1# 2# IP netfilter configuration 3# 4mainmenu_option next_comment 5comment ' IP: Netfilter Configuration' 6 7tristate 'Connection tracking (required for masq/NAT)' CONFIG_IP_NF_CONNTRACK 8if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then 9 dep_tristate ' FTP protocol support' CONFIG_IP_NF_FTP $CONFIG_IP_NF_CONNTRACK 10 dep_tristate ' TFTP protocol support' CONFIG_IP_NF_TFTP $CONFIG_IP_NF_CONNTRACK 11 dep_tristate ' H.323 (netmeeting) support' CONFIG_IP_NF_H323 $CONFIG_IP_NF_CONNTRACK 12 dep_tristate ' IRC protocol support' CONFIG_IP_NF_IRC $CONFIG_IP_NF_CONNTRACK 13 dep_tristate ' MMS protocol support' CONFIG_IP_NF_MMS $CONFIG_IP_NF_CONNTRACK 14 dep_tristate ' GRE protocol support' CONFIG_IP_NF_CT_PROTO_GRE $CONFIG_IP_NF_CONNTRACK 15 dep_tristate ' PPTP protocol support' CONFIG_IP_NF_PPTP $CONFIG_IP_NF_CT_PROTO_GRE 16fi 17 18if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then 19 tristate 'Userspace queueing via NETLINK (EXPERIMENTAL)' CONFIG_IP_NF_QUEUE 20fi 21tristate 'IP tables support (required for filtering/masq/NAT)' CONFIG_IP_NF_IPTABLES 22if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; then 23# The simple matches. 24 dep_tristate ' limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES 25 26 dep_tristate ' IP address pool support' CONFIG_IP_NF_POOL $CONFIG_IP_NF_IPTABLES 27 if [ "$CONFIG_IP_NF_POOL" = "y" -o "$CONFIG_IP_NF_POOL" = "m" ]; then 28 bool ' enable statistics on pool usage' CONFIG_IP_POOL_STATISTICS n 29 fi 30 31 dep_tristate ' MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES 32 dep_tristate ' Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES 33 dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES 34 dep_tristate ' Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES 35 dep_tristate ' Multiple port with ranges match support' CONFIG_IP_NF_MATCH_MPORT $CONFIG_IP_NF_IPTABLES 36 dep_tristate ' TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES 37 dep_tristate ' TIME match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_TIME $CONFIG_IP_NF_IPTABLES 38 dep_tristate ' ECN match support' CONFIG_IP_NF_MATCH_ECN $CONFIG_IP_NF_IPTABLES 39 40 dep_tristate ' DSCP match support' CONFIG_IP_NF_MATCH_DSCP $CONFIG_IP_NF_IPTABLES 41 42 dep_tristate ' AH/ESP match support' CONFIG_IP_NF_MATCH_AH_ESP $CONFIG_IP_NF_IPTABLES 43 dep_tristate ' LENGTH match support' CONFIG_IP_NF_MATCH_LENGTH $CONFIG_IP_NF_IPTABLES 44 dep_tristate ' TTL match support' CONFIG_IP_NF_MATCH_TTL $CONFIG_IP_NF_IPTABLES 45 dep_tristate ' tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES 46 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then 47 dep_tristate ' Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES 48 fi 49 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then 50 dep_tristate ' Connection state match support' CONFIG_IP_NF_MATCH_STATE $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES 51 dep_tristate ' Connection tracking match support' CONFIG_IP_NF_MATCH_CONNTRACK $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES 52 fi 53 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then 54 dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES 55 dep_tristate ' Owner match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_OWNER $CONFIG_IP_NF_IPTABLES 56 fi 57# The targets 58 dep_tristate ' Packet filtering' CONFIG_IP_NF_FILTER $CONFIG_IP_NF_IPTABLES 59 if [ "$CONFIG_IP_NF_FILTER" != "n" ]; then 60 dep_tristate ' REJECT target support' CONFIG_IP_NF_TARGET_REJECT $CONFIG_IP_NF_FILTER 61 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then 62 dep_tristate ' MIRROR target support (EXPERIMENTAL)' CONFIG_IP_NF_TARGET_MIRROR $CONFIG_IP_NF_FILTER 63 fi 64 fi 65 66 if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then 67 dep_tristate ' Full NAT' CONFIG_IP_NF_NAT $CONFIG_IP_NF_IPTABLES $CONFIG_IP_NF_CONNTRACK 68 if [ "$CONFIG_IP_NF_NAT" != "n" ]; then 69 define_bool CONFIG_IP_NF_NAT_NEEDED y 70 dep_tristate ' MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT 71 dep_tristate ' REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT 72 dep_tristate ' Automatic port forwarding (autofw) target support' CONFIG_IP_NF_AUTOFW $CONFIG_IP_NF_NAT 73 if [ "$CONFIG_IP_NF_H323" = "m" ]; then 74 define_tristate CONFIG_IP_NF_NAT_H323 m 75 else 76 if [ "$CONFIG_IP_NF_H323" = "y" ]; then 77 define_tristate CONFIG_IP_NF_NAT_H323 $CONFIG_IP_NF_NAT 78 fi 79 fi 80 if [ "$CONFIG_IP_NF_PPTP" = "m" ]; then 81 define_tristate CONFIG_IP_NF_NAT_PPTP m 82 else 83 if [ "$CONFIG_IP_NF_PPTP" = "y" ]; then 84 define_tristate CONFIG_IP_NF_NAT_PPTP $CONFIG_IP_NF_NAT 85 fi 86 fi 87 if [ "$CONFIG_IP_NF_CT_PROTO_GRE" = "m" ]; then 88 define_tristate CONFIG_IP_NF_NAT_PROTO_GRE m 89 else 90 if [ "$CONFIG_IP_NF_CT_PROTO_GRE" = "y" ]; then 91 define_tristate CONFIG_IP_NF_NAT_PROTO_GRE $CONFIG_IP_NF_NAT 92 fi 93 fi 94 bool ' NAT of local connections (READ HELP)' CONFIG_IP_NF_NAT_LOCAL 95 if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then 96 dep_tristate ' Basic SNMP-ALG support (EXPERIMENTAL)' CONFIG_IP_NF_NAT_SNMP_BASIC $CONFIG_IP_NF_NAT 97 fi 98 if [ "$CONFIG_IP_NF_IRC" = "m" ]; then 99 define_tristate CONFIG_IP_NF_NAT_IRC m 100 else 101 if [ "$CONFIG_IP_NF_IRC" = "y" ]; then 102 define_tristate CONFIG_IP_NF_NAT_IRC $CONFIG_IP_NF_NAT 103 fi 104 fi 105 if [ "$CONFIG_IP_NF_MMS" = "m" ]; then 106 define_tristate CONFIG_IP_NF_NAT_MMS m 107 else 108 if [ "$CONFIG_IP_NF_MMS" = "y" ]; then 109 define_tristate CONFIG_IP_NF_NAT_MMS $CONFIG_IP_NF_NAT 110 fi 111 fi 112 # If they want FTP, set to $CONFIG_IP_NF_NAT (m or y), 113 # or $CONFIG_IP_NF_FTP (m or y), whichever is weaker. Argh. 114 if [ "$CONFIG_IP_NF_FTP" = "m" ]; then 115 define_tristate CONFIG_IP_NF_NAT_FTP m 116 else 117 if [ "$CONFIG_IP_NF_FTP" = "y" ]; then 118 define_tristate CONFIG_IP_NF_NAT_FTP $CONFIG_IP_NF_NAT 119 fi 120 fi 121 if [ "$CONFIG_IP_NF_TFTP" = "m" ]; then 122 define_tristate CONFIG_IP_NF_NAT_TFTP m 123 else 124 if [ "$CONFIG_IP_NF_TFTP" = "y" ]; then 125 define_tristate CONFIG_IP_NF_NAT_TFTP $CONFIG_IP_NF_NAT 126 fi 127 fi 128 fi 129 fi 130 131 dep_tristate ' Packet mangling' CONFIG_IP_NF_MANGLE $CONFIG_IP_NF_IPTABLES 132 if [ "$CONFIG_IP_NF_MANGLE" != "n" ]; then 133 dep_tristate ' TOS target support' CONFIG_IP_NF_TARGET_TOS $CONFIG_IP_NF_MANGLE 134 dep_tristate ' ECN target support' CONFIG_IP_NF_TARGET_ECN $CONFIG_IP_NF_MANGLE 135 136 dep_tristate ' DSCP target support' CONFIG_IP_NF_TARGET_DSCP $CONFIG_IP_NF_MANGLE 137 138 dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE 139 fi 140 dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES 141 dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES 142 dep_tristate ' TCPMSS target support' CONFIG_IP_NF_TARGET_TCPMSS $CONFIG_IP_NF_IPTABLES 143fi 144 145tristate 'ARP tables support' CONFIG_IP_NF_ARPTABLES 146if [ "$CONFIG_IP_NF_ARPTABLES" != "n" ]; then 147 dep_tristate ' ARP packet filtering' CONFIG_IP_NF_ARPFILTER $CONFIG_IP_NF_ARPTABLES 148fi 149 150# Backwards compatibility modules: only if you don't build in the others. 151if [ "$CONFIG_IP_NF_CONNTRACK" != "y" ]; then 152 if [ "$CONFIG_IP_NF_IPTABLES" != "y" ]; then 153 tristate 'ipchains (2.2-style) support' CONFIG_IP_NF_COMPAT_IPCHAINS 154 if [ "$CONFIG_IP_NF_COMPAT_IPCHAINS" != "n" ]; then 155 define_bool CONFIG_IP_NF_NAT_NEEDED y 156 fi 157 if [ "$CONFIG_IP_NF_COMPAT_IPCHAINS" != "y" ]; then 158 tristate 'ipfwadm (2.0-style) support' CONFIG_IP_NF_COMPAT_IPFWADM 159 if [ "$CONFIG_IP_NF_COMPAT_IPFWADM" != "n" ]; then 160 define_bool CONFIG_IP_NF_NAT_NEEDED y 161 fi 162 fi 163 fi 164fi 165endmenu 166