1 |
1275 |
phoenix |
#
|
2 |
|
|
# IP netfilter configuration
|
3 |
|
|
#
|
4 |
|
|
mainmenu_option next_comment
|
5 |
|
|
comment ' IP: Netfilter Configuration'
|
6 |
|
|
|
7 |
|
|
tristate 'Connection tracking (required for masq/NAT)' CONFIG_IP_NF_CONNTRACK
|
8 |
|
|
if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
|
9 |
|
|
dep_tristate ' FTP protocol support' CONFIG_IP_NF_FTP $CONFIG_IP_NF_CONNTRACK
|
10 |
|
|
dep_tristate ' Amanda protocol support' CONFIG_IP_NF_AMANDA $CONFIG_IP_NF_CONNTRACK
|
11 |
|
|
dep_tristate ' TFTP protocol support' CONFIG_IP_NF_TFTP $CONFIG_IP_NF_CONNTRACK
|
12 |
|
|
dep_tristate ' IRC protocol support' CONFIG_IP_NF_IRC $CONFIG_IP_NF_CONNTRACK
|
13 |
|
|
fi
|
14 |
|
|
|
15 |
|
|
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
|
16 |
|
|
tristate 'Userspace queueing via NETLINK (EXPERIMENTAL)' CONFIG_IP_NF_QUEUE
|
17 |
|
|
fi
|
18 |
|
|
tristate 'IP tables support (required for filtering/masq/NAT)' CONFIG_IP_NF_IPTABLES
|
19 |
|
|
if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; then
|
20 |
|
|
# The simple matches.
|
21 |
|
|
dep_tristate ' limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES
|
22 |
|
|
dep_tristate ' MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES
|
23 |
|
|
dep_tristate ' Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES
|
24 |
|
|
dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES
|
25 |
|
|
dep_tristate ' Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES
|
26 |
|
|
dep_tristate ' TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES
|
27 |
|
|
dep_tristate ' recent match support' CONFIG_IP_NF_MATCH_RECENT $CONFIG_IP_NF_IPTABLES
|
28 |
|
|
dep_tristate ' ECN match support' CONFIG_IP_NF_MATCH_ECN $CONFIG_IP_NF_IPTABLES
|
29 |
|
|
|
30 |
|
|
dep_tristate ' DSCP match support' CONFIG_IP_NF_MATCH_DSCP $CONFIG_IP_NF_IPTABLES
|
31 |
|
|
|
32 |
|
|
dep_tristate ' AH/ESP match support' CONFIG_IP_NF_MATCH_AH_ESP $CONFIG_IP_NF_IPTABLES
|
33 |
|
|
dep_tristate ' LENGTH match support' CONFIG_IP_NF_MATCH_LENGTH $CONFIG_IP_NF_IPTABLES
|
34 |
|
|
dep_tristate ' TTL match support' CONFIG_IP_NF_MATCH_TTL $CONFIG_IP_NF_IPTABLES
|
35 |
|
|
dep_tristate ' tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES
|
36 |
|
|
if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
|
37 |
|
|
dep_tristate ' Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES
|
38 |
|
|
fi
|
39 |
|
|
if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
|
40 |
|
|
dep_tristate ' Connection state match support' CONFIG_IP_NF_MATCH_STATE $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES
|
41 |
|
|
dep_tristate ' Connection tracking match support' CONFIG_IP_NF_MATCH_CONNTRACK $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES
|
42 |
|
|
fi
|
43 |
|
|
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
|
44 |
|
|
dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES
|
45 |
|
|
dep_tristate ' Owner match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_OWNER $CONFIG_IP_NF_IPTABLES
|
46 |
|
|
fi
|
47 |
|
|
# The targets
|
48 |
|
|
dep_tristate ' Packet filtering' CONFIG_IP_NF_FILTER $CONFIG_IP_NF_IPTABLES
|
49 |
|
|
if [ "$CONFIG_IP_NF_FILTER" != "n" ]; then
|
50 |
|
|
dep_tristate ' REJECT target support' CONFIG_IP_NF_TARGET_REJECT $CONFIG_IP_NF_FILTER
|
51 |
|
|
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
|
52 |
|
|
dep_tristate ' MIRROR target support (EXPERIMENTAL)' CONFIG_IP_NF_TARGET_MIRROR $CONFIG_IP_NF_FILTER
|
53 |
|
|
fi
|
54 |
|
|
fi
|
55 |
|
|
|
56 |
|
|
if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
|
57 |
|
|
dep_tristate ' Full NAT' CONFIG_IP_NF_NAT $CONFIG_IP_NF_IPTABLES $CONFIG_IP_NF_CONNTRACK
|
58 |
|
|
if [ "$CONFIG_IP_NF_NAT" != "n" ]; then
|
59 |
|
|
define_bool CONFIG_IP_NF_NAT_NEEDED y
|
60 |
|
|
dep_tristate ' MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT
|
61 |
|
|
dep_tristate ' REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT
|
62 |
|
|
if [ "$CONFIG_IP_NF_AMANDA" = "m" ]; then
|
63 |
|
|
define_tristate CONFIG_IP_NF_NAT_AMANDA m
|
64 |
|
|
else
|
65 |
|
|
if [ "$CONFIG_IP_NF_AMANDA" = "y" ]; then
|
66 |
|
|
define_tristate CONFIG_IP_NF_NAT_AMANDA $CONFIG_IP_NF_NAT
|
67 |
|
|
fi
|
68 |
|
|
fi
|
69 |
|
|
bool ' NAT of local connections (READ HELP)' CONFIG_IP_NF_NAT_LOCAL
|
70 |
|
|
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
|
71 |
|
|
dep_tristate ' Basic SNMP-ALG support (EXPERIMENTAL)' CONFIG_IP_NF_NAT_SNMP_BASIC $CONFIG_IP_NF_NAT
|
72 |
|
|
fi
|
73 |
|
|
if [ "$CONFIG_IP_NF_IRC" = "m" ]; then
|
74 |
|
|
define_tristate CONFIG_IP_NF_NAT_IRC m
|
75 |
|
|
else
|
76 |
|
|
if [ "$CONFIG_IP_NF_IRC" = "y" ]; then
|
77 |
|
|
define_tristate CONFIG_IP_NF_NAT_IRC $CONFIG_IP_NF_NAT
|
78 |
|
|
fi
|
79 |
|
|
fi
|
80 |
|
|
# If they want FTP, set to $CONFIG_IP_NF_NAT (m or y),
|
81 |
|
|
# or $CONFIG_IP_NF_FTP (m or y), whichever is weaker. Argh.
|
82 |
|
|
if [ "$CONFIG_IP_NF_FTP" = "m" ]; then
|
83 |
|
|
define_tristate CONFIG_IP_NF_NAT_FTP m
|
84 |
|
|
else
|
85 |
|
|
if [ "$CONFIG_IP_NF_FTP" = "y" ]; then
|
86 |
|
|
define_tristate CONFIG_IP_NF_NAT_FTP $CONFIG_IP_NF_NAT
|
87 |
|
|
fi
|
88 |
|
|
fi
|
89 |
|
|
if [ "$CONFIG_IP_NF_TFTP" = "m" ]; then
|
90 |
|
|
define_tristate CONFIG_IP_NF_NAT_TFTP m
|
91 |
|
|
else
|
92 |
|
|
if [ "$CONFIG_IP_NF_TFTP" = "y" ]; then
|
93 |
|
|
define_tristate CONFIG_IP_NF_NAT_TFTP $CONFIG_IP_NF_NAT
|
94 |
|
|
fi
|
95 |
|
|
fi
|
96 |
|
|
fi
|
97 |
|
|
fi
|
98 |
|
|
|
99 |
|
|
dep_tristate ' Packet mangling' CONFIG_IP_NF_MANGLE $CONFIG_IP_NF_IPTABLES
|
100 |
|
|
if [ "$CONFIG_IP_NF_MANGLE" != "n" ]; then
|
101 |
|
|
dep_tristate ' TOS target support' CONFIG_IP_NF_TARGET_TOS $CONFIG_IP_NF_MANGLE
|
102 |
|
|
dep_tristate ' ECN target support' CONFIG_IP_NF_TARGET_ECN $CONFIG_IP_NF_MANGLE
|
103 |
|
|
|
104 |
|
|
dep_tristate ' DSCP target support' CONFIG_IP_NF_TARGET_DSCP $CONFIG_IP_NF_MANGLE
|
105 |
|
|
|
106 |
|
|
dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
|
107 |
|
|
fi
|
108 |
|
|
dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES
|
109 |
|
|
dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES
|
110 |
|
|
dep_tristate ' TCPMSS target support' CONFIG_IP_NF_TARGET_TCPMSS $CONFIG_IP_NF_IPTABLES
|
111 |
|
|
fi
|
112 |
|
|
|
113 |
|
|
tristate 'ARP tables support' CONFIG_IP_NF_ARPTABLES
|
114 |
|
|
if [ "$CONFIG_IP_NF_ARPTABLES" != "n" ]; then
|
115 |
|
|
dep_tristate ' ARP packet filtering' CONFIG_IP_NF_ARPFILTER $CONFIG_IP_NF_ARPTABLES
|
116 |
|
|
fi
|
117 |
|
|
if [ "$CONFIG_IP_NF_ARPTABLES" != "n" ]; then
|
118 |
|
|
dep_tristate ' ARP payload mangling' CONFIG_IP_NF_ARP_MANGLE $CONFIG_IP_NF_ARPTABLES
|
119 |
|
|
fi
|
120 |
|
|
|
121 |
|
|
# Backwards compatibility modules: only if you don't build in the others.
|
122 |
|
|
if [ "$CONFIG_IP_NF_CONNTRACK" != "y" ]; then
|
123 |
|
|
if [ "$CONFIG_IP_NF_IPTABLES" != "y" ]; then
|
124 |
|
|
tristate 'ipchains (2.2-style) support' CONFIG_IP_NF_COMPAT_IPCHAINS
|
125 |
|
|
if [ "$CONFIG_IP_NF_COMPAT_IPCHAINS" != "n" ]; then
|
126 |
|
|
define_bool CONFIG_IP_NF_NAT_NEEDED y
|
127 |
|
|
fi
|
128 |
|
|
if [ "$CONFIG_IP_NF_COMPAT_IPCHAINS" != "y" ]; then
|
129 |
|
|
tristate 'ipfwadm (2.0-style) support' CONFIG_IP_NF_COMPAT_IPFWADM
|
130 |
|
|
if [ "$CONFIG_IP_NF_COMPAT_IPFWADM" != "n" ]; then
|
131 |
|
|
define_bool CONFIG_IP_NF_NAT_NEEDED y
|
132 |
|
|
fi
|
133 |
|
|
fi
|
134 |
|
|
fi
|
135 |
|
|
fi
|
136 |
|
|
endmenu
|