tristate "Netfilter NFQUEUE over NFNETLINK interface"
depends on NETFILTER_NETLINK
help
- If this option is enabled, the kernel will include support
+ If this option isenabled, the kernel will include support
for queueing packets via NFNETLINK.
config NETFILTER_NETLINK_LOG
of packets, but this mark value is kept in the conntrack session
instead of the individual packets.
-config NF_CONNTRACK_SECMARK
- bool 'Connection tracking security mark support'
- depends on NF_CONNTRACK && NETWORK_SECMARK
- help
- This option enables security markings to be applied to
- connections. Typically they are copied to connections from
- packets using the CONNSECMARK target and copied back from
- connections to packets with the same target, with the packets
- being originally labeled via SECMARK.
-
- If unsure, say 'N'.
-
config NF_CONNTRACK_EVENTS
bool "Connection tracking events (EXPERIMENTAL)"
depends on EXPERIMENTAL && NF_CONNTRACK
help
If this option is enabled, the connection tracking code will
provide a notifier chain that can be used by other kernel code
- to get notified about changes in the connection tracking state.
+ to get notified aboutchanges in the connection tracking state.
If unsure, say `N'.
tristate '"NFQUEUE" target Support'
depends on NETFILTER_XTABLES
help
- This target replaced the old obsolete QUEUE target.
+ This Target replaced the old obsolete QUEUE target.
As opposed to QUEUE, it supports 65535 different queues,
not just one.
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
-config NETFILTER_XT_TARGET_SECMARK
- tristate '"SECMARK" target support'
- depends on NETFILTER_XTABLES && NETWORK_SECMARK
- help
- The SECMARK target allows security marking of network
- packets, for use with security subsystems.
-
- To compile it as a module, choose M here. If unsure, say N.
-
-config NETFILTER_XT_TARGET_CONNSECMARK
- tristate '"CONNSECMARK" target support'
- depends on NETFILTER_XTABLES && \
- ((NF_CONNTRACK && NF_CONNTRACK_SECMARK) || \
- (IP_NF_CONNTRACK && IP_NF_CONNTRACK_SECMARK))
- help
- The CONNSECMARK target copies security markings from packets
- to connections, and restores security markings from connections
- to packets (if the packets are not already marked). This would
- normally be used in conjunction with the SECMARK target.
-
- To compile it as a module, choose M here. If unsure, say N.
-
config NETFILTER_XT_MATCH_COMMENT
tristate '"comment" match support'
depends on NETFILTER_XTABLES
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `N'.
-config NETFILTER_XT_MATCH_ESP
- tristate '"ESP" match support'
- depends on NETFILTER_XTABLES
- help
- This match extension allows you to match a range of SPIs
- inside ESP header of IPSec packets.
-
- To compile it as a module, choose M here. If unsure, say N.
-
config NETFILTER_XT_MATCH_HELPER
tristate '"helper" match support'
depends on NETFILTER_XTABLES
To compile it as a module, choose M here. If unsure, say N.
-config NETFILTER_XT_MATCH_POLICY
- tristate 'IPsec "policy" match support'
- depends on NETFILTER_XTABLES && XFRM
- help
- Policy matching allows you to match packets based on the
- IPsec policy that was used during decapsulation/will
- be used during encapsulation.
-
- To compile it as a module, choose M here. If unsure, say N.
-
-config NETFILTER_XT_MATCH_MULTIPORT
- tristate "Multiple port match support"
- depends on NETFILTER_XTABLES
- help
- Multiport matching allows you to match TCP or UDP packets based on
- a series of source or destination ports: normally a rule can only
- match a single range of ports.
-
- To compile it as a module, choose M here. If unsure, say N.
-
config NETFILTER_XT_MATCH_PHYSDEV
tristate '"physdev" match support'
- depends on NETFILTER_XTABLES && BRIDGE && BRIDGE_NETFILTER
+ depends on NETFILTER_XTABLES && BRIDGE_NETFILTER
help
Physdev packet matching matches against the physical bridge ports
the IP packet arrived on or will leave by.
To compile it as a module, choose M here. If unsure, say N.
-config NETFILTER_XT_MATCH_QUOTA
- tristate '"quota" match support'
- depends on NETFILTER_XTABLES
- help
- This option adds a `quota' match, which allows to match on a
- byte counter.
-
- If you want to compile it as a module, say M here and read
- <file:Documentation/modules.txt>. If unsure, say `N'.
-
config NETFILTER_XT_MATCH_REALM
tristate '"realm" match support'
depends on NETFILTER_XTABLES
<file:Documentation/modules.txt>. If unsure, say `N'.
config NETFILTER_XT_MATCH_SCTP
- tristate '"sctp" protocol match support (EXPERIMENTAL)'
- depends on NETFILTER_XTABLES && EXPERIMENTAL
+ tristate '"sctp" protocol match support'
+ depends on NETFILTER_XTABLES
help
With this option enabled, you will be able to use the
`sctp' match in order to match on SCTP source/destination ports
To compile it as a module, choose M here. If unsure, say N.
-config NETFILTER_XT_MATCH_STATISTIC
- tristate '"statistic" match support'
- depends on NETFILTER_XTABLES
- help
- This option adds a `statistic' match, which allows you to match
- on packets periodically or randomly with a given percentage.
-
- To compile it as a module, choose M here. If unsure, say N.
-
config NETFILTER_XT_MATCH_STRING
tristate '"string" match support'
depends on NETFILTER_XTABLES
git://git.onelab.eu / linux-2.6.git / blobdiff