Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 043ef46c7690bfdbd5b012e15812a14a19ca5604 / . / net / bridge / netfilter / Kconfig
blob: e7c197ffb2f44886188fb8251d83955423311c24 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1#
2# Bridge netfilter configuration
3#
4
5menu "Bridge: Netfilter Configuration"
Patrick McHardy33b8e772007-12-17 22:47:05 -0800[diff] [blame]6 depends on BRIDGE && BRIDGE_NETFILTER
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]7
8config BRIDGE_NF_EBTABLES
9 tristate "Ethernet Bridge tables (ebtables) support"
Jan Engelhardt043ef462008-10-08 11:35:15 +0200[diff] [blame^]10 select NETFILTER_XTABLES
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]11 help
12 ebtables is a general, extensible frame/packet identification
13 framework. Say 'Y' or 'M' here if you want to do Ethernet
14 filtering/NAT/brouting on the Ethernet bridge.
15#
16# tables
17#
18config BRIDGE_EBT_BROUTE
19 tristate "ebt: broute table support"
20 depends on BRIDGE_NF_EBTABLES
21 help
22 The ebtables broute table is used to define rules that decide between
23 bridging and routing frames, giving Linux the functionality of a
24 brouter. See the man page for ebtables(8) and examples on the ebtables
25 website.
26
27 To compile it as a module, choose M here. If unsure, say N.
28
29config BRIDGE_EBT_T_FILTER
30 tristate "ebt: filter table support"
31 depends on BRIDGE_NF_EBTABLES
32 help
33 The ebtables filter table is used to define frame filtering rules at
34 local input, forwarding and local output. See the man page for
35 ebtables(8).
36
37 To compile it as a module, choose M here. If unsure, say N.
38
39config BRIDGE_EBT_T_NAT
40 tristate "ebt: nat table support"
41 depends on BRIDGE_NF_EBTABLES
42 help
43 The ebtables nat table is used to define rules that alter the MAC
44 source address (MAC SNAT) or the MAC destination address (MAC DNAT).
45 See the man page for ebtables(8).
46
47 To compile it as a module, choose M here. If unsure, say N.
48#
49# matches
50#
51config BRIDGE_EBT_802_3
52 tristate "ebt: 802.3 filter support"
53 depends on BRIDGE_NF_EBTABLES
54 help
55 This option adds matching support for 802.3 Ethernet frames.
56
57 To compile it as a module, choose M here. If unsure, say N.
58
59config BRIDGE_EBT_AMONG
60 tristate "ebt: among filter support"
61 depends on BRIDGE_NF_EBTABLES
62 help
63 This option adds the among match, which allows matching the MAC source
64 and/or destination address on a list of addresses. Optionally,
65 MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
66
67 To compile it as a module, choose M here. If unsure, say N.
68
69config BRIDGE_EBT_ARP
70 tristate "ebt: ARP filter support"
71 depends on BRIDGE_NF_EBTABLES
72 help
73 This option adds the ARP match, which allows ARP and RARP header field
74 filtering.
75
76 To compile it as a module, choose M here. If unsure, say N.
77
78config BRIDGE_EBT_IP
79 tristate "ebt: IP filter support"
80 depends on BRIDGE_NF_EBTABLES
81 help
82 This option adds the IP match, which allows basic IP header field
83 filtering.
84
85 To compile it as a module, choose M here. If unsure, say N.
86
Kuo-lang Tseng93f65152008-06-09 15:55:45 -0700[diff] [blame]87config BRIDGE_EBT_IP6
88 tristate "ebt: IP6 filter support"
Randy Dunlapf5862872008-06-17 16:16:13 -0700[diff] [blame]89 depends on BRIDGE_NF_EBTABLES && IPV6
Kuo-lang Tseng93f65152008-06-09 15:55:45 -0700[diff] [blame]90 help
91 This option adds the IP6 match, which allows basic IPV6 header field
92 filtering.
93
94 To compile it as a module, choose M here. If unsure, say N.
95
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]96config BRIDGE_EBT_LIMIT
97 tristate "ebt: limit match support"
98 depends on BRIDGE_NF_EBTABLES
99 help
100 This option adds the limit match, which allows you to control
101 the rate at which a rule can be matched. This match is the
102 equivalent of the iptables limit match.
103
104 If you want to compile it as a module, say M here and read
105 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
106
107config BRIDGE_EBT_MARK
108 tristate "ebt: mark filter support"
109 depends on BRIDGE_NF_EBTABLES
110 help
111 This option adds the mark match, which allows matching frames based on
112 the 'nfmark' value in the frame. This can be set by the mark target.
113 This value is the same as the one used in the iptables mark match and
114 target.
115
116 To compile it as a module, choose M here. If unsure, say N.
117
118config BRIDGE_EBT_PKTTYPE
119 tristate "ebt: packet type filter support"
120 depends on BRIDGE_NF_EBTABLES
121 help
122 This option adds the packet type match, which allows matching on the
123 type of packet based on its Ethernet "class" (as determined by
124 the generic networking code): broadcast, multicast,
125 for this host alone or for another host.
126
127 To compile it as a module, choose M here. If unsure, say N.
128
129config BRIDGE_EBT_STP
130 tristate "ebt: STP filter support"
131 depends on BRIDGE_NF_EBTABLES
132 help
133 This option adds the Spanning Tree Protocol match, which
134 allows STP header field filtering.
135
136 To compile it as a module, choose M here. If unsure, say N.
137
138config BRIDGE_EBT_VLAN
139 tristate "ebt: 802.1Q VLAN filter support"
140 depends on BRIDGE_NF_EBTABLES
141 help
142 This option adds the 802.1Q vlan match, which allows the filtering of
143 802.1Q vlan fields.
144
145 To compile it as a module, choose M here. If unsure, say N.
146#
147# targets
148#
149config BRIDGE_EBT_ARPREPLY
150 tristate "ebt: arp reply target support"
Adrian Bunkeb3f8f52005-07-19 14:00:13 -0700[diff] [blame]151 depends on BRIDGE_NF_EBTABLES && INET
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]152 help
153 This option adds the arp reply target, which allows
154 automatically sending arp replies to arp requests.
155
156 To compile it as a module, choose M here. If unsure, say N.
157
158config BRIDGE_EBT_DNAT
159 tristate "ebt: dnat target support"
160 depends on BRIDGE_NF_EBTABLES
161 help
162 This option adds the MAC DNAT target, which allows altering the MAC
163 destination address of frames.
164
165 To compile it as a module, choose M here. If unsure, say N.
166
167config BRIDGE_EBT_MARK_T
168 tristate "ebt: mark target support"
169 depends on BRIDGE_NF_EBTABLES
170 help
171 This option adds the mark target, which allows marking frames by
172 setting the 'nfmark' value in the frame.
173 This value is the same as the one used in the iptables mark match and
174 target.
175
176 To compile it as a module, choose M here. If unsure, say N.
177
178config BRIDGE_EBT_REDIRECT
179 tristate "ebt: redirect target support"
180 depends on BRIDGE_NF_EBTABLES
181 help
182 This option adds the MAC redirect target, which allows altering the MAC
183 destination address of a frame to that of the device it arrived on.
184
185 To compile it as a module, choose M here. If unsure, say N.
186
187config BRIDGE_EBT_SNAT
188 tristate "ebt: snat target support"
189 depends on BRIDGE_NF_EBTABLES
190 help
191 This option adds the MAC SNAT target, which allows altering the MAC
192 source address of frames.
193
194 To compile it as a module, choose M here. If unsure, say N.
195#
196# watchers
197#
198config BRIDGE_EBT_LOG
199 tristate "ebt: log support"
200 depends on BRIDGE_NF_EBTABLES
201 help
202 This option adds the log watcher, that you can use in any rule
203 in any ebtables table. It records info about the frame header
204 to the syslog.
205
206 To compile it as a module, choose M here. If unsure, say N.
207
208config BRIDGE_EBT_ULOG
Bart De Schuymerd5228a42005-12-13 23:14:08 -0800[diff] [blame]209 tristate "ebt: ulog support (OBSOLETE)"
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]210 depends on BRIDGE_NF_EBTABLES
211 help
Bart De Schuymerd5228a42005-12-13 23:14:08 -0800[diff] [blame]212 This option enables the old bridge-specific "ebt_ulog" implementation
213 which has been obsoleted by the new "nfnetlink_log" code (see
214 CONFIG_NETFILTER_NETLINK_LOG).
215
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]216 This option adds the ulog watcher, that you can use in any rule
217 in any ebtables table. The packet is passed to a userspace
218 logging daemon using netlink multicast sockets. This differs
219 from the log watcher in the sense that the complete packet is
220 sent to userspace instead of a descriptive text and that
221 netlink multicast sockets are used instead of the syslog.
222
223 To compile it as a module, choose M here. If unsure, say N.
224
Peter Warasine7bfd0a2008-04-14 11:15:54 +0200[diff] [blame]225config BRIDGE_EBT_NFLOG
226 tristate "ebt: nflog support"
227 depends on BRIDGE_NF_EBTABLES
228 help
229 This option enables the nflog watcher, which allows to LOG
230 messages through the netfilter logging API, which can use
231 either the old LOG target, the old ULOG target or nfnetlink_log
232 as backend.
233
Patrick McHardy58de7862008-07-08 02:37:07 -0700[diff] [blame]234 This option adds the nflog watcher, that you can use in any rule
Peter Warasine7bfd0a2008-04-14 11:15:54 +0200[diff] [blame]235 in any ebtables table.
236
237 To compile it as a module, choose M here. If unsure, say N.
238
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]239endmenu