables support"
 10
 11if NF_TABLES_BRIDGE
 12config NFT_BRIDGE_REJECT
 13	tristate "Netfilter nf_tables bridge reject support"
 14	depends on NFT_REJECT && NFT_REJECT_IPV4 && NFT_REJECT_IPV6
 15	help
 16	  Add support to reject packets.
 17
 18config NF_LOG_BRIDGE
 19	tristate "Bridge packet logging"
 20	select NF_LOG_COMMON
 21
 22endif # NF_TABLES_BRIDGE
 23
 24menuconfig BRIDGE_NF_EBTABLES
 25	tristate "Ethernet Bridge tables (ebtables) support"
 26	depends on BRIDGE && NETFILTER && NETFILTER_XTABLES
 27	select NETFILTER_FAMILY_BRIDGE
 28	help
 29	  ebtables is a general, extensible frame/packet identification
 30	  framework. Say 'Y' or 'M' here if you want to do Ethernet
 31	  filtering/NAT/brouting on the Ethernet bridge.
 32
 33if BRIDGE_NF_EBTABLES
 34
 35#
 36# tables
 37#
 38config BRIDGE_EBT_BROUTE
 39	tristate "ebt: broute table support"
 40	help
 41	  The ebtables broute table is used to define rules that decide between
 42	  bridging and routing frames, giving Linux the functionality of a
 43	  brouter. See the man page for ebtables(8) and examples on the ebtables
 44	  website.
 45
 46	  To compile it as a module, choose M here.  If unsure, say N.
 47
 48config BRIDGE_EBT_T_FILTER
 49	tristate "ebt: filter table support"
 50	help
 51	  The ebtables filter table is used to define frame filtering rules at
 52	  local input, forwarding and local output. See the man page for
 53	  ebtables(8).
 54
 55	  To compile it as a module, choose M here.  If unsure, say N.
 56
 57config BRIDGE_EBT_T_NAT
 58	tristate "ebt: nat table support"
 59	help
 60	  The ebtables nat table is used to define rules that alter the MAC
 61	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
 62	  See the man page for ebtables(8).
 63
 64	  To compile it as a module, choose M here.  If unsure, say N.
 65#
 66# matches
 67#
 68config BRIDGE_EBT_802_3
 69	tristate "ebt: 802.3 filter support"
 70	help
 71	  This option adds matching support for 802.3 Ethernet frames.
 72
 73	  To compile it as a module, choose M here.  If unsure, say N.
 74
 75config BRIDGE_EBT_AMONG
 76	tristate "ebt: among filter support"
 77	help
 78	  This option adds the among match, which allows matching the MAC source
 79	  and/or destination address on a list of addresses. Optionally,
 80	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
 81
 82	  To compile it as a module, choose M here.  If unsure, say N.
 83
 84config BRIDGE_EBT_ARP
 85	tristate "ebt: ARP filter support"
 86	help
 87	  This option adds the ARP match, which allows ARP and RARP header field
 88	  filtering.
 89
 90	  To compile it as a module, choose M here.  If unsure, say N.
 91
 92config BRIDGE_EBT_IP
 93	tristate "ebt: IP filter support"
 94	help
 95	  This option adds the IP match, which allows basic IP header field
 96	  filtering.
 97
 98	  To compile it as a module, choose M here.  If unsure, say N.
 99
100config BRIDGE_EBT_IP6
101	tristate "ebt: IP6 filter support"
102	depends on BRIDGE_NF_EBTABLES && IPV6
103	help
104	  This option adds the IP6 match, which allows basic IPV6 header field
105	  filtering.
106
107	  To compile it as a module, choose M here.  If unsure, say N.
108
109config BRIDGE_EBT_LIMIT
110	tristate "ebt: limit match support"
111	help
112	  This option adds the limit match, which allows you to control
113	  the rate at which a rule can be matched. This match is the
114	  equivalent of the iptables limit match.
115
116	  If you want to compile it as a module, say M here and read
117	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
118
119config BRIDGE_EBT_MARK
120	tristate "ebt: mark filter support"
121	help
122	  This option adds the mark match, which allows matching frames based on
123	  the 'nfmark' value in the frame. This can be set by the mark target.
124	  This value is the same as the one used in the iptables mark match and
125	  target.
126
127	  To compile it as a module, choose M here.  If unsure, say N.
128
129config BRIDGE_EBT_PKTTYPE
130	tristate "ebt: packet type filter support"
131	help
132	  This option adds the packet type match, which allows matching on the
133	  type of packet based on its Ethernet "class" (as determined by
134	  the generic networking code): broadcast, multicast,
135	  for this host alone or for another host.
136
137	  To compile it as a module, choose M here.  If unsure, say N.
138
139config BRIDGE_EBT_STP
140	tristate "ebt: STP filter support"
141	help
142	  This option adds the Spanning Tree Protocol match, which
143	  allows STP header field filtering.
144
145	  To compile it as a module, choose M here.  If unsure, say N.
146
147config BRIDGE_EBT_VLAN
148	tristate "ebt: 802.1Q VLAN filter support"
149	help
150	  This option adds the 802.1Q vlan match, which allows the filtering of
151	  802.1Q vlan fields.
152
153	  To compile it as a module, choose M here.  If unsure, say N.
154#
155# targets
156#
157config BRIDGE_EBT_ARPREPLY
158	tristate "ebt: arp reply target support"
159	depends on BRIDGE_NF_EBTABLES && INET
160	help
161	  This option adds the arp reply target, which allows
162	  automatically sending arp replies to arp requests.
163
164	  To compile it as a module, choose M here.  If unsure, say N.
165
166config BRIDGE_EBT_DNAT
167	tristate "ebt: dnat target support"
168	help
169	  This option adds the MAC DNAT target, which allows altering the MAC
170	  destination address of frames.
171
172	  To compile it as a module, choose M here.  If unsure, say N.
173
174config BRIDGE_EBT_MARK_T
175	tristate "ebt: mark target support"
176	help
177	  This option adds the mark target, which allows marking frames by
178	  setting the 'nfmark' value in the frame.
179	  This value is the same as the one used in the iptables mark match and
180	  target.
181
182	  To compile it as a module, choose M here.  If unsure, say N.
183
184config BRIDGE_EBT_REDIRECT
185	tristate "ebt: redirect target support"
186	help
187	  This option adds the MAC redirect target, which allows altering the MAC
188	  destination address of a frame to that of the device it arrived on.
189
190	  To compile it as a module, choose M here.  If unsure, say N.
191
192config BRIDGE_EBT_SNAT
193	tristate "ebt: snat target support"
194	help
195	  This option adds the MAC SNAT target, which allows altering the MAC
196	  source address of frames.
197
198	  To compile it as a module, choose M here.  If unsure, say N.
199#
200# watchers
201#
202config BRIDGE_EBT_LOG
203	tristate "ebt: log support"
204	help
205	  This option adds the log watcher, that you can use in any rule
206	  in any ebtables table. It records info about the frame header
207	  to the syslog.
208
209	  To compile it as a module, choose M here.  If unsure, say N.
210
211config BRIDGE_EBT_NFLOG
212	tristate "ebt: nflog support"
213	help
214	  This option enables the nflog watcher, which allows to LOG
215	  messages through the netfilter logging API, which can use
216	  either the old LOG target, the old ULOG target or nfnetlink_log
217	  as backend.
218
219	  This option adds the nflog watcher, that you can use in any rule
220	  in any ebtables table.
221
222	  To compile it as a module, choose M here.  If unsure, say N.
223
224endif # BRIDGE_NF_EBTABLES
Configure Feed

Configure Feed
