123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 |
- diff -Nur linux-3.7.3.orig/net/Kconfig linux-3.7.3/net/Kconfig
- --- linux-3.7.3.orig/net/Kconfig 2013-01-17 17:47:40.000000000 +0100
- +++ linux-3.7.3/net/Kconfig 2013-01-19 18:19:55.000000000 +0100
- @@ -163,7 +163,7 @@
- config NETFILTER_ADVANCED
- bool "Advanced netfilter configuration"
- depends on NETFILTER
- - default y
- + default n
- help
- If you say Y here you can select between all the netfilter modules.
- If you say N the more unusual ones will not be shown and the
- @@ -175,7 +175,7 @@
- bool "Bridged IP/ARP packets filtering"
- depends on BRIDGE && NETFILTER && INET
- depends on NETFILTER_ADVANCED
- - default y
- + default n
- ---help---
- Enabling this option will let arptables resp. iptables see bridged
- ARP resp. IP traffic. If you want a bridging firewall, you probably
- diff -Nur linux-3.7.3.orig/net/netfilter/Kconfig linux-3.7.3/net/netfilter/Kconfig
- --- linux-3.7.3.orig/net/netfilter/Kconfig 2013-01-17 17:47:40.000000000 +0100
- +++ linux-3.7.3/net/netfilter/Kconfig 2013-01-19 18:21:41.000000000 +0100
- @@ -22,7 +22,6 @@
-
- config NETFILTER_NETLINK_LOG
- tristate "Netfilter LOG over NFNETLINK interface"
- - default m if NETFILTER_ADVANCED=n
- select NETFILTER_NETLINK
- help
- If this option is enabled, the kernel will include support
- @@ -34,7 +33,6 @@
-
- config NF_CONNTRACK
- tristate "Netfilter connection tracking support"
- - default m if NETFILTER_ADVANCED=n
- help
- Connection tracking keeps a record of what packets have passed
- through your machine, in order to figure out how they are related
- @@ -60,7 +58,6 @@
- config NF_CONNTRACK_SECMARK
- bool 'Connection tracking security mark support'
- depends on NETWORK_SECMARK
- - default m if NETFILTER_ADVANCED=n
- help
- This option enables security markings to be applied to
- connections. Typically they are copied to connections from
- @@ -177,7 +174,6 @@
-
- config NF_CONNTRACK_FTP
- tristate "FTP protocol support"
- - default m if NETFILTER_ADVANCED=n
- help
- Tracking FTP connections is problematic: special helpers are
- required for tracking them, and doing masquerading and other forms
- @@ -211,7 +207,6 @@
-
- config NF_CONNTRACK_IRC
- tristate "IRC protocol support"
- - default m if NETFILTER_ADVANCED=n
- help
- There is a commonly-used extension to IRC called
- Direct Client-to-Client Protocol (DCC). This enables users to send
- @@ -296,7 +291,6 @@
-
- config NF_CONNTRACK_SIP
- tristate "SIP protocol support"
- - default m if NETFILTER_ADVANCED=n
- help
- SIP is an application-layer control protocol that can establish,
- modify, and terminate multimedia sessions (conferences) such as
- @@ -320,7 +314,6 @@
- config NF_CT_NETLINK
- tristate 'Connection tracking netlink interface'
- select NETFILTER_NETLINK
- - default m if NETFILTER_ADVANCED=n
- help
- This option enables support for a netlink-based userspace interface
-
- @@ -424,7 +417,6 @@
-
- config NETFILTER_XTABLES
- tristate "Netfilter Xtables support (required for ip_tables)"
- - default m if NETFILTER_ADVANCED=n
- help
- This is required if you intend to use any of ip_tables,
- ip6_tables or arp_tables.
- @@ -435,7 +427,6 @@
-
- config NETFILTER_XT_MARK
- tristate 'nfmark target and match support'
- - default m if NETFILTER_ADVANCED=n
- ---help---
- This option adds the "MARK" target and "mark" match.
-
- @@ -527,7 +518,6 @@
- config NETFILTER_XT_TARGET_CONNSECMARK
- tristate '"CONNSECMARK" target support'
- depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK
- - default m if NETFILTER_ADVANCED=n
- help
- The CONNSECMARK target copies security markings from packets
- to connections, and restores security markings from connections
- @@ -632,7 +622,6 @@
-
- config NETFILTER_XT_TARGET_LOG
- tristate "LOG target support"
- - default m if NETFILTER_ADVANCED=n
- help
- This option adds a `LOG' target, which allows you to create rules in
- any iptables table which records the packet header to the syslog.
- @@ -660,7 +649,6 @@
-
- config NETFILTER_XT_TARGET_NFLOG
- tristate '"NFLOG" target support'
- - default m if NETFILTER_ADVANCED=n
- select NETFILTER_NETLINK_LOG
- help
- This option enables the NFLOG target, which allows to LOG
- @@ -741,7 +729,6 @@
- config NETFILTER_XT_TARGET_SECMARK
- tristate '"SECMARK" target support'
- depends on NETWORK_SECMARK
- - default m if NETFILTER_ADVANCED=n
- help
- The SECMARK target allows security marking of network
- packets, for use with security subsystems.
- @@ -751,7 +738,6 @@
- config NETFILTER_XT_TARGET_TCPMSS
- tristate '"TCPMSS" target support'
- depends on (IPV6 || IPV6=n)
- - default m if NETFILTER_ADVANCED=n
- ---help---
- This option adds a `TCPMSS' target, which allows you to alter the
- MSS value of TCP SYN packets, to control the maximum size for that
- @@ -856,7 +842,6 @@
- config NETFILTER_XT_MATCH_CONNTRACK
- tristate '"conntrack" connection tracking match support'
- depends on NF_CONNTRACK
- - default m if NETFILTER_ADVANCED=n
- help
- This is a general conntrack match module, a superset of the state match.
-
- @@ -1063,7 +1048,6 @@
- config NETFILTER_XT_MATCH_POLICY
- tristate 'IPsec "policy" match support'
- depends on XFRM
- - default m if NETFILTER_ADVANCED=n
- help
- Policy matching allows you to match packets based on the
- IPsec policy that was used during decapsulation/will
- @@ -1170,7 +1154,6 @@
- config NETFILTER_XT_MATCH_STATE
- tristate '"state" match support'
- depends on NF_CONNTRACK
- - default m if NETFILTER_ADVANCED=n
- help
- Connection state matching allows you to match packets based on their
- relationship to a tracked connection (ie. previous packets). This
|