Config.in.netfilter.ip4 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. # This file is part of the OpenADK project. OpenADK is copyrighted
  2. # material, please see the LICENCE file in the top-level directory.
  3. config ADK_LINUX_KERNEL_NF_NAT
  4. tristate
  5. config ADK_LINUX_KERNEL_NF_NAT_IPV4
  6. tristate
  7. config ADK_LINUX_KERNEL_IP_NF_IPTABLES
  8. tristate 'IP tables support'
  9. select ADK_LINUX_KERNEL_NETFILTER_XTABLES
  10. default n
  11. help
  12. iptables is a general, extensible packet identification framework.
  13. The packet filtering and full NAT (masquerading, port forwarding,
  14. etc) subsystems now use this: say `Y' or `M' here if you want to use
  15. either of those.
  16. config ADK_LINUX_KERNEL_IP_NF_FILTER
  17. tristate 'IP Packet Filtering table support'
  18. depends on ADK_LINUX_KERNEL_IP_NF_IPTABLES
  19. default n
  20. help
  21. Packet filtering defines a table `filter', which has a series of
  22. rules for simple packet filtering at local input, forwarding and
  23. local output.
  24. config ADK_LINUX_KERNEL_IP_NF_NAT
  25. tristate 'IP NAT table support'
  26. select ADK_LINUX_KERNEL_NETFILTER_XT_NAT
  27. select ADK_LINUX_KERNEL_NF_NAT
  28. select ADK_LINUX_KERNEL_NF_NAT_IPV4
  29. depends on ADK_LINUX_KERNEL_IP_NF_IPTABLES
  30. default n
  31. help
  32. config ADK_LINUX_KERNEL_IP_NF_MANGLE
  33. tristate 'IP Packet mangling table support'
  34. depends on ADK_LINUX_KERNEL_IP_NF_IPTABLES
  35. default n
  36. help
  37. This option adds a `mangle' table to iptables: see the man page for
  38. iptables(8). This table is used for various packet alterations
  39. which can effect how the packet is routed.
  40. config ADK_LINUX_KERNEL_NF_CONNTRACK_IPV4
  41. tristate 'IP connection tracking support (required for NAT)'
  42. select ADK_LINUX_KERNEL_NF_CONNTRACK
  43. select ADK_LINUX_KERNEL_NETFILTER_XT_MATCH_CONNTRACK
  44. default n
  45. help
  46. Connection tracking keeps a record of what packets have passed
  47. through your machine, in order to figure out how they are related
  48. into connections.
  49. config ADK_LINUX_KERNEL_IP_NF_CT_ACCT
  50. bool 'Connection tracking flow accounting'
  51. depends on ADK_LINUX_KERNEL_NF_CONNTRACK
  52. help
  53. If this option is enabled, the connection tracking code will
  54. keep per-flow packet and byte counters.
  55. Those counters can be used for flow-based accounting or the
  56. `connbytes' match.
  57. menu "IP target support"
  58. config ADK_LINUX_KERNEL_IP_NF_TARGET_MASQUERADE
  59. tristate 'MASQUERADE target support'
  60. depends on ADK_LINUX_KERNEL_NF_NAT
  61. default n
  62. help
  63. Masquerading is a special case of NAT: all outgoing connections are
  64. changed to seem to come from a particular interface's address, and
  65. if the interface goes down, those connections are lost. This is
  66. only useful for dialup accounts with dynamic IP address (ie. your IP
  67. address will be different on next dialup).
  68. config ADK_LINUX_KERNEL_IP_NF_TARGET_REJECT
  69. tristate 'REJECT target support'
  70. depends on ADK_LINUX_KERNEL_IP_NF_FILTER
  71. default n
  72. help
  73. The REJECT target allows a filtering rule to specify that an ICMP
  74. error should be issued in response to an incoming packet, rather
  75. than silently being dropped.
  76. config ADK_LINUX_KERNEL_IP_NF_TARGET_REDIRECT
  77. tristate 'REDIRECT target support'
  78. depends on ADK_LINUX_KERNEL_NF_NAT
  79. help
  80. REDIRECT is a special case of NAT: all incoming connections are
  81. mapped onto the incoming interface's address, causing the packets to
  82. come to the local machine instead of passing through. This is
  83. useful for transparent proxies.
  84. config ADK_LINUX_KERNEL_IP_NF_TARGET_NETMAP
  85. tristate 'NETMAP target support'
  86. depends on ADK_LINUX_KERNEL_NF_NAT
  87. help
  88. NETMAP is an implementation of static 1:1 NAT mapping of network
  89. addresses. It maps the network address part, while keeping the host
  90. address part intact. It is similar to Fast NAT, except that
  91. Netfilter's connection tracking doesn't work well with Fast NAT.
  92. config ADK_LINUX_KERNEL_IP_NF_TARGET_ECN
  93. tristate 'ECN target support'
  94. depends on ADK_LINUX_KERNEL_IP_NF_MANGLE
  95. help
  96. This option adds a `ECN' target, which can be used in the iptables mangle
  97. table.
  98. You can use this target to remove the ECN bits from the IPv4 header of
  99. an IP packet. This is particularly useful, if you need to work around
  100. existing ECN blackholes on the internet, but don't want to disable
  101. ECN support in general.
  102. endmenu