99 lines
3.3 KiB
Plaintext
99 lines
3.3 KiB
Plaintext
menu "Core Netfilter Configuration"
|
|
depends on NET && NETFILTER
|
|
|
|
config NETFILTER_NETLINK
|
|
tristate "Netfilter netlink interface"
|
|
help
|
|
If this option is enabled, the kernel will include support
|
|
for the new netfilter netlink interface.
|
|
|
|
config NETFILTER_NETLINK_QUEUE
|
|
tristate "Netfilter NFQUEUE over NFNETLINK interface"
|
|
depends on NETFILTER_NETLINK
|
|
help
|
|
If this option isenabled, the kernel will include support
|
|
for queueing packets via NFNETLINK.
|
|
|
|
config NETFILTER_NETLINK_LOG
|
|
tristate "Netfilter LOG over NFNETLINK interface"
|
|
depends on NETFILTER_NETLINK
|
|
help
|
|
If this option is enabled, the kernel will include support
|
|
for logging packets via NFNETLINK.
|
|
|
|
This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms,
|
|
and is also scheduled to replace the old syslog-based ipt_LOG
|
|
and ip6t_LOG modules.
|
|
|
|
config NF_CONNTRACK
|
|
tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)"
|
|
depends on EXPERIMENTAL && IP_NF_CONNTRACK=n
|
|
default n
|
|
---help---
|
|
Connection tracking keeps a record of what packets have passed
|
|
through your machine, in order to figure out how they are related
|
|
into connections.
|
|
|
|
Layer 3 independent connection tracking is experimental scheme
|
|
which generalize ip_conntrack to support other layer 3 protocols.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config NF_CT_ACCT
|
|
bool "Connection tracking flow accounting"
|
|
depends on NF_CONNTRACK
|
|
help
|
|
If this option is enabled, the connection tracking code will
|
|
keep per-flow packet and byte counters.
|
|
|
|
Those counters can be used for flow-based accounting or the
|
|
`connbytes' match.
|
|
|
|
If unsure, say `N'.
|
|
|
|
config NF_CONNTRACK_MARK
|
|
bool 'Connection mark tracking support'
|
|
depends on NF_CONNTRACK
|
|
help
|
|
This option enables support for connection marks, used by the
|
|
`CONNMARK' target and `connmark' match. Similar to the mark value
|
|
of packets, but this mark value is kept in the conntrack session
|
|
instead of the individual packets.
|
|
|
|
config NF_CONNTRACK_EVENTS
|
|
bool "Connection tracking events"
|
|
depends on NF_CONNTRACK
|
|
help
|
|
If this option is enabled, the connection tracking code will
|
|
provide a notifier chain that can be used by other kernel code
|
|
to get notified aboutchanges in the connection tracking state.
|
|
|
|
If unsure, say `N'.
|
|
|
|
config NF_CT_PROTO_SCTP
|
|
tristate 'SCTP protocol on new connection tracking support (EXPERIMENTAL)'
|
|
depends on EXPERIMENTAL && NF_CONNTRACK
|
|
default n
|
|
help
|
|
With this option enabled, the layer 3 independent connection
|
|
tracking code will be able to do state tracking on SCTP connections.
|
|
|
|
If you want to compile it as a module, say M here and read
|
|
Documentation/modules.txt. If unsure, say `N'.
|
|
|
|
config NF_CONNTRACK_FTP
|
|
tristate "FTP support on new connection tracking (EXPERIMENTAL)"
|
|
depends on EXPERIMENTAL && NF_CONNTRACK
|
|
help
|
|
Tracking FTP connections is problematic: special helpers are
|
|
required for tracking them, and doing masquerading and other forms
|
|
of Network Address Translation on them.
|
|
|
|
This is FTP support on Layer 3 independent connection tracking.
|
|
Layer 3 independent connection tracking is experimental scheme
|
|
which generalize ip_conntrack to support other layer 3 protocols.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
endmenu
|