Trang chủ Khám phá Trợ giúp
Đăng nhập
oss
/
openadk
4
1
Fork 3
Các tập tin Các vấn đề 1 Yêu cầu khéo về 0 Wiki
Tree: 3723786959
Branches Tags
openadk
/
target
/
linux
/
config
/
Config.in.netfilter.core

Config.in.netfilter.core 8.1 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203 
  1. config ADK_KPACKAGE_KMOD_NETFILTER_NETLINK_LOG
    2. 

  2. 	tristate 'Netfilter LOG over NFNETLINK interface'
    3. 

  3. 	help
    4. 

  4. 	  If this option is enabled, the kernel will include support                                                                                        
    5. 

  5. 	  for logging packets via NFNETLINK.
    6. 

  6. 

  7. config ADK_KPACKAGE_KMOD_NF_CONNTRACK
    8. 

  8. 	tristate 'Netfilter connection tracking support'
    9. 

  9. 	select ADK_KERNEL_NETFILTER_XTABLES
    10. 

  10. 	help
    11. 

  11. 	  Connection tracking keeps a record of what packets have passed
    12. 

  12. 	  through your machine, in order to figure out how they are related
    13. 

  13. 	  into connections.
    14. 

  14. 

  15. 	  Layer 3 independent connection tracking is experimental scheme
    16. 

  16. 	  which generalize ip_conntrack to support other layer 3 protocols.
    17. 

  17. 

  18. config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CHECKSUM
    19. 

  19. 	tristate '"CHECKSUM" target support'
    20. 

  20. 	select ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
    21. 

  21. 	select ADK_KERNEL_NETFILTER_XTABLES
    22. 

  22. 	select ADK_KPACKAGE_KMOD_IP_NF_MANGLE
    23. 

  23. 	select ADK_KERNEL_NETFILTER_ADVANCED
    24. 

  24. 	help
    25. 

  25. 

  26. config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CLASSIFY
    27. 

  27. 	tristate '"CLASSIFY" target support'
    28. 

  28. 	select ADK_KERNEL_NETFILTER_XTABLES
    29. 

  29. 	help
    30. 

  30. 	  This option adds a `CLASSIFY' target, which enables the user to set
    31. 

  31. 	  the priority of a packet. Some qdiscs can use this value for
    32. 

  32. 	  classification, among these are:
    33. 

  33. 

  34.   	  atm, cbq, dsmark, pfifo_fast, htb, prio
    35. 

  35. 

  36. config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CONNMARK
    37. 

  37. 	tristate '"CONNMARK" target support'
    38. 

  38. 	select ADK_KERNEL_NETFILTER_XTABLES
    39. 

  39. 	select ADK_KPACKAGE_KMOD_NF_CONNTRACK
    40. 

  40. 	help
    41. 

  41. 	  This option adds a `CONNMARK' target, which allows one to manipulate
    42. 

  42. 	  the connection mark value.  Similar to the MARK target, but
    43. 

  43. 	  affects the connection mark value rather than the packet mark value.
    44. 

  44. 

  45. config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_MARK
    46. 

  46. 	tristate '"MARK" target support'
    47. 

  47. 	select ADK_KERNEL_NETFILTER_XTABLES
    48. 

  48. 	help
    49. 

  49. 	  This option adds a `MARK' target, which allows you to create rules
    50. 

  50. 	  in the `mangle' table which alter the netfilter mark (nfmark) field
    51. 

  51. 	  associated with the packet prior to routing. This can change
    52. 

  52. 	  the routing method (see `Use netfilter MARK value as routing
    53. 

  53. 	  key') and can also be used by other subsystems to change their
    54. 

  54. 	  behavior.
    55. 

  55. 

  56. config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_NFQUEUE
    57. 

  57. 	tristate '"NFQUEUE" target support'
    58. 

  58. 	select ADK_KERNEL_NETFILTER_XTABLES
    59. 

  59. 	help
    60. 

  60. 	  This target replaced the old obsolete QUEUE target.
    61. 

  61. 

  62. 	  As opposed to QUEUE, it supports 65535 different queues,
    63. 

  63. 	  not just one.
    64. 

  64. 

  65. config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_LOG
    66. 

  66. 	tristate 'LOG target support'
    67. 

  67. 	depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
    68. 

  68. 	help
    69. 

  69. 	  This option adds a `LOG' target, which allows you to create rules in
    70. 

  70. 	  any iptables table which records the packet header to the syslog.
    71. 

  71. 

  72. config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_TCPMSS
    73. 

  73. 	tristate 'TCPMSS target'
    74. 

  74. 	select ADK_KERNEL_NETFILTER_XTABLES
    75. 

  75. 	help
    76. 

  76. 

  77. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_MARK
    78. 

  78. 	bool 'Connection mark tracking support'
    79. 

  79. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    80. 

  80. 	select ADK_KERNEL_IP_NF_MATCH_CONNMARK
    81. 

  81. 	help
    82. 

  82. 	  This option enables support for connection marks, used by the
    83. 

  83. 	  `CONNMARK' target and `connmark' match. Similar to the mark value
    84. 

  84. 	  of packets, but this mark value is kept in the conntrack session
    85. 

  85. 	  instead of the individual packets.
    86. 

  86. 

  87. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_SECMARK
    88. 

  88. 	bool 'Connection tracking security mark support'
    89. 

  89. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    90. 

  90. 	#FIXME select NETWORK_SECMARK
    91. 

  91. 	help
    92. 

  92. 	  This option enables security markings to be applied to
    93. 

  93. 	  connections.  Typically they are copied to connections from
    94. 

  94. 	  packets using the CONNSECMARK target and copied back from
    95. 

  95. 	  connections to packets with the same target, with the packets
    96. 

  96. 	  being originally labeled via SECMARK.
    97. 

  97. 

  98. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_FTP
    99. 

  99. 	tristate 'FTP protocol support'
    100. 

  100. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    101. 

  101. 	help
    102. 

  102. 	  Tracking FTP connections is problematic: special helpers are
    103. 

  103. 	  required for tracking them, and doing masquerading and other forms
    104. 

  104. 	  of Network Address Translation on them.
    105. 

  105. 

  106. #config ADK_KPACKAGE_KMOD_NF_CONNTRACK_RTSP
    107. 

  107. #	tristate 'RTSP protocol support'
    108. 

  108. #	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    109. 

  109. #	help
    110. 

  110. #	  Tracking RTSP connections might be required for IPTV.
    111. 

  111. 

  112. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_IRC
    113. 

  113. 	tristate 'IRC protocol support'
    114. 

  114. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    115. 

  115. 	help
    116. 

  116. 	  There is a commonly-used extension to IRC called
    117. 

  117. 	  Direct Client-to-Client Protocol (DCC).  This enables users to send
    118. 

  118. 	  files to each other, and also chat to each other without the need
    119. 

  119. 	  of a server.  DCC Sending is used anywhere you send files over IRC,
    120. 

  120. 	  and DCC Chat is most commonly used by Eggdrop bots.  If you are
    121. 

  121. 	  using NAT, this extension will enable you to send files and initiate
    122. 

  122. 	  chats.  Note that you do NOT need this extension to get files or
    123. 

  123. 	  have others initiate chats, or everything else in IRC.
    124. 

  124. 

  125. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_NETBIOS_NS
    126. 

  126. 	tristate 'NetBIOS name service protocol support (EXPERIMENTAL)'
    127. 

  127. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    128. 

  128. 	help
    129. 

  129. 	  NetBIOS name service requests are sent as broadcast messages from an
    130. 

  130. 	  unprivileged port and responded to with unicast messages to the
    131. 

  131. 	  same port. This make them hard to firewall properly because connection
    132. 

  132. 	  tracking doesn't deal with broadcasts. This helper tracks locally
    133. 

  133. 	  originating NetBIOS name service requests and the corresponding
    134. 

  134. 	  responses. It relies on correct IP address configuration, specifically
    135. 

  135. 	  netmask and broadcast address. When properly configured, the output
    136. 

  136. 	  of "ip address show" should look similar to this:
    137. 

  137. 

  138. 	  $ ip -4 address show eth0
    139. 

  139. 	  4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
    140. 

  140. 	      inet 172.16.2.252/24 brd 172.16.2.255 scope global eth0
    141. 

  141. 

  142. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_TFTP
    143. 

  143. 	tristate 'TFTP protocol support'
    144. 

  144. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    145. 

  145. 	help
    146. 

  146. 	  TFTP connection tracking helper, this is required depending
    147. 

  147. 	  on how restrictive your ruleset is.
    148. 

  148. 	  If you are using a tftp client behind -j SNAT or -j MASQUERADING
    149. 

  149. 	  you will need this.
    150. 

  150. 

  151. #config ADK_KPACKAGE_KMOD_NF_CONNTRACK_AMANDA
    152. 

  152. #	tristate 'Amanda backup protocol support'
    153. 

  153. #	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    154. 

  154. #	#FIXME TEXTSEARCH && TEXTSEARCH_KMP
    155. 

  155. #	help
    156. 

  156. #	  If you are running the Amanda backup package <http://www.amanda.org/>
    157. 

  157. #	  on this machine or machines that will be MASQUERADED through this
    158. 

  158. #	  machine, then you may want to enable this feature.  This allows the
    159. 

  159. #	  connection tracking and natting code to allow the sub-channels that
    160. 

  160. #	  Amanda requires for communication of the backup data, messages and
    161. 

  161. #	  index.
    162. 

  162. 

  163. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_PPTP
    164. 

  164. 	tristate 'PPTP protocol support'
    165. 

  165. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    166. 

  166. 	help
    167. 

  167. 	  This module adds support for PPTP (Point to Point Tunnelling
    168. 

  168. 	  Protocol, RFC2637) connection tracking and NAT. 
    169. 

  169. 	
    170. 

  170. 	  If you are running PPTP sessions over a stateful firewall or NAT
    171. 

  171. 	  box, you may want to enable this feature.  
    172. 

  172. 	
    173. 

  173. 	  Please note that not all PPTP modes of operation are supported yet.
    174. 

  174. 	  For more info, read top of the file
    175. 

  175. 	  net/ipv4/netfilter/ip_conntrack_pptp.c
    176. 

  176. 

  177. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_H323
    178. 

  178. 	tristate 'H.323 protocol support (EXPERIMENTAL)'
    179. 

  179. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    180. 

  180. 	help
    181. 

  181. 	  H.323 is a VoIP signalling protocol from ITU-T. As one of the most
    182. 

  182. 	  important VoIP protocols, it is widely used by voice hardware and
    183. 

  183. 	  software including voice gateways, IP phones, Netmeeting, OpenPhone,
    184. 

  184. 	  Gnomemeeting, etc.
    185. 

  185. 

  186. 	  With this module you can support H.323 on a connection tracking/NAT
    187. 

  187. 	  firewall.
    188. 

  188. 

  189. 	  This module supports RAS, Fast Start, H.245 Tunnelling, Call
    190. 

  190. 	  Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
    191. 

  191. 	  whiteboard, file transfer, etc. For more information, please
    192. 

  192. 	  visit http://nath323.sourceforge.net/.
    193. 

  193. 

  194. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_SIP
    195. 

  195. 	tristate 'SIP protocol support (EXPERIMENTAL)'
    196. 

  196. 	depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
    197. 

  197. 	help
    198. 

  198. 	  SIP is an application-layer control protocol that can establish,
    199. 

  199. 	  modify, and terminate multimedia sessions (conferences) such as
    200. 

  200. 	  Internet telephony calls. With the ip_conntrack_sip and
    201. 

  201. 	  the ip_nat_sip modules you can support the protocol on a connection
    202. 

  202. 	  tracking/NATing firewall.
    203. 

  203.