Config.in.netfilter.ebt 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218
  1. # This file is part of the OpenADK project. OpenADK is copyrighted
  2. # material, please see the LICENCE file in the top-level directory.
  3. config ADK_KERNEL_BRIDGE_NF_EBTABLES
  4. tristate 'Ethernet Bridge tables support'
  5. select ADK_KERNEL_BRIDGE_NETFILTER
  6. default n
  7. help
  8. ebtables is a general, extensible frame/packet identification
  9. framework. Say 'Y' or 'M' here if you want to do Ethernet
  10. filtering/NAT/brouting on the Ethernet bridge.
  11. config ADK_KERNEL_BRIDGE_EBT_BROUTE
  12. tristate "broute table support"
  13. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  14. default n
  15. help
  16. The ebtables broute table is used to define rules that decide between
  17. bridging and routing frames, giving Linux the functionality of a
  18. brouter. See the man page for ebtables(8) and examples on the ebtables
  19. website.
  20. To compile it as a module, choose M here. If unsure, say N.
  21. config ADK_KERNEL_BRIDGE_EBT_T_FILTER
  22. tristate "filter table support"
  23. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  24. default n
  25. help
  26. The ebtables filter table is used to define frame filtering rules at
  27. local input, forwarding and local output. See the man page for
  28. ebtables(8).
  29. To compile it as a module, choose M here. If unsure, say N.
  30. config ADK_KERNEL_BRIDGE_EBT_T_NAT
  31. tristate "nat table support"
  32. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  33. default n
  34. help
  35. The ebtables nat table is used to define rules that alter the MAC
  36. source address (MAC SNAT) or the MAC destination address (MAC DNAT).
  37. See the man page for ebtables(8).
  38. #
  39. # matches
  40. #
  41. config ADK_KERNEL_BRIDGE_EBT_802_3
  42. tristate "802.3 filter support"
  43. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  44. default n
  45. help
  46. This option adds matching support for 802.3 Ethernet frames.
  47. config ADK_KERNEL_BRIDGE_EBT_AMONG
  48. tristate "among filter support"
  49. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  50. default n
  51. help
  52. This option adds the among match, which allows matching the MAC source
  53. and/or destination address on a list of addresses. Optionally,
  54. MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
  55. config ADK_KERNEL_BRIDGE_EBT_ARP
  56. tristate "ARP filter support"
  57. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  58. default n
  59. help
  60. This option adds the ARP match, which allows ARP and RARP header field
  61. filtering.
  62. config ADK_KERNEL_BRIDGE_EBT_IP
  63. tristate "IP filter support"
  64. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  65. default n
  66. help
  67. This option adds the IP match, which allows basic IP header field
  68. filtering.
  69. config ADK_KERNEL_BRIDGE_EBT_IP6
  70. tristate "IP6 filter support"
  71. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES && ADK_KERNEL_IPV6
  72. default n
  73. help
  74. This option adds the IP6 match, which allows basic IPV6 header field
  75. filtering.
  76. config ADK_KERNEL_BRIDGE_EBT_LIMIT
  77. tristate "limit match support"
  78. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  79. default n
  80. help
  81. This option adds the limit match, which allows you to control
  82. the rate at which a rule can be matched. This match is the
  83. equivalent of the iptables limit match.
  84. config ADK_KERNEL_BRIDGE_EBT_MARK
  85. tristate "mark filter support"
  86. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  87. default n
  88. help
  89. This option adds the mark match, which allows matching frames based on
  90. the 'nfmark' value in the frame. This can be set by the mark target.
  91. This value is the same as the one used in the iptables mark match and
  92. target.
  93. config ADK_KERNEL_BRIDGE_EBT_PKTTYPE
  94. tristate "packet type filter support"
  95. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  96. default n
  97. help
  98. This option adds the packet type match, which allows matching on the
  99. type of packet based on its Ethernet "class" (as determined by
  100. the generic networking code): broadcast, multicast,
  101. for this host alone or for another host.
  102. config ADK_KERNEL_BRIDGE_EBT_STP
  103. tristate "STP filter support"
  104. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  105. default n
  106. help
  107. This option adds the Spanning Tree Protocol match, which
  108. allows STP header field filtering.
  109. config ADK_KERNEL_BRIDGE_EBT_VLAN
  110. tristate "802.1Q VLAN filter support"
  111. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  112. default n
  113. help
  114. This option adds the 802.1Q vlan match, which allows the filtering of
  115. 802.1Q vlan fields.
  116. #
  117. # targets
  118. #
  119. config ADK_KERNEL_BRIDGE_EBT_ARPREPLY
  120. tristate "arp reply target support"
  121. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  122. default n
  123. help
  124. This option adds the arp reply target, which allows
  125. automatically sending arp replies to arp requests.
  126. config ADK_KERNEL_BRIDGE_EBT_DNAT
  127. tristate "dnat target support"
  128. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  129. default n
  130. help
  131. This option adds the MAC DNAT target, which allows altering the MAC
  132. destination address of frames.
  133. config ADK_KERNEL_BRIDGE_EBT_MARK_T
  134. tristate "mark target support"
  135. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  136. default n
  137. help
  138. This option adds the mark target, which allows marking frames by
  139. setting the 'nfmark' value in the frame.
  140. This value is the same as the one used in the iptables mark match and
  141. target.
  142. config ADK_KERNEL_BRIDGE_EBT_REDIRECT
  143. tristate "redirect target support"
  144. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  145. default n
  146. help
  147. This option adds the MAC redirect target, which allows altering the MAC
  148. destination address of a frame to that of the device it arrived on.
  149. config ADK_KERNEL_BRIDGE_EBT_SNAT
  150. tristate "snat target support"
  151. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  152. default n
  153. help
  154. This option adds the MAC SNAT target, which allows altering the MAC
  155. source address of frames.
  156. #
  157. # watchers
  158. #
  159. config ADK_KERNEL_BRIDGE_EBT_LOG
  160. tristate "log support"
  161. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  162. default n
  163. help
  164. This option adds the log watcher, that you can use in any rule
  165. in any ebtables table. It records info about the frame header
  166. to the syslog.
  167. config ADK_KERNEL_BRIDGE_EBT_ULOG
  168. tristate "ulog support"
  169. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  170. default n
  171. help
  172. This option enables the old bridge-specific "ebt_ulog" implementation
  173. which has been obsoleted by the new "nfnetlink_log" code (see
  174. CONFIG_NETFILTER_NETLINK_LOG).
  175. This option adds the ulog watcher, that you can use in any rule
  176. in any ebtables table. The packet is passed to a userspace
  177. logging daemon using netlink multicast sockets. This differs
  178. from the log watcher in the sense that the complete packet is
  179. sent to userspace instead of a descriptive text and that
  180. netlink multicast sockets are used instead of the syslog.
  181. config ADK_KERNEL_BRIDGE_EBT_NFLOG
  182. tristate "nflog support"
  183. depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
  184. default n
  185. help
  186. This option enables the nflog watcher, which allows to LOG
  187. messages through the netfilter logging API, which can use
  188. either the old LOG target, the old ULOG target or nfnetlink_log
  189. as backend.
  190. This option adds the nflog watcher, that you can use in any rule
  191. in any ebtables table.