| blob | e2e9a2bbbe5762ab0c9a2687868cd4f06d7fef91 |
1 config ADK_KPACKAGE_KMOD_NF_CONNTRACK
2 tristate 'Netfilter connection tracking support'
3 select ADK_KERNEL_NETFILTER_XTABLES
4 help
5 Connection tracking keeps a record of what packets have passed
6 through your machine, in order to figure out how they are related
7 into connections.
9 Layer 3 independent connection tracking is experimental scheme
10 which generalize ip_conntrack to support other layer 3 protocols.
12 config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CLASSIFY
13 tristate '"CLASSIFY" target support'
14 select ADK_KERNEL_NETFILTER_XTABLES
15 help
16 This option adds a `CLASSIFY' target, which enables the user to set
17 the priority of a packet. Some qdiscs can use this value for
18 classification, among these are:
20 atm, cbq, dsmark, pfifo_fast, htb, prio
22 config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_CONNMARK
23 tristate '"CONNMARK" target support'
24 select ADK_KERNEL_NETFILTER_XTABLES
25 select ADK_KPACKAGE_KMOD_NF_CONNTRACK
26 help
27 This option adds a `CONNMARK' target, which allows one to manipulate
28 the connection mark value. Similar to the MARK target, but
29 affects the connection mark value rather than the packet mark value.
31 config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_MARK
32 tristate '"MARK" target support'
33 select ADK_KERNEL_NETFILTER_XTABLES
34 help
35 This option adds a `MARK' target, which allows you to create rules
36 in the `mangle' table which alter the netfilter mark (nfmark) field
37 associated with the packet prior to routing. This can change
38 the routing method (see `Use netfilter MARK value as routing
39 key') and can also be used by other subsystems to change their
40 behavior.
42 config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_NFQUEUE
43 tristate '"NFQUEUE" target support'
44 select ADK_KERNEL_NETFILTER_XTABLES
45 help
46 This target replaced the old obsolete QUEUE target.
48 As opposed to QUEUE, it supports 65535 different queues,
49 not just one.
51 config ADK_KPACKAGE_KMOD_NETFILTER_XT_TARGET_TCPMSS
52 tristate 'TCPMSS target'
53 select ADK_KERNEL_NETFILTER_XTABLES
54 help
56 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_MARK
57 bool 'Connection mark tracking support'
58 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
59 select ADK_KERNEL_IP_NF_MATCH_CONNMARK
60 help
61 This option enables support for connection marks, used by the
62 `CONNMARK' target and `connmark' match. Similar to the mark value
63 of packets, but this mark value is kept in the conntrack session
64 instead of the individual packets.
66 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_SECMARK
67 bool 'Connection tracking security mark support'
68 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
69 #FIXME select NETWORK_SECMARK
70 help
71 This option enables security markings to be applied to
72 connections. Typically they are copied to connections from
73 packets using the CONNSECMARK target and copied back from
74 connections to packets with the same target, with the packets
75 being originally labeled via SECMARK.
77 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_FTP
78 tristate 'FTP protocol support'
79 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
80 help
81 Tracking FTP connections is problematic: special helpers are
82 required for tracking them, and doing masquerading and other forms
83 of Network Address Translation on them.
85 #config ADK_KPACKAGE_KMOD_NF_CONNTRACK_RTSP
86 # tristate 'RTSP protocol support'
87 # depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
88 # help
89 # Tracking RTSP connections might be required for IPTV.
91 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_IRC
92 tristate 'IRC protocol support'
93 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
94 help
95 There is a commonly-used extension to IRC called
96 Direct Client-to-Client Protocol (DCC). This enables users to send
97 files to each other, and also chat to each other without the need
98 of a server. DCC Sending is used anywhere you send files over IRC,
99 and DCC Chat is most commonly used by Eggdrop bots. If you are
100 using NAT, this extension will enable you to send files and initiate
101 chats. Note that you do NOT need this extension to get files or
102 have others initiate chats, or everything else in IRC.
104 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_NETBIOS_NS
105 tristate 'NetBIOS name service protocol support (EXPERIMENTAL)'
106 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
107 help
108 NetBIOS name service requests are sent as broadcast messages from an
109 unprivileged port and responded to with unicast messages to the
110 same port. This make them hard to firewall properly because connection
111 tracking doesn't deal with broadcasts. This helper tracks locally
112 originating NetBIOS name service requests and the corresponding
113 responses. It relies on correct IP address configuration, specifically
114 netmask and broadcast address. When properly configured, the output
115 of "ip address show" should look similar to this:
117 $ ip -4 address show eth0
118 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
119 inet 172.16.2.252/24 brd 172.16.2.255 scope global eth0
121 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_TFTP
122 tristate 'TFTP protocol support'
123 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
124 help
125 TFTP connection tracking helper, this is required depending
126 on how restrictive your ruleset is.
127 If you are using a tftp client behind -j SNAT or -j MASQUERADING
128 you will need this.
130 #config ADK_KPACKAGE_KMOD_NF_CONNTRACK_AMANDA
131 # tristate 'Amanda backup protocol support'
132 # depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
133 # #FIXME TEXTSEARCH && TEXTSEARCH_KMP
134 # help
135 # If you are running the Amanda backup package <http://www.amanda.org/>
136 # on this machine or machines that will be MASQUERADED through this
137 # machine, then you may want to enable this feature. This allows the
138 # connection tracking and natting code to allow the sub-channels that
139 # Amanda requires for communication of the backup data, messages and
140 # index.
142 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_PPTP
143 tristate 'PPTP protocol support'
144 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
145 help
146 This module adds support for PPTP (Point to Point Tunnelling
147 Protocol, RFC2637) connection tracking and NAT.
149 If you are running PPTP sessions over a stateful firewall or NAT
150 box, you may want to enable this feature.
152 Please note that not all PPTP modes of operation are supported yet.
153 For more info, read top of the file
154 net/ipv4/netfilter/ip_conntrack_pptp.c
156 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_H323
157 tristate 'H.323 protocol support (EXPERIMENTAL)'
158 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
159 help
160 H.323 is a VoIP signalling protocol from ITU-T. As one of the most
161 important VoIP protocols, it is widely used by voice hardware and
162 software including voice gateways, IP phones, Netmeeting, OpenPhone,
163 Gnomemeeting, etc.
165 With this module you can support H.323 on a connection tracking/NAT
166 firewall.
168 This module supports RAS, Fast Start, H.245 Tunnelling, Call
169 Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
170 whiteboard, file transfer, etc. For more information, please
171 visit http://nath323.sourceforge.net/.
173 config ADK_KPACKAGE_KMOD_NF_CONNTRACK_SIP
174 tristate 'SIP protocol support (EXPERIMENTAL)'
175 depends on ADK_KPACKAGE_KMOD_NF_CONNTRACK
176 help
177 SIP is an application-layer control protocol that can establish,
178 modify, and terminate multimedia sessions (conferences) such as
179 Internet telephony calls. With the ip_conntrack_sip and
180 the ip_nat_sip modules you can support the protocol on a connection
181 tracking/NATing firewall.