| Yasuyuki Kozakai | 9fb9cbb | 2005-11-09 16:38:16 -0800 | [diff] [blame] | 1 | menu "Core Netfilter Configuration" |
| 2 | depends on NET && NETFILTER |
| 3 | |
| Harald Welte | f9e815b | 2005-08-09 19:30:24 -0700 | [diff] [blame] | 4 | config NETFILTER_NETLINK |
| 5 | tristate "Netfilter netlink interface" |
| 6 | help |
| 7 | If this option is enabled, the kernel will include support |
| 8 | for the new netfilter netlink interface. |
| Harald Welte | 7af4cc3 | 2005-08-09 19:44:15 -0700 | [diff] [blame] | 9 | |
| 10 | config NETFILTER_NETLINK_QUEUE |
| 11 | tristate "Netfilter NFQUEUE over NFNETLINK interface" |
| 12 | depends on NETFILTER_NETLINK |
| 13 | help |
| 14 | If this option isenabled, the kernel will include support |
| 15 | for queueing packets via NFNETLINK. |
| 16 | |
| Harald Welte | 0597f26 | 2005-08-09 19:58:39 -0700 | [diff] [blame] | 17 | config NETFILTER_NETLINK_LOG |
| 18 | tristate "Netfilter LOG over NFNETLINK interface" |
| 19 | depends on NETFILTER_NETLINK |
| 20 | help |
| 21 | If this option is enabled, the kernel will include support |
| 22 | for logging packets via NFNETLINK. |
| 23 | |
| 24 | This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms, |
| 25 | and is also scheduled to replace the old syslog-based ipt_LOG |
| 26 | and ip6t_LOG modules. |
| 27 | |
| Yasuyuki Kozakai | 9fb9cbb | 2005-11-09 16:38:16 -0800 | [diff] [blame] | 28 | config NF_CONNTRACK |
| 29 | tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)" |
| 30 | depends on EXPERIMENTAL && IP_NF_CONNTRACK=n |
| 31 | default n |
| 32 | ---help--- |
| 33 | Connection tracking keeps a record of what packets have passed |
| 34 | through your machine, in order to figure out how they are related |
| 35 | into connections. |
| 36 | |
| 37 | Layer 3 independent connection tracking is experimental scheme |
| 38 | which generalize ip_conntrack to support other layer 3 protocols. |
| 39 | |
| 40 | To compile it as a module, choose M here. If unsure, say N. |
| 41 | |
| 42 | config NF_CT_ACCT |
| 43 | bool "Connection tracking flow accounting" |
| 44 | depends on NF_CONNTRACK |
| 45 | help |
| 46 | If this option is enabled, the connection tracking code will |
| 47 | keep per-flow packet and byte counters. |
| 48 | |
| 49 | Those counters can be used for flow-based accounting or the |
| 50 | `connbytes' match. |
| 51 | |
| 52 | If unsure, say `N'. |
| 53 | |
| 54 | config NF_CONNTRACK_MARK |
| 55 | bool 'Connection mark tracking support' |
| 56 | depends on NF_CONNTRACK |
| 57 | help |
| 58 | This option enables support for connection marks, used by the |
| 59 | `CONNMARK' target and `connmark' match. Similar to the mark value |
| 60 | of packets, but this mark value is kept in the conntrack session |
| 61 | instead of the individual packets. |
| 62 | |
| 63 | config NF_CONNTRACK_EVENTS |
| Patrick McHardy | a795756 | 2005-12-05 13:36:25 -0800 | [diff] [blame] | 64 | bool "Connection tracking events (EXPERIMENTAL)" |
| 65 | depends on EXPERIMENTAL && NF_CONNTRACK |
| Yasuyuki Kozakai | 9fb9cbb | 2005-11-09 16:38:16 -0800 | [diff] [blame] | 66 | help |
| 67 | If this option is enabled, the connection tracking code will |
| 68 | provide a notifier chain that can be used by other kernel code |
| 69 | to get notified aboutchanges in the connection tracking state. |
| 70 | |
| 71 | If unsure, say `N'. |
| 72 | |
| 73 | config NF_CT_PROTO_SCTP |
| 74 | tristate 'SCTP protocol on new connection tracking support (EXPERIMENTAL)' |
| 75 | depends on EXPERIMENTAL && NF_CONNTRACK |
| 76 | default n |
| 77 | help |
| 78 | With this option enabled, the layer 3 independent connection |
| 79 | tracking code will be able to do state tracking on SCTP connections. |
| 80 | |
| 81 | If you want to compile it as a module, say M here and read |
| 82 | Documentation/modules.txt. If unsure, say `N'. |
| 83 | |
| 84 | config NF_CONNTRACK_FTP |
| 85 | tristate "FTP support on new connection tracking (EXPERIMENTAL)" |
| 86 | depends on EXPERIMENTAL && NF_CONNTRACK |
| 87 | help |
| 88 | Tracking FTP connections is problematic: special helpers are |
| 89 | required for tracking them, and doing masquerading and other forms |
| 90 | of Network Address Translation on them. |
| 91 | |
| 92 | This is FTP support on Layer 3 independent connection tracking. |
| 93 | Layer 3 independent connection tracking is experimental scheme |
| 94 | which generalize ip_conntrack to support other layer 3 protocols. |
| 95 | |
| 96 | To compile it as a module, choose M here. If unsure, say N. |
| 97 | |
| Pablo Neira Ayuso | c1d10ad | 2006-01-05 12:19:05 -0800 | [diff] [blame^] | 98 | config NF_CT_NETLINK |
| 99 | tristate 'Connection tracking netlink interface (EXPERIMENTAL)' |
| 100 | depends on EXPERIMENTAL && NF_CONNTRACK && NETFILTER_NETLINK |
| 101 | depends on NF_CONNTRACK!=y || NETFILTER_NETLINK!=m |
| 102 | help |
| 103 | This option enables support for a netlink-based userspace interface |
| 104 | |
| Yasuyuki Kozakai | 9fb9cbb | 2005-11-09 16:38:16 -0800 | [diff] [blame] | 105 | endmenu |