]>
Commit | Line | Data |
---|---|---|
9fb9cbb1 YK |
1 | menu "Core Netfilter Configuration" |
2 | depends on NET && NETFILTER | |
3 | ||
f9e815b3 HW |
4 | config NETFILTER_NETLINK |
5 | tristate "Netfilter netlink interface" | |
6 | help | |
7 | If this option is enabled, the kernel will include support | |
8 | for the new netfilter netlink interface. | |
7af4cc3f HW |
9 | |
10 | config NETFILTER_NETLINK_QUEUE | |
11 | tristate "Netfilter NFQUEUE over NFNETLINK interface" | |
12 | depends on NETFILTER_NETLINK | |
13 | help | |
14 | If this option isenabled, the kernel will include support | |
15 | for queueing packets via NFNETLINK. | |
16 | ||
0597f268 HW |
17 | config NETFILTER_NETLINK_LOG |
18 | tristate "Netfilter LOG over NFNETLINK interface" | |
19 | depends on NETFILTER_NETLINK | |
20 | help | |
21 | If this option is enabled, the kernel will include support | |
22 | for logging packets via NFNETLINK. | |
23 | ||
24 | This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms, | |
25 | and is also scheduled to replace the old syslog-based ipt_LOG | |
26 | and ip6t_LOG modules. | |
27 | ||
9fb9cbb1 YK |
28 | config NF_CONNTRACK |
29 | tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)" | |
30 | depends on EXPERIMENTAL && IP_NF_CONNTRACK=n | |
31 | default n | |
32 | ---help--- | |
33 | Connection tracking keeps a record of what packets have passed | |
34 | through your machine, in order to figure out how they are related | |
35 | into connections. | |
36 | ||
37 | Layer 3 independent connection tracking is experimental scheme | |
38 | which generalize ip_conntrack to support other layer 3 protocols. | |
39 | ||
40 | To compile it as a module, choose M here. If unsure, say N. | |
41 | ||
42 | config NF_CT_ACCT | |
43 | bool "Connection tracking flow accounting" | |
44 | depends on NF_CONNTRACK | |
45 | help | |
46 | If this option is enabled, the connection tracking code will | |
47 | keep per-flow packet and byte counters. | |
48 | ||
49 | Those counters can be used for flow-based accounting or the | |
50 | `connbytes' match. | |
51 | ||
52 | If unsure, say `N'. | |
53 | ||
54 | config NF_CONNTRACK_MARK | |
55 | bool 'Connection mark tracking support' | |
56 | depends on NF_CONNTRACK | |
57 | help | |
58 | This option enables support for connection marks, used by the | |
59 | `CONNMARK' target and `connmark' match. Similar to the mark value | |
60 | of packets, but this mark value is kept in the conntrack session | |
61 | instead of the individual packets. | |
62 | ||
63 | config NF_CONNTRACK_EVENTS | |
64 | bool "Connection tracking events" | |
65 | depends on NF_CONNTRACK | |
66 | help | |
67 | If this option is enabled, the connection tracking code will | |
68 | provide a notifier chain that can be used by other kernel code | |
69 | to get notified aboutchanges in the connection tracking state. | |
70 | ||
71 | If unsure, say `N'. | |
72 | ||
73 | config NF_CT_PROTO_SCTP | |
74 | tristate 'SCTP protocol on new connection tracking support (EXPERIMENTAL)' | |
75 | depends on EXPERIMENTAL && NF_CONNTRACK | |
76 | default n | |
77 | help | |
78 | With this option enabled, the layer 3 independent connection | |
79 | tracking code will be able to do state tracking on SCTP connections. | |
80 | ||
81 | If you want to compile it as a module, say M here and read | |
82 | Documentation/modules.txt. If unsure, say `N'. | |
83 | ||
84 | config NF_CONNTRACK_FTP | |
85 | tristate "FTP support on new connection tracking (EXPERIMENTAL)" | |
86 | depends on EXPERIMENTAL && NF_CONNTRACK | |
87 | help | |
88 | Tracking FTP connections is problematic: special helpers are | |
89 | required for tracking them, and doing masquerading and other forms | |
90 | of Network Address Translation on them. | |
91 | ||
92 | This is FTP support on Layer 3 independent connection tracking. | |
93 | Layer 3 independent connection tracking is experimental scheme | |
94 | which generalize ip_conntrack to support other layer 3 protocols. | |
95 | ||
96 | To compile it as a module, choose M here. If unsure, say N. | |
97 | ||
98 | endmenu |