oss
/
openadk


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444
							menu "Netfilter (Firewall/Filtering)"

config ADK_KERNEL_NETFILTER
	bool
	default n

config ADK_KERNEL_NETFILTER_ADVANCED
	bool
	default n

config ADK_KERNEL_BRIDGE_NETFILTER
	bool
	default n

config ADK_KERNEL_NETFILTER_XTABLES
	bool
	select ADK_KERNEL_NETFILTER
	select ADK_KERNEL_NETFILTER_ADVANCED
	default n

config ADK_KERNEL_NETFILTER_DEBUG
	bool
	default n

config ADK_KERNEL_IP_NF_MATCH_LAYER7_DEBUG
	bool
	default n

config ADK_KERNEL_IP_NF_TARGET_MIRROR
	tristate
	default n

config ADK_KERNEL_IP_NF_NAT_SNMP_BASIC
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_DSCP
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_MARK
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_CLASSIFY
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_IMQ
	tristate
	default n

config ADK_KERNEL_IP_NF_TARGET_CONNMARK
	tristate
	default n

config ADK_KERNEL_IP_NF_ARPTABLES
	tristate
	default n

config ADK_KERNEL_IP_NF_COMPAT_IPCHAINS
	tristate
	default n

config ADK_KERNEL_IP_NF_COMPAT_IPFWADM
	tristate
	default n

config ADK_KERNEL_IP6_NF_QUEUE
	tristate
	default n

config ADK_KERNEL_IP6_NF_IPTABLES
	tristate
	default n

config ADK_KERNEL_IP_ROUTE_FWMARK
	bool
	default n

config ADK_KERNEL_IP_NF_QUEUE
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_TIME
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_CONDITION
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_DSCP
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_AH_ESP
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_LENGTH
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_HELPER
	tristate
	default n

# cannot be ADK_KERNEL_IP_NF_MATCH_STATE because
# netfilter is built as a module -> this'll always be
# a module, too
config ADK_KPACKAGE_KMOD_IP_NF_MATCH_STATE
	tristate
	select ADK_KPACKAGE_KMOD_NETFILTER_XT_MATCH_STATE
	default n

config ADK_KPACKAGE_KMOD_NETFILTER_XT_MATCH_STATE
	tristate
	default n

# cannot be ADK_KERNEL_IP_NF_MATCH_CONNTRACK because
# netfilter is built as a module -> this'll always be
# a module, too
config ADK_KPACKAGE_KMOD_IP_NF_MATCH_CONNTRACK
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_CONNMARK
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_UNCLEAN
	tristate
	default n

config ADK_KERNEL_IP_NF_MATCH_STRING
	tristate
	default n

menu "Core Netfilter Configuration"

config ADK_KPACKAGE_KMOD_NF_CONNTRACK
	tristate 'Netfilter connection tracking support'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  Connection tracking keeps a record of what packets have passed
	  through your machine, in order to figure out how they are related
	  into connections.

	  Layer 3 independent connection tracking is experimental scheme
	  which generalize ip_conntrack to support other layer 3 protocols.

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CLASSIFY
	tristate '"CLASSIFY" target support'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  This option adds a `CLASSIFY' target, which enables the user to set
	  the priority of a packet. Some qdiscs can use this value for
	  classification, among these are:

  	  atm, cbq, dsmark, pfifo_fast, htb, prio

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CONNMARK
	tristate '"CONNMARK" target support'
	select ADK_KERNEL_NETFILTER_XTABLES
	select ADK_KPACKAGE_KMOD_NF_CONNTRACK
	help
	  This option adds a `CONNMARK' target, which allows one to manipulate
	  the connection mark value.  Similar to the MARK target, but
	  affects the connection mark value rather than the packet mark value.

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_MARK
	tristate '"MARK" target support'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  This option adds a `MARK' target, which allows you to create rules
	  in the `mangle' table which alter the netfilter mark (nfmark) field
	  associated with the packet prior to routing. This can change
	  the routing method (see `Use netfilter MARK value as routing
	  key') and can also be used by other subsystems to change their
	  behavior.

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_NFQUEUE
	tristate '"NFQUEUE" target support'
	select ADK_KERNEL_NETFILTER_XTABLES
	help
	  This target replaced the old obsolete QUEUE target.

	  As opposed to QUEUE, it supports 65535 different queues,
	  not just one.

config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_TCPMSS
	tristate 'TCPMSS target'
	select ADK_KERNEL_NETFILTER_XTABLES
	help

endmenu

menu "IP: Netfilter Configuration"
source target/linux/config/Config.in.netfilter.ip4
endmenu

menu "IPv6: Netfilter Configuration"
	depends on ADK_ENABLE_IPV6
source target/linux/config/Config.in.netfilter.ip6
endmenu

menu "Ethernet bridge firewalling"

config ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	tristate 'Ethernet Bridge tables (ebtables) support'
	select ADK_KERNEL_BRIDGE_NETFILTER
	help
	  ebtables is a general, extensible frame/packet identification
	  framework. Say 'Y' or 'M' here if you want to do Ethernet
	  filtering/NAT/brouting on the Ethernet bridge.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_BROUTE
	tristate "ebt: broute table support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  The ebtables broute table is used to define rules that decide between
	  bridging and routing frames, giving Linux the functionality of a
	  brouter. See the man page for ebtables(8) and examples on the ebtables
	  website.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_FILTER
	tristate "ebt: filter table support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  The ebtables filter table is used to define frame filtering rules at
	  local input, forwarding and local output. See the man page for
	  ebtables(8).

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_T_NAT
	tristate "ebt: nat table support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  The ebtables nat table is used to define rules that alter the MAC
	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
	  See the man page for ebtables(8).

	  To compile it as a module, choose M here.  If unsure, say N.
#
# matches
#
config ADK_KPACKAGE_KMOD_BRIDGE_EBT_802_3
	tristate "ebt: 802.3 filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds matching support for 802.3 Ethernet frames.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_AMONG
	tristate "ebt: among filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the among match, which allows matching the MAC source
	  and/or destination address on a list of addresses. Optionally,
	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARP
	tristate "ebt: ARP filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the ARP match, which allows ARP and RARP header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP
	tristate "ebt: IP filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the IP match, which allows basic IP header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_IP6
	tristate "ebt: IP6 filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES && ADK_KPACKAGE_KMOD_IPV6
	help
	  This option adds the IP6 match, which allows basic IPV6 header field
	  filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LIMIT
	tristate "ebt: limit match support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the limit match, which allows you to control
	  the rate at which a rule can be matched. This match is the
	  equivalent of the iptables limit match.

	  If you want to compile it as a module, say M here and read
	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK
	tristate "ebt: mark filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the mark match, which allows matching frames based on
	  the 'nfmark' value in the frame. This can be set by the mark target.
	  This value is the same as the one used in the iptables mark match and
	  target.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_PKTTYPE
	tristate "ebt: packet type filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the packet type match, which allows matching on the
	  type of packet based on its Ethernet "class" (as determined by
	  the generic networking code): broadcast, multicast,
	  for this host alone or for another host.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_STP
	tristate "ebt: STP filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the Spanning Tree Protocol match, which
	  allows STP header field filtering.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_VLAN
	tristate "ebt: 802.1Q VLAN filter support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the 802.1Q vlan match, which allows the filtering of
	  802.1Q vlan fields.

	  To compile it as a module, choose M here.  If unsure, say N.
#
# targets
#
config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ARPREPLY
	tristate "ebt: arp reply target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the arp reply target, which allows
	  automatically sending arp replies to arp requests.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_DNAT
	tristate "ebt: dnat target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the MAC DNAT target, which allows altering the MAC
	  destination address of frames.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_MARK_T
	tristate "ebt: mark target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the mark target, which allows marking frames by
	  setting the 'nfmark' value in the frame.
	  This value is the same as the one used in the iptables mark match and
	  target.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_REDIRECT
	tristate "ebt: redirect target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the MAC redirect target, which allows altering the MAC
	  destination address of a frame to that of the device it arrived on.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_SNAT
	tristate "ebt: snat target support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the MAC SNAT target, which allows altering the MAC
	  source address of frames.

	  To compile it as a module, choose M here.  If unsure, say N.
#
# watchers
#
config ADK_KPACKAGE_KMOD_BRIDGE_EBT_LOG
	tristate "ebt: log support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option adds the log watcher, that you can use in any rule
	  in any ebtables table. It records info about the frame header
	  to the syslog.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_ULOG
	tristate "ebt: ulog support (OBSOLETE)"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option enables the old bridge-specific "ebt_ulog" implementation
	  which has been obsoleted by the new "nfnetlink_log" code (see
	  CONFIG_NETFILTER_NETLINK_LOG).

	  This option adds the ulog watcher, that you can use in any rule
	  in any ebtables table. The packet is passed to a userspace
	  logging daemon using netlink multicast sockets. This differs
	  from the log watcher in the sense that the complete packet is
	  sent to userspace instead of a descriptive text and that
	  netlink multicast sockets are used instead of the syslog.

	  To compile it as a module, choose M here.  If unsure, say N.

config ADK_KPACKAGE_KMOD_BRIDGE_EBT_NFLOG
	tristate "ebt: nflog support"
	depends on ADK_KPACKAGE_KMOD_BRIDGE_NF_EBTABLES
	help
	  This option enables the nflog watcher, which allows to LOG
	  messages through the netfilter logging API, which can use
	  either the old LOG target, the old ULOG target or nfnetlink_log
	  as backend.

	  This option adds the nflog watcher, that you can use in any rule
	  in any ebtables table.

	  To compile it as a module, choose M here.  If unsure, say N.


endmenu

source package/ipset/Config.in.kmod

endmenu