net/ipv6/netfilter/Kconfig

#
# IP netfilter configuration
#

menu "IPv6: Netfilter Configuration (EXPERIMENTAL)"
	depends on INET && IPV6 && NETFILTER && EXPERIMENTAL

config NF_CONNTRACK_IPV6
	tristate "IPv6 connection tracking support (EXPERIMENTAL)"
	depends on INET && IPV6 && EXPERIMENTAL && NF_CONNTRACK
	---help---
	  Connection tracking keeps a record of what packets have passed
	  through your machine, in order to figure out how they are related
	  into connections.

	  This is IPv6 support on Layer 3 independent connection tracking.
	  Layer 3 independent connection tracking is experimental scheme
	  which generalize ip_conntrack to support other layer 3 protocols.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_QUEUE
	tristate "IP6 Userspace queueing via NETLINK (OBSOLETE)"
	depends on INET && IPV6 && NETFILTER && EXPERIMENTAL
	---help---

	  This option adds a queue handler to the kernel for IPv6
	  packets which enables users to receive the filtered packets
	  with QUEUE target using libipq.

	  THis option enables the old IPv6-only "ip6_queue" implementation
	  which has been obsoleted by the new "nfnetlink_queue" code (see
	  CONFIG_NETFILTER_NETLINK_QUEUE).

	  (C) Fernando Anton 2001
	  IPv64 Project - Work based in IPv64 draft by Arturo Azcorra.
	  Universidad Carlos III de Madrid
	  Universidad Politecnica de Alcala de Henares
	  email: <fanton@it.uc3m.es>.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_IPTABLES
	tristate "IP6 tables support (required for filtering)"
	depends on INET && IPV6 && EXPERIMENTAL && NETFILTER_XTABLES
	help
	  ip6tables is a general, extensible packet identification framework.
	  Currently only the packet filtering and packet mangling subsystem
	  for IPv6 use this, but connection tracking is going to follow.
	  Say 'Y' or 'M' here if you want to use either of those.

	  To compile it as a module, choose M here.  If unsure, say N.

# The simple matches.
config IP6_NF_MATCH_RT
	tristate "Routing header match support"
	depends on IP6_NF_IPTABLES
	help
	  rt matching allows you to match packets based on the routing
	  header of the packet.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MATCH_OPTS
	tristate "Hop-by-hop and Dst opts header match support"
	depends on IP6_NF_IPTABLES
	help
	  This allows one to match packets based on the hop-by-hop
	  and destination options headers of a packet.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MATCH_FRAG
	tristate "Fragmentation header match support"
	depends on IP6_NF_IPTABLES
	help
	  frag matching allows you to match packets based on the fragmentation
	  header of the packet.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MATCH_HL
	tristate "HL match support"
	depends on IP6_NF_IPTABLES
	help
	  HL matching allows you to match packets based on the hop
	  limit of the packet.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MATCH_OWNER
	tristate "Owner match support"
	depends on IP6_NF_IPTABLES
	help
	  Packet owner matching allows you to match locally-generated packets
	  based on who created them: the user, group, process or session.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MATCH_IPV6HEADER
	tristate "IPv6 Extension Headers Match"
	depends on IP6_NF_IPTABLES
	help
	  This module allows one to match packets based upon
	  the ipv6 extension headers.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MATCH_AH
	tristate "AH match support"
	depends on IP6_NF_IPTABLES
	help
	  This module allows one to match AH packets.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MATCH_MH
	tristate "MH match support"
	depends on IP6_NF_IPTABLES
	help
	  This module allows one to match MH packets.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MATCH_EUI64
	tristate "EUI64 address check"
	depends on IP6_NF_IPTABLES
	help
	  This module performs checking on the IPv6 source address
	  Compares the last 64 bits with the EUI64 (delivered
	  from the MAC address) address

	  To compile it as a module, choose M here.  If unsure, say N.

# The targets
config IP6_NF_FILTER
	tristate "Packet filtering"
	depends on IP6_NF_IPTABLES
	help
	  Packet filtering defines a table `filter', which has a series of
	  rules for simple packet filtering at local input, forwarding and
	  local output.  See the man page for iptables(8).

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_TARGET_LOG
	tristate "LOG target support"
	depends on IP6_NF_FILTER
	help
	  This option adds a `LOG' target, which allows you to create rules in
	  any iptables table which records the packet header to the syslog.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_TARGET_REJECT
	tristate "REJECT target support"
	depends on IP6_NF_FILTER
	help
	  The REJECT target allows a filtering rule to specify that an ICMPv6
	  error should be issued in response to an incoming packet, rather
	  than silently being dropped.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_MANGLE
	tristate "Packet mangling"
	depends on IP6_NF_IPTABLES
	help
	  This option adds a `mangle' table to iptables: see the man page for
	  iptables(8).  This table is used for various packet alterations
	  which can effect how the packet is routed.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_TARGET_HL
	tristate  'HL (hoplimit) target support'
	depends on IP6_NF_MANGLE
	help
	  This option adds a `HL' target, which enables the user to decrement
	  the hoplimit value of the IPv6 header or set it to a given (lower)
	  value.
	
	  While it is safe to decrement the hoplimit value, this option also
	  enables functionality to increment and set the hoplimit value of the
	  IPv6 header to arbitrary values.  This is EXTREMELY DANGEROUS since
	  you can easily create immortal packets that loop forever on the
	  network.  

	  To compile it as a module, choose M here.  If unsure, say N.

config IP6_NF_RAW
	tristate  'raw table support (required for TRACE)'
	depends on IP6_NF_IPTABLES
	help
	  This option adds a `raw' table to ip6tables. This table is the very
	  first in the netfilter framework and hooks in at the PREROUTING
	  and OUTPUT chains.
	
	  If you want to compile it as a module, say M here and read
	  <file:Documentation/modules.txt>.  If unsure, say `N'.

endmenu