| blob | 3218070756bb2c77edc2db6429d555fd1f4c9fbd |
1 #
2 # IP netfilter configuration
3 #
4 mainmenu_option next_comment
5 comment ' IP: Netfilter Configuration'
7 tristate 'Connection tracking (required for masq/NAT)' CONFIG_IP_NF_CONNTRACK
8 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
9 bool ' Connection mark tracking support' CONFIG_IP_NF_CONNTRACK_MARK
10 dep_tristate ' FTP protocol support' CONFIG_IP_NF_FTP $CONFIG_IP_NF_CONNTRACK
11 dep_tristate ' Amanda protocol support' CONFIG_IP_NF_AMANDA $CONFIG_IP_NF_CONNTRACK
12 dep_tristate ' STARCRAFT protocol support' CONFIG_IP_NF_STARCRAFT $CONFIG_IP_NF_CONNTRACK
13 dep_tristate ' TFTP protocol support' CONFIG_IP_NF_TFTP $CONFIG_IP_NF_CONNTRACK
14 dep_tristate ' IRC protocol support' CONFIG_IP_NF_IRC $CONFIG_IP_NF_CONNTRACK
15 dep_tristate ' Connection tracking flow accounting' CONFIG_IP_NF_CT_ACCT $CONFIG_IP_NF_CONNTRACK
16 dep_tristate ' Connection byte counter support' CONFIG_IP_NF_MATCH_CONNBYTES $CONFIG_IP_NF_CT_ACCT $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES
17 dep_tristate ' GRE protocol support' CONFIG_IP_NF_CT_PROTO_GRE $CONFIG_IP_NF_CONNTRACK
18 dep_tristate ' PPTP protocol support' CONFIG_IP_NF_PPTP $CONFIG_IP_NF_CT_PROTO_GRE
19 dep_tristate ' SIP protocol support' CONFIG_IP_NF_SIP $CONFIG_IP_NF_CONNTRACK
20 dep_tristate ' H.323 (netmeeting) support' CONFIG_IP_NF_H323 $CONFIG_IP_NF_CONNTRACK
21 dep_tristate ' RTSP protocol support' CONFIG_IP_NF_RTSP $CONFIG_IP_NF_CONNTRACK
22 dep_tristate ' MMS protocol support' CONFIG_IP_NF_MMS $CONFIG_IP_NF_CONNTRACK
23 fi
25 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
26 tristate 'Userspace queueing via NETLINK (EXPERIMENTAL)' CONFIG_IP_NF_QUEUE
27 fi
28 tristate 'IP tables support (required for filtering/masq/NAT)' CONFIG_IP_NF_IPTABLES
29 if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; then
30 # The simple matches.
31 dep_tristate ' limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES
32 dep_tristate ' IP range match support' CONFIG_IP_NF_MATCH_IPRANGE $CONFIG_IP_NF_IPTABLES
33 dep_tristate ' quota match support' CONFIG_IP_NF_MATCH_QUOTA $CONFIG_IP_NF_IPTABLES
34 dep_tristate ' MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES
35 dep_tristate ' Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES
36 dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES
37 dep_tristate ' Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES
38 dep_tristate ' Multiple port with ranges match support' CONFIG_IP_NF_MATCH_MPORT $CONFIG_IP_NF_IPTABLES
39 dep_tristate ' TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES
40 dep_tristate ' TIME match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_TIME $CONFIG_IP_NF_IPTABLES
41 dep_tristate ' condition match support' CONFIG_IP_NF_MATCH_CONDITION $CONFIG_IP_NF_IPTABLES
42 dep_tristate ' Nth match support' CONFIG_IP_NF_MATCH_NTH $CONFIG_IP_NF_IPTABLES
43 dep_tristate ' psd match support' CONFIG_IP_NF_MATCH_PSD $CONFIG_IP_NF_IPTABLES
44 dep_tristate ' random match support' CONFIG_IP_NF_MATCH_RANDOM $CONFIG_IP_NF_IPTABLES
45 dep_tristate ' recent match support' CONFIG_IP_NF_MATCH_RECENT $CONFIG_IP_NF_IPTABLES
46 dep_tristate ' account match support' CONFIG_IP_NF_MATCH_ACCOUNT $CONFIG_IP_NF_IPTABLES $CONFIG_PROC_FS
47 dep_tristate ' IP address pool support' CONFIG_IP_NF_POOL $CONFIG_IP_NF_IPTABLES
48 if [ "$CONFIG_IP_NF_POOL" = "y" -o "$CONFIG_IP_NF_POOL" = "m" ]; then
49 bool ' enable statistics on pool usage' CONFIG_IP_POOL_STATISTICS n
50 fi
51 dep_tristate ' ECN match support' CONFIG_IP_NF_MATCH_ECN $CONFIG_IP_NF_IPTABLES
52 dep_tristate ' peer to peer traffic match support' CONFIG_IP_NF_MATCH_IPP2P $CONFIG_IP_NF_IPTABLES
54 dep_tristate ' DSCP match support' CONFIG_IP_NF_MATCH_DSCP $CONFIG_IP_NF_IPTABLES
56 dep_tristate ' AH/ESP match support' CONFIG_IP_NF_MATCH_AH_ESP $CONFIG_IP_NF_IPTABLES
57 dep_tristate ' LENGTH match support' CONFIG_IP_NF_MATCH_LENGTH $CONFIG_IP_NF_IPTABLES
58 dep_tristate ' TTL match support' CONFIG_IP_NF_MATCH_TTL $CONFIG_IP_NF_IPTABLES
59 dep_tristate ' tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES
60 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
61 dep_tristate ' Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES
62 fi
63 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
64 dep_tristate ' Connection state match support' CONFIG_IP_NF_MATCH_STATE $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES
65 dep_tristate ' Connection tracking match support' CONFIG_IP_NF_MATCH_CONNTRACK $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES
66 if [ "$CONFIG_IP_NF_CONNTRACK_MARK" != "n" ]; then
67 dep_tristate ' Connection mark match support' CONFIG_IP_NF_MATCH_CONNMARK $CONFIG_IP_NF_IPTABLES
68 dep_tristate ' Connections/IP limit match support' CONFIG_IP_NF_MATCH_CONNLIMIT $CONFIG_IP_NF_IPTABLES
69 fi
70 fi
71 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
72 dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES
73 dep_tristate ' String match support (EXPERIMENTAL) ' CONFIG_IP_NF_MATCH_STRING $CONFIG_IP_NF_IPTABLES
74 dep_tristate ' Owner match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_OWNER $CONFIG_IP_NF_IPTABLES
75 dep_tristate ' Layer 7 match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_LAYER7 $CONFIG_IP_NF_CONNTRACK
76 dep_mbool ' Layer 7 debugging output (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_LAYER7_DEBUG $CONFIG_IP_NF_MATCH_LAYER7
77 dep_tristate ' Webstr match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_WEBSTR $CONFIG_IP_NF_IPTABLES
79 dep_tristate ' geoip match support' CONFIG_IP_NF_MATCH_GEOIP $CONFIG_IP_NF_IPTABLES
81 dep_tristate ' U32 match support' CONFIG_IP_NF_MATCH_U32 $CONFIG_IP_NF_IPTABLES
82 dep_tristate ' web match' CONFIG_IP_NF_MATCH_WEB $CONFIG_IP_NF_IPTABLES
83 dep_tristate ' BCOUNT target' CONFIG_IP_NF_TARGET_BCOUNT $CONFIG_IP_NF_IPTABLES
84 dep_tristate ' bcount match' CONFIG_IP_NF_MATCH_BCOUNT $CONFIG_IP_NF_TARGET_BCOUNT
85 dep_tristate ' MACSAVE target' CONFIG_IP_NF_TARGET_MACSAVE $CONFIG_IP_NF_IPTABLES
86 dep_tristate ' macsave match' CONFIG_IP_NF_MATCH_MACSAVE $CONFIG_IP_NF_TARGET_MACSAVE
87 dep_tristate ' exp match (experimental rig - do not use)' CONFIG_IP_NF_MATCH_EXP $CONFIG_IP_NF_IPTABLES
88 dep_tristate ' Web Monitor match support' CONFIG_IP_NF_MATCH_WEBMON $CONFIG_IP_NF_IPTABLES
90 fi
91 # The targets
92 dep_tristate ' Packet filtering' CONFIG_IP_NF_FILTER $CONFIG_IP_NF_IPTABLES
93 if [ "$CONFIG_IP_NF_FILTER" != "n" ]; then
94 dep_tristate ' REJECT target support' CONFIG_IP_NF_TARGET_REJECT $CONFIG_IP_NF_FILTER
95 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
96 dep_tristate ' MIRROR target support (EXPERIMENTAL)' CONFIG_IP_NF_TARGET_MIRROR $CONFIG_IP_NF_FILTER
97 dep_tristate ' TARPIT target support (EXPERIMENTAL)' CONFIG_IP_NF_TARGET_TARPIT $CONFIG_IP_NF_FILTER
98 fi
99 fi
101 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
102 dep_tristate ' Full NAT' CONFIG_IP_NF_NAT $CONFIG_IP_NF_IPTABLES $CONFIG_IP_NF_CONNTRACK
103 if [ "$CONFIG_IP_NF_NAT" != "n" ]; then
104 define_bool CONFIG_IP_NF_NAT_NEEDED y
105 dep_tristate ' MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT
106 dep_tristate ' REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT
107 dep_tristate ' NETMAP target support' CONFIG_IP_NF_TARGET_NETMAP $CONFIG_IP_NF_NAT
108 dep_tristate ' Automatic port forwarding (autofw) target support' CONFIG_IP_NF_AUTOFW $CONFIG_IP_NF_NAT
109 dep_tristate ' TRIGGER target support (port-trigger)' CONFIG_IP_NF_TARGET_TRIGGER $CONFIG_IP_NF_NAT
110 if [ "$CONFIG_IP_NF_PPTP" = "m" ]; then
111 define_tristate CONFIG_IP_NF_NAT_PPTP m
112 else
113 if [ "$CONFIG_IP_NF_PPTP" = "y" ]; then
114 define_tristate CONFIG_IP_NF_NAT_PPTP $CONFIG_IP_NF_NAT
115 fi
116 fi
117 if [ "$CONFIG_IP_NF_SIP" = "m" ]; then
118 define_tristate CONFIG_IP_NF_NAT_SIP m
119 else
120 if [ "$CONFIG_IP_NF_SIP" = "y" ]; then
121 define_tristate CONFIG_IP_NF_NAT_SIP $CONFIG_IP_NF_NAT
122 fi
123 fi
124 if [ "$CONFIG_IP_NF_CT_PROTO_GRE" = "m" ]; then
125 define_tristate CONFIG_IP_NF_NAT_PROTO_GRE m
126 else
127 if [ "$CONFIG_IP_NF_CT_PROTO_GRE" = "y" ]; then
128 define_tristate CONFIG_IP_NF_NAT_PROTO_GRE $CONFIG_IP_NF_NAT
129 fi
130 fi
131 if [ "$CONFIG_IP_NF_AMANDA" = "m" ]; then
132 define_tristate CONFIG_IP_NF_NAT_AMANDA m
133 else
134 if [ "$CONFIG_IP_NF_AMANDA" = "y" ]; then
135 define_tristate CONFIG_IP_NF_NAT_AMANDA $CONFIG_IP_NF_NAT
136 fi
137 fi
138 if [ "$CONFIG_IP_NF_H323" = "m" ]; then
139 define_tristate CONFIG_IP_NF_NAT_H323 m
140 else
141 if [ "$CONFIG_IP_NF_H323" = "y" ]; then
142 define_tristate CONFIG_IP_NF_NAT_H323 $CONFIG_IP_NF_NAT
143 fi
144 fi
145 if [ "$CONFIG_IP_NF_RTSP" = "m" ]; then
146 define_tristate CONFIG_IP_NF_NAT_RTSP m
147 else
148 if [ "$CONFIG_IP_NF_RTSP" = "y" ]; then
149 define_tristate CONFIG_IP_NF_NAT_RTSP $CONFIG_IP_NF_NAT
150 fi
151 fi
152 if [ "$CONFIG_IP_NF_MMS" = "m" ]; then
153 define_tristate CONFIG_IP_NF_NAT_MMS m
154 else
155 if [ "$CONFIG_IP_NF_MMS" = "y" ]; then
156 define_tristate CONFIG_IP_NF_NAT_MMS $CONFIG_IP_NF_NAT
157 fi
158 fi
159 if [ "$CONFIG_IP_NF_H323" = "m" ]; then
160 define_tristate CONFIG_IP_NF_NAT_H323 m
161 else
162 if [ "$CONFIG_IP_NF_H323" = "y" ]; then
163 define_tristate CONFIG_IP_NF_NAT_H323 $CONFIG_IP_NF_NAT
164 fi
165 fi
166 if [ "$CONFIG_IP_NF_RTSP" = "m" ]; then
167 define_tristate CONFIG_IP_NF_NAT_RTSP m
168 else
169 if [ "$CONFIG_IP_NF_RTSP" = "y" ]; then
170 define_tristate CONFIG_IP_NF_NAT_RTSP $CONFIG_IP_NF_NAT
171 fi
172 fi
173 if [ "$CONFIG_IP_NF_MMS" = "m" ]; then
174 define_tristate CONFIG_IP_NF_NAT_MMS m
175 else
176 if [ "$CONFIG_IP_NF_MMS" = "y" ]; then
177 define_tristate CONFIG_IP_NF_NAT_MMS $CONFIG_IP_NF_NAT
178 fi
179 fi
180 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
181 dep_tristate ' Basic SNMP-ALG support (EXPERIMENTAL)' CONFIG_IP_NF_NAT_SNMP_BASIC $CONFIG_IP_NF_NAT
182 fi
183 if [ "$CONFIG_IP_NF_IRC" = "m" ]; then
184 define_tristate CONFIG_IP_NF_NAT_IRC m
185 else
186 if [ "$CONFIG_IP_NF_IRC" = "y" ]; then
187 define_tristate CONFIG_IP_NF_NAT_IRC $CONFIG_IP_NF_NAT
188 fi
189 fi
190 # If they want FTP, set to $CONFIG_IP_NF_NAT (m or y),
191 # or $CONFIG_IP_NF_FTP (m or y), whichever is weaker. Argh.
192 if [ "$CONFIG_IP_NF_FTP" = "m" ]; then
193 define_tristate CONFIG_IP_NF_NAT_FTP m
194 else
195 if [ "$CONFIG_IP_NF_FTP" = "y" ]; then
196 define_tristate CONFIG_IP_NF_NAT_FTP $CONFIG_IP_NF_NAT
197 fi
198 fi
199 if [ "$CONFIG_IP_NF_TFTP" = "m" ]; then
200 define_tristate CONFIG_IP_NF_NAT_TFTP m
201 else
202 if [ "$CONFIG_IP_NF_TFTP" = "y" ]; then
203 define_tristate CONFIG_IP_NF_NAT_TFTP $CONFIG_IP_NF_NAT
204 fi
205 fi
206 # If they want Starcraft, set to $CONFIG_IP_NF_NAT (m or y),
207 # or $CONFIG_IP_NF_STARCRAFT (m or y), whichever is weaker. Argh.
208 if [ "$CONFIG_IP_NF_STARCRAFT" = "m" ]; then
209 define_tristate CONFIG_IP_NF_NAT_STARCRAFT m
210 else
211 if [ "$CONFIG_IP_NF_STARCRAFT" = "y" ]; then
212 define_tristate CONFIG_IP_NF_NAT_STARCRAFT $CONFIG_IP_NF_NAT
213 fi
214 fi
216 fi
217 fi
219 dep_tristate ' Packet mangling' CONFIG_IP_NF_MANGLE $CONFIG_IP_NF_IPTABLES
220 if [ "$CONFIG_IP_NF_MANGLE" != "n" ]; then
221 dep_tristate ' TOS target support' CONFIG_IP_NF_TARGET_TOS $CONFIG_IP_NF_MANGLE
222 dep_tristate ' ECN target support' CONFIG_IP_NF_TARGET_ECN $CONFIG_IP_NF_MANGLE
224 dep_tristate ' DSCP target support' CONFIG_IP_NF_TARGET_DSCP $CONFIG_IP_NF_MANGLE
226 dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
227 dep_tristate ' ROUTE target support' CONFIG_IP_NF_TARGET_ROUTE $CONFIG_IP_NF_MANGLE
228 dep_tristate ' IMQ target support' CONFIG_IP_NF_TARGET_IMQ $CONFIG_IP_NF_MANGLE
229 dep_tristate ' CLASSIFY target support (EXPERIMENTAL)' CONFIG_IP_NF_TARGET_CLASSIFY $CONFIG_IP_NF_MANGLE
230 fi
231 if [ "$CONFIG_IP_NF_CONNTRACK_MARK" != "n" ]; then
232 dep_tristate ' CONNMARK target support' CONFIG_IP_NF_TARGET_CONNMARK $CONFIG_IP_NF_IPTABLES
233 fi
234 dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES
235 dep_tristate ' TTL target support' CONFIG_IP_NF_TARGET_TTL $CONFIG_IP_NF_IPTABLES
236 dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES
237 dep_tristate ' TCPMSS target support' CONFIG_IP_NF_TARGET_TCPMSS $CONFIG_IP_NF_IPTABLES
238 fi
240 tristate 'ARP tables support' CONFIG_IP_NF_ARPTABLES
241 if [ "$CONFIG_IP_NF_ARPTABLES" != "n" ]; then
242 dep_tristate ' ARP packet filtering' CONFIG_IP_NF_ARPFILTER $CONFIG_IP_NF_ARPTABLES
243 fi
244 if [ "$CONFIG_IP_NF_ARPTABLES" != "n" ]; then
245 dep_tristate ' ARP payload mangling' CONFIG_IP_NF_ARP_MANGLE $CONFIG_IP_NF_ARPTABLES
246 fi
248 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
249 tristate 'tomato_ct' CONFIG_IP_NF_TOMATOCT
250 fi
252 # Backwards compatibility modules: only if you don't build in the others.
253 if [ "$CONFIG_IP_NF_CONNTRACK" != "y" ]; then
254 if [ "$CONFIG_IP_NF_IPTABLES" != "y" ]; then
255 tristate 'ipchains (2.2-style) support' CONFIG_IP_NF_COMPAT_IPCHAINS
256 if [ "$CONFIG_IP_NF_COMPAT_IPCHAINS" != "n" ]; then
257 define_bool CONFIG_IP_NF_NAT_NEEDED y
258 fi
259 if [ "$CONFIG_IP_NF_COMPAT_IPCHAINS" != "y" ]; then
260 tristate 'ipfwadm (2.0-style) support' CONFIG_IP_NF_COMPAT_IPFWADM
261 if [ "$CONFIG_IP_NF_COMPAT_IPFWADM" != "n" ]; then
262 define_bool CONFIG_IP_NF_NAT_NEEDED y
263 fi
264 fi
265 fi
266 fi
267 dep_tristate ' IP set support' CONFIG_IP_NF_SET $CONFIG_IP_NF_IPTABLES
268 if [ "$CONFIG_IP_NF_SET" != "n" ]; then
269 int ' Maximum number of sets' CONFIG_IP_NF_SET_MAX 256
270 int ' Hash size for bindings of IP sets' CONFIG_IP_NF_SET_HASHSIZE 1024
271 dep_tristate ' set match support' CONFIG_IP_NF_MATCH_SET $CONFIG_IP_NF_SET
272 dep_tristate ' SET target support' CONFIG_IP_NF_TARGET_SET $CONFIG_IP_NF_SET
273 dep_tristate ' ipmap set type support' CONFIG_IP_NF_SET_IPMAP $CONFIG_IP_NF_SET
274 dep_tristate ' macipmap set type support' CONFIG_IP_NF_SET_MACIPMAP $CONFIG_IP_NF_SET
275 dep_tristate ' portmap set type support' CONFIG_IP_NF_SET_PORTMAP $CONFIG_IP_NF_SET
276 dep_tristate ' iphash set type support' CONFIG_IP_NF_SET_IPHASH $CONFIG_IP_NF_SET
277 dep_tristate ' nethash set type support' CONFIG_IP_NF_SET_NETHASH $CONFIG_IP_NF_SET
278 dep_tristate ' ipporthash set type support' CONFIG_IP_NF_SET_IPPORTHASH $CONFIG_IP_NF_SET
279 dep_tristate ' ipportiphash set type support' CONFIG_IP_NF_SET_IPPORTIPHASH $CONFIG_IP_NF_SET
280 dep_tristate ' ipportnethash set type support' CONFIG_IP_NF_SET_IPPORTNETHASH $CONFIG_IP_NF_SET
281 dep_tristate ' iptree set type support' CONFIG_IP_NF_SET_IPTREE $CONFIG_IP_NF_SET
282 dep_tristate ' iptreemap set type support' CONFIG_IP_NF_SET_IPTREEMAP $CONFIG_IP_NF_SET
283 dep_tristate ' setlist set type support' CONFIG_IP_NF_SET_SETLIST $CONFIG_IP_NF_SET
284 fi
285 endmenu