openadk/target/linux/config/Config.in.netfilter.ip4

config ADK_KPACKAGE_KMOD_NF_CONNTRACK_IPV4
	bool 'IPv4 connection tracking support (required for NAT)'
	select ADK_KPACKAGE_KMOD_NF_CONNTRACK
	help
	  Connection tracking keeps a record of what packets have passed
	  through your machine, in order to figure out how they are related
	  into connections.

config ADK_KPACKAGE_KMOD_IP_NF_CT_ACCT
	bool 'Connection tracking flow accounting'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  If this option is enabled, the connection tracking code will
	  keep per-flow packet and byte counters.

	  Those counters can be used for flow-based accounting or the
	  `connbytes' match.

config ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK_MARK
	bool 'Connection mark tracking support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	select ADK_KERNEL_IP_NF_MATCH_CONNMARK
	help
	  This option enables support for connection marks, used by the
	  `CONNMARK' target and `connmark' match. Similar to the mark value
	  of packets, but this mark value is kept in the conntrack session
	  instead of the individual packets.

config ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK_SECMARK
	bool 'Connection tracking security mark support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	#FIXME select NETWORK_SECMARK
	help
	  This option enables security markings to be applied to
	  connections.  Typically they are copied to connections from
	  packets using the CONNSECMARK target and copied back from
	  connections to packets with the same target, with the packets
	  being originally labeled via SECMARK.

config ADK_KPACKAGE_KMOD_IP_NF_FTP
	tristate 'FTP protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  Tracking FTP connections is problematic: special helpers are
	  required for tracking them, and doing masquerading and other forms
	  of Network Address Translation on them.

config ADK_KPACKAGE_KMOD_IP_NF_IRC
	tristate 'IRC protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  There is a commonly-used extension to IRC called
	  Direct Client-to-Client Protocol (DCC).  This enables users to send
	  files to each other, and also chat to each other without the need
	  of a server.  DCC Sending is used anywhere you send files over IRC,
	  and DCC Chat is most commonly used by Eggdrop bots.  If you are
	  using NAT, this extension will enable you to send files and initiate
	  chats.  Note that you do NOT need this extension to get files or
	  have others initiate chats, or everything else in IRC.

config ADK_KPACKAGE_KMOD_IP_NF_NETBIOS_NS
	tristate 'NetBIOS name service protocol support (EXPERIMENTAL)'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  NetBIOS name service requests are sent as broadcast messages from an
	  unprivileged port and responded to with unicast messages to the
	  same port. This make them hard to firewall properly because connection
	  tracking doesn't deal with broadcasts. This helper tracks locally
	  originating NetBIOS name service requests and the corresponding
	  responses. It relies on correct IP address configuration, specifically
	  netmask and broadcast address. When properly configured, the output
	  of "ip address show" should look similar to this:

	  $ ip -4 address show eth0
	  4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
	      inet 172.16.2.252/24 brd 172.16.2.255 scope global eth0

config ADK_KPACKAGE_KMOD_IP_NF_TFTP
	tristate 'TFTP protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  TFTP connection tracking helper, this is required depending
	  on how restrictive your ruleset is.
	  If you are using a tftp client behind -j SNAT or -j MASQUERADING
	  you will need this.

config ADK_KPACKAGE_KMOD_IP_NF_AMANDA
	tristate 'Amanda backup protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	#FIXME TEXTSEARCH && TEXTSEARCH_KMP
	help
	  If you are running the Amanda backup package <http://www.amanda.org/>
	  on this machine or machines that will be MASQUERADED through this
	  machine, then you may want to enable this feature.  This allows the
	  connection tracking and natting code to allow the sub-channels that
	  Amanda requires for communication of the backup data, messages and
	  index.

config ADK_KPACKAGE_KMOD_IP_NF_PPTP
	tristate 'PPTP protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  This module adds support for PPTP (Point to Point Tunnelling
	  Protocol, RFC2637) connection tracking and NAT. 
	
	  If you are running PPTP sessions over a stateful firewall or NAT
	  box, you may want to enable this feature.  
	
	  Please note that not all PPTP modes of operation are supported yet.
	  For more info, read top of the file
	  net/ipv4/netfilter/ip_conntrack_pptp.c

config ADK_KPACKAGE_KMOD_IP_NF_H323
	tristate 'H.323 protocol support (EXPERIMENTAL)'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  H.323 is a VoIP signalling protocol from ITU-T. As one of the most
	  important VoIP protocols, it is widely used by voice hardware and
	  software including voice gateways, IP phones, Netmeeting, OpenPhone,
	  Gnomemeeting, etc.

	  With this module you can support H.323 on a connection tracking/NAT
	  firewall.

	  This module supports RAS, Fast Start, H.245 Tunnelling, Call
	  Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
	  whiteboard, file transfer, etc. For more information, please
	  visit http://nath323.sourceforge.net/.

config ADK_KPACKAGE_KMOD_IP_NF_SIP
	tristate 'SIP protocol support (EXPERIMENTAL)'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  SIP is an application-layer control protocol that can establish,
	  modify, and terminate multimedia sessions (conferences) such as
	  Internet telephony calls. With the ip_conntrack_sip and
	  the ip_nat_sip modules you can support the protocol on a connection
	  tracking/NATing firewall.


config ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
	tristate 'IP tables support (required for filtering/masq/NAT)'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  iptables is a general, extensible packet identification framework.
	  The packet filtering and full NAT (masquerading, port forwarding,
	  etc) subsystems now use this: say `Y' or `M' here if you want to use
	  either of those.

config ADK_KPACKAGE_KMOD_IP_NF_FILTER
	tristate 'Packet Filtering'
	depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
	help
	  Packet filtering defines a table `filter', which has a series of
	  rules for simple packet filtering at local input, forwarding and
	  local output.  See the man page for iptables(8).

config ADK_KPACKAGE_KMOD_NF_NAT
	tristate 'Full NAT'
	depends on ADK_KPACKAGE_KMOD_NF_IP_IPTABLES
	help
	  The Full NAT option allows masquerading, port forwarding and other
	  forms of full Network Address Port Translation.  It is controlled by
	  the `nat' table in iptables: see the man page for iptables(8).

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_MASQUERADE
	tristate 'MASQUERADE target support'
	depends on ADK_KPACKAGE_KMOD_NF_NAT
	help
	  Masquerading is a special case of NAT: all outgoing connections are
	  changed to seem to come from a particular interface's address, and
	  if the interface goes down, those connections are lost.  This is
	  only useful for dialup accounts with dynamic IP address (ie. your IP
	  address will be different on next dialup).

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REJECT
	tristate 'REJECT target support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
	help
	  The REJECT target allows a filtering rule to specify that an ICMP
	  error should be issued in response to an incoming packet, rather
	  than silently being dropped.

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_LOG
	tristate 'LOG target support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
	help
	  This option adds a `LOG' target, which allows you to create rules in
	  any iptables table which records the packet header to the syslog.

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ULOG
	tristate 'ULOG target support (ipv4 only)'
	depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
	help
	  This option enables the old IPv4-only "ipt_ULOG" implementation
	  which has been obsoleted by the new "nfnetlink_log" code (see
	  CONFIG_NETFILTER_NETLINK_LOG).

	  This option adds a `ULOG' target, which allows you to create rules in
	  any iptables table. The packet is passed to a userspace logging
	  daemon using netlink multicast sockets; unlike the LOG target
	  which can only be viewed through syslog.

	  The appropriate userspace logging daemon (ulogd) may be obtained from
	  <http://www.gnumonks.org/projects/ulogd/>

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT
	tristate 'REDIRECT target support'
	depends on ADK_KPACKAGE_KMOD_NF_NAT
	help
	  REDIRECT is a special case of NAT: all incoming connections are
	  mapped onto the incoming interface's address, causing the packets to
	  come to the local machine instead of passing through.  This is
	  useful for transparent proxies.

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP
	tristate 'NETMAP target support'
	depends on ADK_KPACKAGE_KMOD_NF_NAT
	help
	  NETMAP is an implementation of static 1:1 NAT mapping of network
	  addresses. It maps the network address part, while keeping the host
	  address part intact. It is similar to Fast NAT, except that
	  Netfilter's connection tracking doesn't work well with Fast NAT.

config ADK_KPACKAGE_KMOD_IP_NF_MANGLE
	tristate 'Packet mangling'
	depends on ADK_KPACKAGE_KMOD_NF_NAT
	help
	  This option adds a `mangle' table to iptables: see the man page for
	  iptables(8).  This table is used for various packet alterations
	  which can effect how the packet is routed.

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ECN
	tristate 'ECN target support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_MANGLE
	help
	  This option adds a `ECN' target, which can be used in the iptables mangle
	  table.  

	  You can use this target to remove the ECN bits from the IPv4 header of
	  an IP packet.  This is particularly useful, if you need to work around
	  existing ECN blackholes on the internet, but don't want to disable
	  ECN support in general.