Config.in.netfilter.ip4 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. config ADK_KPACKAGE_KMOD_NF_CONNTRACK_IPV4
  2. bool 'IPv4 connection tracking support (required for NAT)'
  3. select ADK_KPACKAGE_KMOD_NF_CONNTRACK
  4. help
  5. Connection tracking keeps a record of what packets have passed
  6. through your machine, in order to figure out how they are related
  7. into connections.
  8. config ADK_KPACKAGE_KMOD_IP_NF_CT_ACCT
  9. bool 'Connection tracking flow accounting'
  10. depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
  11. help
  12. If this option is enabled, the connection tracking code will
  13. keep per-flow packet and byte counters.
  14. Those counters can be used for flow-based accounting or the
  15. `connbytes' match.
  16. config ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
  17. tristate 'IP tables support (required for filtering/masq/NAT)'
  18. select ADK_KERNEL_NETFILTER_XTABLES
  19. help
  20. iptables is a general, extensible packet identification framework.
  21. The packet filtering and full NAT (masquerading, port forwarding,
  22. etc) subsystems now use this: say `Y' or `M' here if you want to use
  23. either of those.
  24. config ADK_KPACKAGE_KMOD_IP_NF_FILTER
  25. tristate 'Packet Filtering'
  26. depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
  27. help
  28. Packet filtering defines a table `filter', which has a series of
  29. rules for simple packet filtering at local input, forwarding and
  30. local output. See the man page for iptables(8).
  31. config ADK_KPACKAGE_KMOD_FULL_NAT
  32. tristate "Meta package for Full NAT"
  33. select ADK_KPACKAGE_KMOD_NF_NAT if ADK_KERNEL_VERSION_3_4_82
  34. select ADK_KPACKAGE_KMOD_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_10_30
  35. select ADK_KPACKAGE_KMOD_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_11_10
  36. select ADK_KPACKAGE_KMOD_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_12_13
  37. select ADK_KPACKAGE_KMOD_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_13_6
  38. config ADK_KPACKAGE_KMOD_NF_NAT
  39. tristate 'Full NAT'
  40. depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
  41. depends on ADK_KERNEL_VERSION_3_4_82
  42. help
  43. The Full NAT option allows masquerading, port forwarding and other
  44. forms of full Network Address Port Translation. It is controlled by
  45. the `nat' table in iptables: see the man page for iptables(8).
  46. config ADK_KPACKAGE_KMOD_NF_NAT_IPV4
  47. tristate 'Full NAT'
  48. depends on ADK_KPACKAGE_KMOD_IP_NF_IPTABLES
  49. depends on ADK_KERNEL_VERSION_3_10_30 \
  50. || ADK_KERNEL_VERSION_3_11_10 \
  51. || ADK_KERNEL_VERSION_3_12_13 \
  52. || ADK_KERNEL_VERSION_3_13_6
  53. help
  54. The Full NAT option allows masquerading, port forwarding and other
  55. forms of full Network Address Port Translation. It is controlled by
  56. the `nat' table in iptables: see the man page for iptables(8).
  57. config ADK_KPACKAGE_KMOD_IP_NF_TARGET_MASQUERADE
  58. tristate 'MASQUERADE target support'
  59. depends on ADK_KPACKAGE_KMOD_FULL_NAT
  60. help
  61. Masquerading is a special case of NAT: all outgoing connections are
  62. changed to seem to come from a particular interface's address, and
  63. if the interface goes down, those connections are lost. This is
  64. only useful for dialup accounts with dynamic IP address (ie. your IP
  65. address will be different on next dialup).
  66. config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REJECT
  67. tristate 'REJECT target support'
  68. depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
  69. help
  70. The REJECT target allows a filtering rule to specify that an ICMP
  71. error should be issued in response to an incoming packet, rather
  72. than silently being dropped.
  73. config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ULOG
  74. tristate 'ULOG target support (ipv4 only)'
  75. depends on ADK_KPACKAGE_KMOD_IP_NF_FILTER
  76. help
  77. This option enables the old IPv4-only "ipt_ULOG" implementation
  78. which has been obsoleted by the new "nfnetlink_log" code (see
  79. CONFIG_NETFILTER_NETLINK_LOG).
  80. This option adds a `ULOG' target, which allows you to create rules in
  81. any iptables table. The packet is passed to a userspace logging
  82. daemon using netlink multicast sockets; unlike the LOG target
  83. which can only be viewed through syslog.
  84. The appropriate userspace logging daemon (ulogd) may be obtained from
  85. <http://www.gnumonks.org/projects/ulogd/>
  86. config ADK_KPACKAGE_KMOD_IP_NF_TARGET_REDIRECT
  87. tristate 'REDIRECT target support'
  88. depends on ADK_KPACKAGE_KMOD_FULL_NAT
  89. help
  90. REDIRECT is a special case of NAT: all incoming connections are
  91. mapped onto the incoming interface's address, causing the packets to
  92. come to the local machine instead of passing through. This is
  93. useful for transparent proxies.
  94. config ADK_KPACKAGE_KMOD_IP_NF_TARGET_NETMAP
  95. tristate 'NETMAP target support'
  96. depends on ADK_KPACKAGE_KMOD_FULL_NAT
  97. help
  98. NETMAP is an implementation of static 1:1 NAT mapping of network
  99. addresses. It maps the network address part, while keeping the host
  100. address part intact. It is similar to Fast NAT, except that
  101. Netfilter's connection tracking doesn't work well with Fast NAT.
  102. config ADK_KPACKAGE_KMOD_IP_NF_MANGLE
  103. tristate 'Packet mangling'
  104. depends on ADK_KPACKAGE_KMOD_FULL_NAT
  105. help
  106. This option adds a `mangle' table to iptables: see the man page for
  107. iptables(8). This table is used for various packet alterations
  108. which can effect how the packet is routed.
  109. config ADK_KPACKAGE_KMOD_IP_NF_TARGET_ECN
  110. tristate 'ECN target support'
  111. depends on ADK_KPACKAGE_KMOD_IP_NF_MANGLE
  112. help
  113. This option adds a `ECN' target, which can be used in the iptables mangle
  114. table.
  115. You can use this target to remove the ECN bits from the IPv4 header of
  116. an IP packet. This is particularly useful, if you need to work around
  117. existing ECN blackholes on the internet, but don't want to disable
  118. ECN support in general.