openadk/target/linux/config/Config.in.netfilter

menu "Netfilter (Firewall/Filtering)"

config ADK_KERNEL_NETFILTER
	bool
	default n

config ADK_KERNEL_NETFILTER_ADVANCED
	bool
	default n

config ADK_KERNEL_BRIDGE_NETFILTER
	bool
	default n

config ADK_KERNEL_NETFILTER_XTABLES
	bool
	select ADK_KERNEL_NETFILTER
	select ADK_KERNEL_NETFILTER_ADVANCED
	default n

config ADK_KERNEL_NETFILTER_DEBUG
	bool
	default n

config ADK_KERNEL_IP_NF_MATCH_LAYER7_DEBUG
	bool
	default n

config ADK_KERNEL_IP_NF_TARGET_MIRROR
	tristate
	default n

config ADK_KERNEL_IP_NF_NAT_SNMP_BASIC
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_DSCP
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_MARK
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_CLASSIFY
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_IMQ
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_CONNMARK
	tristate
	default n

config ADK_KERNEL_IP_NF_ARPTABLES
	tristate
	default n

config ADK_KERNEL_IP_NF_COMPAT_IPCHAINS
	tristate
	default n

config ADK_KERNEL_IP_NF_COMPAT_IPFWADM
	tristate
	default n

config ADK_KERNEL_IP6_NF_QUEUE
	tristate
	default n

config ADK_KERNEL_IP6_NF_IPTABLES
	tristate
	default n

config ADK_KERNEL_IP_ROUTE_FWMARK
	bool
	default n

config ADK_KERNEL_IP_NF_QUEUE
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_TIME
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_CONDITION
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_DSCP
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_AH_ESP
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_LENGTH
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_HELPER
	tristate
	default n

# cannot be ADK_KERNEL_IP_NF_MATCH_STATE because
# netfilter is built as a module -> this'll always be
# a module, too
config ADK_KPACKAGE_KMOD_IP_NF_MATCH_STATE
	tristate
	select ADK_KPACKAGE_KMOD_NETFILTER_XT_MATCH_STATE
	default n

config ADK_KPACKAGE_KMOD_NETFILTER_XT_MATCH_STATE
	tristate
	default n

# cannot be ADK_KERNEL_IP_NF_MATCH_CONNTRACK because
# netfilter is built as a module -> this'll always be
# a module, too
config ADK_KPACKAGE_KMOD_IP_NF_MATCH_CONNTRACK
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_CONNMARK
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_UNCLEAN
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_STRING
	tristate
	default n

menu "Core Netfilter Configuration"

config ADK_KPACKAGE_KMOD_NF_CONNTRACK
	tristate 'Netfilter connection tracking support'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  Connection tracking keeps a record of what packets have passed
	  through your machine, in order to figure out how they are related
	  into connections.

	  Layer 3 independent connection tracking is experimental scheme
	  which generalize ip_conntrack to support other layer 3 protocols.

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CLASSIFY
	tristate '"CLASSIFY" target support'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  This option adds a `CLASSIFY' target, which enables the user to set
	  the priority of a packet. Some qdiscs can use this value for
	  classification, among these are:

  	  atm, cbq, dsmark, pfifo_fast, htb, prio

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CONNMARK
	tristate '"CONNMARK" target support'
	select ADK_KERNEL_NETFILTER_XTABLES
	select ADK_KPACKAGE_KMOD_NF_CONNTRACK
	help
	  This option adds a `CONNMARK' target, which allows one to manipulate
	  the connection mark value.  Similar to the MARK target, but
	  affects the connection mark value rather than the packet mark value.

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_MARK
	tristate '"MARK" target support'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  This option adds a `MARK' target, which allows you to create rules
	  in the `mangle' table which alter the netfilter mark (nfmark) field
	  associated with the packet prior to routing. This can change
	  the routing method (see `Use netfilter MARK value as routing
	  key') and can also be used by other subsystems to change their
	  behavior.

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_NFQUEUE
	tristate '"NFQUEUE" target support'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  This target replaced the old obsolete QUEUE target.

	  As opposed to QUEUE, it supports 65535 different queues,
	  not just one.

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_TCPMSS
	tristate 'TCPMSS target'
	select ADK_KERNEL_NETFILTER_XTABLES
	help

endmenu

menu "IP: Netfilter Configuration"

config ADK_KPACKAGE_KMOD_NF_CONNTRACK_IPV4
	bool 'IPv4 connection tracking support (required for NAT)'
	select ADK_KPACKAGE_KMOD_NF_CONNTRACK
	help
	  Connection tracking keeps a record of what packets have passed
	  through your machine, in order to figure out how they are related
	  into connections.

config ADK_KPACKAGE_KMOD_IP_NF_CT_ACCT
	bool 'Connection tracking flow accounting'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  If this option is enabled, the connection tracking code will
	  keep per-flow packet and byte counters.

	  Those counters can be used for flow-based accounting or the
	  `connbytes' match.

config ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK_MARK
	bool 'Connection mark tracking support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	select ADK_KERNEL_IP_NF_MATCH_CONNMARK
	help
	  This option enables support for connection marks, used by the
	  `CONNMARK' target and `connmark' match. Similar to the mark value
	  of packets, but this mark value is kept in the conntrack session
	  instead of the individual packets.

config ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK_SECMARK
	bool 'Connection tracking security mark support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	#FIXME select NETWORK_SECMARK
	help
	  This option enables security markings to be applied to
	  connections.  Typically they are copied to connections from
	  packets using the CONNSECMARK target and copied back from
	  connections to packets with the same target, with the packets
	  being originally labeled via SECMARK.

config ADK_KPACKAGE_KMOD_IP_NF_FTP
	tristate 'FTP protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  Tracking FTP connections is problematic: special helpers are
	  required for tracking them, and doing masquerading and other forms
	  of Network Address Translation on them.

config ADK_KPACKAGE_KMOD_IP_NF_IRC
	tristate 'IRC protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  There is a commonly-used extension to IRC called
	  Direct Client-to-Client Protocol (DCC).  This enables users to send
	  files to each other, and also chat to each other without the need
	  of a server.  DCC Sending is used anywhere you send files over IRC,
	  and DCC Chat is most commonly used by Eggdrop bots.  If you are
	  using NAT, this extension will enable you to send files and initiate
	  chats.  Note that you do NOT need this extension to get files or
	  have others initiate chats, or everything else in IRC.

config ADK_KPACKAGE_KMOD_IP_NF_NETBIOS_NS
	tristate 'NetBIOS name service protocol support (EXPERIMENTAL)'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  NetBIOS name service requests are sent as broadcast messages from an
	  unprivileged port and responded to with unicast messages to the
	  same port. This make them hard to firewall properly because connection
	  tracking doesn't deal with broadcasts. This helper tracks locally
	  originating NetBIOS name service requests and the corresponding
	  responses. It relies on correct IP address configuration, specifically
	  netmask and broadcast address. When properly configured, the output
	  of "ip address show" should look similar to this:

	  $ ip -4 address show eth0
	  4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
	      inet 172.16.2.252/24 brd 172.16.2.255 scope global eth0

config ADK_KPACKAGE_KMOD_IP_NF_TFTP
	tristate 'TFTP protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  TFTP connection tracking helper, this is required depending
	  on how restrictive your ruleset is.
	  If you are using a tftp client behind -j SNAT or -j MASQUERADING
	  you will need this.

config ADK_KPACKAGE_KMOD_IP_NF_AMANDA
	tristate 'Amanda backup protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	#FIXME TEXTSEARCH && TEXTSEARCH_KMP
	help
	  If you are running the Amanda backup package <http://www.amanda.org/>
	  on this machine or machines that will be MASQUERADED through this
	  machine, then you may want to enable this feature.  This allows the
	  connection tracking and natting code to allow the sub-channels that
	  Amanda requires for communication of the backup data, messages and
	  index.

config ADK_KPACKAGE_KMOD_IP_NF_PPTP
	tristate 'PPTP protocol support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  This module adds support for PPTP (Point to Point Tunnelling
	  Protocol, RFC2637) connection tracking and NAT. 
	
	  If you are running PPTP sessions over a stateful firewall or NAT
	  box, you may want to enable this feature.  
	
	  Please note that not all PPTP modes of operation are supported yet.
	  For more info, read top of the file
	  net/ipv4/netfilter/ip_conntrack_pptp.c

config ADK_KPACKAGE_KMOD_IP_NF_H323
	tristate 'H.323 protocol support (EXPERIMENTAL)'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  H.323 is a VoIP signalling protocol from ITU-T. As one of the most
	  important VoIP protocols, it is widely used by voice hardware and
	  software including voice gateways, IP phones, Netmeeting, OpenPhone,
	  Gnomemeeting, etc.

	  With this module you can support H.323 on a connection tracking/NAT
	  firewall.

	  This module supports RAS, Fast Start, H.245 Tunnelling, Call
	  Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
	  whiteboard, file transfer, etc. For more information, please
	  visit http://nath323.sourceforge.net/.

config ADK_KPACKAGE_KMOD_IP_NF_SIP
	tristate 'SIP protocol support (EXPERIMENTAL)'
	depends on ADK_KPACKAGE_KMOD_IP_NF_CONNTRACK
	help
	  SIP is an application-layer control protocol that can establish,
	  modify, and terminate multimedia sessions (conferences) such as
	  Internet telephony calls. With the ip_conntrack_sip and
	  the ip_nat_sip modules you can support the protocol on a connection
	  tracking/NATing firewall.


config ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
	tristate 'IP tables support (required for filtering/masq/NAT)'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  iptables is a general, extensible packet identification framework.
	  The packet filtering and full NAT (masquerading, port forwarding,
	  etc) subsystems now use this: say `Y' or `M' here if you want to use
	  either of those.

config ADK_KPACKAGE_KMOD_IP_NF_FILTER
	tristate 'Packet Filtering'
	depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
	help
	  Packet filtering defines a table `filter', which has a series of
	  rules for simple packet filtering at local input, forwarding and
	  local output.  See the man page for iptables(8).

config ADK_KPACKAGE_KMOD_NF_NAT
	tristate 'Full NAT'
	depends on ADK_KPACKAGE_KMOD_NF_IP_IPTABLES
	help
	  The Full NAT option allows masquerading, port forwarding and other
	  forms of full Network Address Port Translation.  It is controlled by
	  the `nat' table in iptables: see the man page for iptables(8).

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_MASQUERADE
	tristate 'MASQUERADE target support'
	depends on ADK_KPACKAGE_KMOD_NF_NAT
	help
	  Masquerading is a special case of NAT: all outgoing connections are
	  changed to seem to come from a particular interface's address, and
	  if the interface goes down, those connections are lost.  This is
	  only useful for dialup accounts with dynamic IP address (ie. your IP
	  address will be different on next dialup).

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REJECT
	tristate 'REJECT target support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
	help
	  The REJECT target allows a filtering rule to specify that an ICMP
	  error should be issued in response to an incoming packet, rather
	  than silently being dropped.

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_LOG
	tristate 'LOG target support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
	help
	  This option adds a `LOG' target, which allows you to create rules in
	  any iptables table which records the packet header to the syslog.

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ULOG
	tristate 'ULOG target support (ipv4 only)'
	depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
	help
	  This option enables the old IPv4-only "ipt_ULOG" implementation
	  which has been obsoleted by the new "nfnetlink_log" code (see
	  CONFIG_NETFILTER_NETLINK_LOG).

	  This option adds a `ULOG' target, which allows you to create rules in
	  any iptables table. The packet is passed to a userspace logging
	  daemon using netlink multicast sockets; unlike the LOG target
	  which can only be viewed through syslog.

	  The appropriate userspace logging daemon (ulogd) may be obtained from
	  <http://www.gnumonks.org/projects/ulogd/>

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT
	tristate 'REDIRECT target support'
	depends on ADK_KPACKAGE_KMOD_NF_NAT
	help
	  REDIRECT is a special case of NAT: all incoming connections are
	  mapped onto the incoming interface's address, causing the packets to
	  come to the local machine instead of passing through.  This is
	  useful for transparent proxies.

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP
	tristate 'NETMAP target support'
	depends on ADK_KPACKAGE_KMOD_NF_NAT
	help
	  NETMAP is an implementation of static 1:1 NAT mapping of network
	  addresses. It maps the network address part, while keeping the host
	  address part intact. It is similar to Fast NAT, except that
	  Netfilter's connection tracking doesn't work well with Fast NAT.

config ADK_KPACKAGE_KMOD_IP_NF_MANGLE
	tristate 'Packet mangling'
	depends on ADK_KPACKAGE_KMOD_NF_NAT
	help
	  This option adds a `mangle' table to iptables: see the man page for
	  iptables(8).  This table is used for various packet alterations
	  which can effect how the packet is routed.

config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ECN
	tristate 'ECN target support'
	depends on ADK_KPACKAGE_KMOD_IP_NF_MANGLE
	help
	  This option adds a `ECN' target, which can be used in the iptables mangle
	  table.  

	  You can use this target to remove the ECN bits from the IPv4 header of
	  an IP packet.  This is particularly useful, if you need to work around
	  existing ECN blackholes on the internet, but don't want to disable
	  ECN support in general.

endmenu

menu "Ethernet bridge firewalling"

config ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	tristate 'Ethernet Bridge tables (ebtables) support'
	select ADK_KERNEL_BRIDGE_NETFILTER
	help
	  ebtables is a general, extensible frame/packet identification
	  framework. Say 'Y' or 'M' here if you want to do Ethernet
	  filtering/NAT/brouting on the Ethernet bridge.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_BROUTE
	tristate "ebt: broute table support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  The ebtables broute table is used to define rules that decide between
	  bridging and routing frames, giving Linux the functionality of a
	  brouter. See the man page for ebtables(8) and examples on the ebtables
	  website.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_FILTER
	tristate "ebt: filter table support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  The ebtables filter table is used to define frame filtering rules at
	  local input, forwarding and local output. See the man page for
	  ebtables(8).

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_NAT
	tristate "ebt: nat table support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  The ebtables nat table is used to define rules that alter the MAC
	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
	  See the man page for ebtables(8).

	  To compile it as a module, choose M here.  If unsure, say N.
#
# matches
#
config ADK_KPACKAGE_KMOD_BRIDGE_EBT_802_3
	tristate "ebt: 802.3 filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds matching support for 802.3 Ethernet frames.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_AMONG
	tristate "ebt: among filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the among match, which allows matching the MAC source
	  and/or destination address on a list of addresses. Optionally,
	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARP
	tristate "ebt: ARP filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the ARP match, which allows ARP and RARP header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP
	tristate "ebt: IP filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the IP match, which allows basic IP header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP6
	tristate "ebt: IP6 filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES && ADK_KPACKAGE_KMOD_IPV6
	help
	  This option adds the IP6 match, which allows basic IPV6 header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LIMIT
	tristate "ebt: limit match support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the limit match, which allows you to control
	  the rate at which a rule can be matched. This match is the
	  equivalent of the iptables limit match.

	  If you want to compile it as a module, say M here and read
	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK
	tristate "ebt: mark filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the mark match, which allows matching frames based on
	  the 'nfmark' value in the frame. This can be set by the mark target.
	  This value is the same as the one used in the iptables mark match and
	  target.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_PKTTYPE
	tristate "ebt: packet type filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the packet type match, which allows matching on the
	  type of packet based on its Ethernet "class" (as determined by
	  the generic networking code): broadcast, multicast,
	  for this host alone or for another host.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_STP
	tristate "ebt: STP filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the Spanning Tree Protocol match, which
	  allows STP header field filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_VLAN
	tristate "ebt: 802.1Q VLAN filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the 802.1Q vlan match, which allows the filtering of
	  802.1Q vlan fields.

	  To compile it as a module, choose M here.  If unsure, say N.
#
# targets
#
config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARPREPLY
	tristate "ebt: arp reply target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the arp reply target, which allows
	  automatically sending arp replies to arp requests.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_DNAT
	tristate "ebt: dnat target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the MAC DNAT target, which allows altering the MAC
	  destination address of frames.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK_T
	tristate "ebt: mark target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the mark target, which allows marking frames by
	  setting the 'nfmark' value in the frame.
	  This value is the same as the one used in the iptables mark match and
	  target.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_REDIRECT
	tristate "ebt: redirect target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the MAC redirect target, which allows altering the MAC
	  destination address of a frame to that of the device it arrived on.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_SNAT
	tristate "ebt: snat target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the MAC SNAT target, which allows altering the MAC
	  source address of frames.

	  To compile it as a module, choose M here.  If unsure, say N.
#
# watchers
#
config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LOG
	tristate "ebt: log support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the log watcher, that you can use in any rule
	  in any ebtables table. It records info about the frame header
	  to the syslog.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ULOG
	tristate "ebt: ulog support (OBSOLETE)"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option enables the old bridge-specific "ebt_ulog" implementation
	  which has been obsoleted by the new "nfnetlink_log" code (see
	  CONFIG_NETFILTER_NETLINK_LOG).

	  This option adds the ulog watcher, that you can use in any rule
	  in any ebtables table. The packet is passed to a userspace
	  logging daemon using netlink multicast sockets. This differs
	  from the log watcher in the sense that the complete packet is
	  sent to userspace instead of a descriptive text and that
	  netlink multicast sockets are used instead of the syslog.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_NFLOG
	tristate "ebt: nflog support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option enables the nflog watcher, which allows to LOG
	  messages through the netfilter logging API, which can use
	  either the old LOG target, the old ULOG target or nfnetlink_log
	  as backend.

	  This option adds the nflog watcher, that you can use in any rule
	  in any ebtables table.

	  To compile it as a module, choose M here.  If unsure, say N.


endmenu

source package/ipset/Config.in.kmod

endmenu