| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 |
- menu "Core Netfilter Configuration"
- depends on NET && NETFILTER
- config NETFILTER_NETLINK
- tristate "Netfilter netlink interface"
- help
- If this option is enabled, the kernel will include support
- for the new netfilter netlink interface.
- config NETFILTER_NETLINK_QUEUE
- tristate "Netfilter NFQUEUE over NFNETLINK interface"
- depends on NETFILTER_NETLINK
- help
- If this option isenabled, the kernel will include support
- for queueing packets via NFNETLINK.
-
- config NETFILTER_NETLINK_LOG
- tristate "Netfilter LOG over NFNETLINK interface"
- depends on NETFILTER_NETLINK
- help
- If this option is enabled, the kernel will include support
- for logging packets via NFNETLINK.
- This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms,
- and is also scheduled to replace the old syslog-based ipt_LOG
- and ip6t_LOG modules.
- config NF_CONNTRACK
- tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)"
- depends on EXPERIMENTAL && IP_NF_CONNTRACK=n
- default n
- ---help---
- Connection tracking keeps a record of what packets have passed
- through your machine, in order to figure out how they are related
- into connections.
- Layer 3 independent connection tracking is experimental scheme
- which generalize ip_conntrack to support other layer 3 protocols.
- To compile it as a module, choose M here. If unsure, say N.
- config NF_CT_ACCT
- bool "Connection tracking flow accounting"
- depends on NF_CONNTRACK
- help
- If this option is enabled, the connection tracking code will
- keep per-flow packet and byte counters.
- Those counters can be used for flow-based accounting or the
- `connbytes' match.
- If unsure, say `N'.
- config NF_CONNTRACK_MARK
- bool 'Connection mark tracking support'
- depends on NF_CONNTRACK
- help
- This option enables support for connection marks, used by the
- `CONNMARK' target and `connmark' match. Similar to the mark value
- of packets, but this mark value is kept in the conntrack session
- instead of the individual packets.
- config NF_CONNTRACK_EVENTS
- bool "Connection tracking events (EXPERIMENTAL)"
- depends on EXPERIMENTAL && NF_CONNTRACK
- help
- If this option is enabled, the connection tracking code will
- provide a notifier chain that can be used by other kernel code
- to get notified aboutchanges in the connection tracking state.
- If unsure, say `N'.
- config NF_CT_PROTO_SCTP
- tristate 'SCTP protocol on new connection tracking support (EXPERIMENTAL)'
- depends on EXPERIMENTAL && NF_CONNTRACK
- default n
- help
- With this option enabled, the layer 3 independent connection
- tracking code will be able to do state tracking on SCTP connections.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
- config NF_CONNTRACK_FTP
- tristate "FTP support on new connection tracking (EXPERIMENTAL)"
- depends on EXPERIMENTAL && NF_CONNTRACK
- help
- Tracking FTP connections is problematic: special helpers are
- required for tracking them, and doing masquerading and other forms
- of Network Address Translation on them.
- This is FTP support on Layer 3 independent connection tracking.
- Layer 3 independent connection tracking is experimental scheme
- which generalize ip_conntrack to support other layer 3 protocols.
- To compile it as a module, choose M here. If unsure, say N.
- endmenu
|
