123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 |
- config ADK_KPACKAGE_KMOD_NF_CONNTRACK_IPV4
- bool 'IPv4 connection tracking support (required for NAT)'
- select ADK_KPACKAGE_KMOD_NF_CONNTRACK
- help
- Connection tracking keeps a record of what packets have passed
- through your machine, in order to figure out how they are related
- into connections.
- config ADK_KPACKAGE_KMOD_IP_NF_CT_ACCT
- bool 'Connection tracking flow accounting'
- depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
- help
- If this option is enabled, the connection tracking code will
- keep per-flow packet and byte counters.
- Those counters can be used for flow-based accounting or the
- `connbytes' match.
- config ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
- tristate 'IP tables support (required for filtering/masq/NAT)'
- select ADK_KERNEL_NETFILTER_XTABLES
- help
- iptables is a general, extensible packet identification framework.
- The packet filtering and full NAT (masquerading, port forwarding,
- etc) subsystems now use this: say `Y' or `M' here if you want to use
- either of those.
- config ADK_KPACKAGE_KMOD_IP_NF_FILTER
- tristate 'Packet Filtering'
- depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
- help
- Packet filtering defines a table `filter', which has a series of
- rules for simple packet filtering at local input, forwarding and
- local output. See the man page for iptables(8).
- config ADK_KPACKAGE_KMOD_FULL_NAT
- tristate "Meta package for Full NAT"
- select ADK_KPACKAGE_KMOD_NF_NAT if ADK_KERNEL_VERSION_3_4_82
- select ADK_KPACKAGE_KMOD_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_10_30
- select ADK_KPACKAGE_KMOD_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_11_10
- select ADK_KPACKAGE_KMOD_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_12_13
- select ADK_KPACKAGE_KMOD_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_13_6
- config ADK_KPACKAGE_KMOD_NF_NAT
- tristate 'Full NAT'
- depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
- depends on ADK_KERNEL_VERSION_3_4_82
- help
- The Full NAT option allows masquerading, port forwarding and other
- forms of full Network Address Port Translation. It is controlled by
- the `nat' table in iptables: see the man page for iptables(8).
- config ADK_KPACKAGE_KMOD_NF_NAT_IPV4
- tristate 'Full NAT'
- depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
- depends on ADK_KERNEL_VERSION_3_10_30 \
- || ADK_KERNEL_VERSION_3_11_10 \
- || ADK_KERNEL_VERSION_3_12_13 \
- || ADK_KERNEL_VERSION_3_13_6
- help
- The Full NAT option allows masquerading, port forwarding and other
- forms of full Network Address Port Translation. It is controlled by
- the `nat' table in iptables: see the man page for iptables(8).
- config ADK_KPACKAGE_KMOD_IP_NF_TARGET_MASQUERADE
- tristate 'MASQUERADE target support'
- depends on ADK_KPACKAGE_KMOD_FULL_NAT
- help
- Masquerading is a special case of NAT: all outgoing connections are
- changed to seem to come from a particular interface's address, and
- if the interface goes down, those connections are lost. This is
- only useful for dialup accounts with dynamic IP address (ie. your IP
- address will be different on next dialup).
- config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REJECT
- tristate 'REJECT target support'
- depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
- help
- The REJECT target allows a filtering rule to specify that an ICMP
- error should be issued in response to an incoming packet, rather
- than silently being dropped.
- config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ULOG
- tristate 'ULOG target support (ipv4 only)'
- depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
- help
- This option enables the old IPv4-only "ipt_ULOG" implementation
- which has been obsoleted by the new "nfnetlink_log" code (see
- CONFIG_NETFILTER_NETLINK_LOG).
- This option adds a `ULOG' target, which allows you to create rules in
- any iptables table. The packet is passed to a userspace logging
- daemon using netlink multicast sockets; unlike the LOG target
- which can only be viewed through syslog.
- The appropriate userspace logging daemon (ulogd) may be obtained from
- <http://www.gnumonks.org/projects/ulogd/>
- config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT
- tristate 'REDIRECT target support'
- depends on ADK_KPACKAGE_KMOD_FULL_NAT
- help
- REDIRECT is a special case of NAT: all incoming connections are
- mapped onto the incoming interface's address, causing the packets to
- come to the local machine instead of passing through. This is
- useful for transparent proxies.
- config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP
- tristate 'NETMAP target support'
- depends on ADK_KPACKAGE_KMOD_FULL_NAT
- help
- NETMAP is an implementation of static 1:1 NAT mapping of network
- addresses. It maps the network address part, while keeping the host
- address part intact. It is similar to Fast NAT, except that
- Netfilter's connection tracking doesn't work well with Fast NAT.
- config ADK_KPACKAGE_KMOD_IP_NF_MANGLE
- tristate 'Packet mangling'
- depends on ADK_KPACKAGE_KMOD_FULL_NAT
- help
- This option adds a `mangle' table to iptables: see the man page for
- iptables(8). This table is used for various packet alterations
- which can effect how the packet is routed.
- config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ECN
- tristate 'ECN target support'
- depends on ADK_KPACKAGE_KMOD_IP_NF_MANGLE
- help
- This option adds a `ECN' target, which can be used in the iptables mangle
- table.
- You can use this target to remove the ECN bits from the IPv4 header of
- an IP packet. This is particularly useful, if you need to work around
- existing ECN blackholes on the internet, but don't want to disable
- ECN support in general.
|