mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-10-19 09:59:04 +00:00
1da177e4c3
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
242 lines
8.2 KiB
Text
242 lines
8.2 KiB
Text
#
|
|
# IP netfilter configuration
|
|
#
|
|
|
|
menu "IPv6: Netfilter Configuration (EXPERIMENTAL)"
|
|
depends on INET && IPV6 && NETFILTER && EXPERIMENTAL
|
|
|
|
#tristate 'Connection tracking (required for masq/NAT)' CONFIG_IP6_NF_CONNTRACK
|
|
#if [ "$CONFIG_IP6_NF_CONNTRACK" != "n" ]; then
|
|
# dep_tristate ' FTP protocol support' CONFIG_IP6_NF_FTP $CONFIG_IP6_NF_CONNTRACK
|
|
#fi
|
|
config IP6_NF_QUEUE
|
|
tristate "Userspace queueing via NETLINK"
|
|
---help---
|
|
|
|
This option adds a queue handler to the kernel for IPv6
|
|
packets which lets us to receive the filtered packets
|
|
with QUEUE target using libiptc as we can do with
|
|
the IPv4 now.
|
|
|
|
(C) Fernando Anton 2001
|
|
IPv64 Project - Work based in IPv64 draft by Arturo Azcorra.
|
|
Universidad Carlos III de Madrid
|
|
Universidad Politecnica de Alcala de Henares
|
|
email: <fanton@it.uc3m.es>.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_IPTABLES
|
|
tristate "IP6 tables support (required for filtering/masq/NAT)"
|
|
help
|
|
ip6tables is a general, extensible packet identification framework.
|
|
Currently only the packet filtering and packet mangling subsystem
|
|
for IPv6 use this, but connection tracking is going to follow.
|
|
Say 'Y' or 'M' here if you want to use either of those.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
# The simple matches.
|
|
config IP6_NF_MATCH_LIMIT
|
|
tristate "limit match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
limit matching allows you to control the rate at which a rule can be
|
|
matched: mainly useful in combination with the LOG target ("LOG
|
|
target support", below) and to avoid some Denial of Service attacks.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_MAC
|
|
tristate "MAC address match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
mac matching allows you to match packets based on the source
|
|
Ethernet address of the packet.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_RT
|
|
tristate "Routing header match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
rt matching allows you to match packets based on the routing
|
|
header of the packet.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_OPTS
|
|
tristate "Hop-by-hop and Dst opts header match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
This allows one to match packets based on the hop-by-hop
|
|
and destination options headers of a packet.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_FRAG
|
|
tristate "Fragmentation header match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
frag matching allows you to match packets based on the fragmentation
|
|
header of the packet.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_HL
|
|
tristate "HL match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
HL matching allows you to match packets based on the hop
|
|
limit of the packet.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_MULTIPORT
|
|
tristate "Multiple port match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
Multiport matching allows you to match TCP or UDP packets based on
|
|
a series of source or destination ports: normally a rule can only
|
|
match a single range of ports.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_OWNER
|
|
tristate "Owner match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
Packet owner matching allows you to match locally-generated packets
|
|
based on who created them: the user, group, process or session.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
# dep_tristate ' MAC address match support' CONFIG_IP6_NF_MATCH_MAC $CONFIG_IP6_NF_IPTABLES
|
|
config IP6_NF_MATCH_MARK
|
|
tristate "netfilter MARK match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
Netfilter mark matching allows you to match packets based on the
|
|
`nfmark' value in the packet. This can be set by the MARK target
|
|
(see below).
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_IPV6HEADER
|
|
tristate "IPv6 Extension Headers Match"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
This module allows one to match packets based upon
|
|
the ipv6 extension headers.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_AHESP
|
|
tristate "AH/ESP match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
This module allows one to match AH and ESP packets.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_LENGTH
|
|
tristate "Packet Length match support"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
This option allows you to match the length of a packet against a
|
|
specific value or range of values.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_EUI64
|
|
tristate "EUI64 address check"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
This module performs checking on the IPv6 source address
|
|
Compares the last 64 bits with the EUI64 (delivered
|
|
from the MAC address) address
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_MATCH_PHYSDEV
|
|
tristate "Physdev match support"
|
|
depends on IP6_NF_IPTABLES && BRIDGE_NETFILTER
|
|
help
|
|
Physdev packet matching matches against the physical bridge ports
|
|
the IP packet arrived on or will leave by.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
# dep_tristate ' Multiple port match support' CONFIG_IP6_NF_MATCH_MULTIPORT $CONFIG_IP6_NF_IPTABLES
|
|
# dep_tristate ' TOS match support' CONFIG_IP6_NF_MATCH_TOS $CONFIG_IP6_NF_IPTABLES
|
|
# if [ "$CONFIG_IP6_NF_CONNTRACK" != "n" ]; then
|
|
# dep_tristate ' Connection state match support' CONFIG_IP6_NF_MATCH_STATE $CONFIG_IP6_NF_CONNTRACK $CONFIG_IP6_NF_IPTABLES
|
|
# fi
|
|
# if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
|
|
# dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP6_NF_MATCH_UNCLEAN $CONFIG_IP6_NF_IPTABLES
|
|
# dep_tristate ' Owner match support (EXPERIMENTAL)' CONFIG_IP6_NF_MATCH_OWNER $CONFIG_IP6_NF_IPTABLES
|
|
# fi
|
|
# The targets
|
|
config IP6_NF_FILTER
|
|
tristate "Packet filtering"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
Packet filtering defines a table `filter', which has a series of
|
|
rules for simple packet filtering at local input, forwarding and
|
|
local output. See the man page for iptables(8).
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
config IP6_NF_TARGET_LOG
|
|
tristate "LOG target support"
|
|
depends on IP6_NF_FILTER
|
|
help
|
|
This option adds a `LOG' target, which allows you to create rules in
|
|
any iptables table which records the packet header to the syslog.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
# if [ "$CONFIG_IP6_NF_FILTER" != "n" ]; then
|
|
# dep_tristate ' REJECT target support' CONFIG_IP6_NF_TARGET_REJECT $CONFIG_IP6_NF_FILTER
|
|
# if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
|
|
# dep_tristate ' MIRROR target support (EXPERIMENTAL)' CONFIG_IP6_NF_TARGET_MIRROR $CONFIG_IP6_NF_FILTER
|
|
# fi
|
|
# fi
|
|
config IP6_NF_MANGLE
|
|
tristate "Packet mangling"
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
This option adds a `mangle' table to iptables: see the man page for
|
|
iptables(8). This table is used for various packet alterations
|
|
which can effect how the packet is routed.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
# dep_tristate ' TOS target support' CONFIG_IP6_NF_TARGET_TOS $CONFIG_IP_NF_MANGLE
|
|
config IP6_NF_TARGET_MARK
|
|
tristate "MARK target support"
|
|
depends on IP6_NF_MANGLE
|
|
help
|
|
This option adds a `MARK' target, which allows you to create rules
|
|
in the `mangle' table which alter the netfilter mark (nfmark) field
|
|
associated with the packet packet prior to routing. This can change
|
|
the routing method (see `Use netfilter MARK value as routing
|
|
key') and can also be used by other subsystems to change their
|
|
behavior.
|
|
|
|
To compile it as a module, choose M here. If unsure, say N.
|
|
|
|
#dep_tristate ' LOG target support' CONFIG_IP6_NF_TARGET_LOG $CONFIG_IP6_NF_IPTABLES
|
|
config IP6_NF_RAW
|
|
tristate 'raw table support (required for TRACE)'
|
|
depends on IP6_NF_IPTABLES
|
|
help
|
|
This option adds a `raw' table to ip6tables. This table is the very
|
|
first in the netfilter framework and hooks in at the PREROUTING
|
|
and OUTPUT chains.
|
|
|
|
If you want to compile it as a module, say M here and read
|
|
<file:Documentation/modules.txt>. If unsure, say `N'.
|
|
|
|
endmenu
|
|
|