linux/net/bridge/netfilter/Kconfig
<<
>>
Prefs
   1#
   2# Bridge netfilter configuration
   3#
   4
   5menuconfig BRIDGE_NF_EBTABLES
   6        tristate "Ethernet Bridge tables (ebtables) support"
   7        depends on BRIDGE && BRIDGE_NETFILTER
   8        select NETFILTER_XTABLES
   9        help
  10          ebtables is a general, extensible frame/packet identification
  11          framework. Say 'Y' or 'M' here if you want to do Ethernet
  12          filtering/NAT/brouting on the Ethernet bridge.
  13
  14if BRIDGE_NF_EBTABLES
  15
  16#
  17# tables
  18#
  19config BRIDGE_EBT_BROUTE
  20        tristate "ebt: broute table support"
  21        help
  22          The ebtables broute table is used to define rules that decide between
  23          bridging and routing frames, giving Linux the functionality of a
  24          brouter. See the man page for ebtables(8) and examples on the ebtables
  25          website.
  26
  27          To compile it as a module, choose M here.  If unsure, say N.
  28
  29config BRIDGE_EBT_T_FILTER
  30        tristate "ebt: filter table support"
  31        help
  32          The ebtables filter table is used to define frame filtering rules at
  33          local input, forwarding and local output. See the man page for
  34          ebtables(8).
  35
  36          To compile it as a module, choose M here.  If unsure, say N.
  37
  38config BRIDGE_EBT_T_NAT
  39        tristate "ebt: nat table support"
  40        help
  41          The ebtables nat table is used to define rules that alter the MAC
  42          source address (MAC SNAT) or the MAC destination address (MAC DNAT).
  43          See the man page for ebtables(8).
  44
  45          To compile it as a module, choose M here.  If unsure, say N.
  46#
  47# matches
  48#
  49config BRIDGE_EBT_802_3
  50        tristate "ebt: 802.3 filter support"
  51        help
  52          This option adds matching support for 802.3 Ethernet frames.
  53
  54          To compile it as a module, choose M here.  If unsure, say N.
  55
  56config BRIDGE_EBT_AMONG
  57        tristate "ebt: among filter support"
  58        help
  59          This option adds the among match, which allows matching the MAC source
  60          and/or destination address on a list of addresses. Optionally,
  61          MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
  62
  63          To compile it as a module, choose M here.  If unsure, say N.
  64
  65config BRIDGE_EBT_ARP
  66        tristate "ebt: ARP filter support"
  67        help
  68          This option adds the ARP match, which allows ARP and RARP header field
  69          filtering.
  70
  71          To compile it as a module, choose M here.  If unsure, say N.
  72
  73config BRIDGE_EBT_IP
  74        tristate "ebt: IP filter support"
  75        help
  76          This option adds the IP match, which allows basic IP header field
  77          filtering.
  78
  79          To compile it as a module, choose M here.  If unsure, say N.
  80
  81config BRIDGE_EBT_IP6
  82        tristate "ebt: IP6 filter support"
  83        depends on BRIDGE_NF_EBTABLES && IPV6
  84        help
  85          This option adds the IP6 match, which allows basic IPV6 header field
  86          filtering.
  87
  88          To compile it as a module, choose M here.  If unsure, say N.
  89
  90config BRIDGE_EBT_LIMIT
  91        tristate "ebt: limit match support"
  92        help
  93          This option adds the limit match, which allows you to control
  94          the rate at which a rule can be matched. This match is the
  95          equivalent of the iptables limit match.
  96
  97          If you want to compile it as a module, say M here and read
  98          <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
  99
 100config BRIDGE_EBT_MARK
 101        tristate "ebt: mark filter support"
 102        help
 103          This option adds the mark match, which allows matching frames based on
 104          the 'nfmark' value in the frame. This can be set by the mark target.
 105          This value is the same as the one used in the iptables mark match and
 106          target.
 107
 108          To compile it as a module, choose M here.  If unsure, say N.
 109
 110config BRIDGE_EBT_PKTTYPE
 111        tristate "ebt: packet type filter support"
 112        help
 113          This option adds the packet type match, which allows matching on the
 114          type of packet based on its Ethernet "class" (as determined by
 115          the generic networking code): broadcast, multicast,
 116          for this host alone or for another host.
 117
 118          To compile it as a module, choose M here.  If unsure, say N.
 119
 120config BRIDGE_EBT_STP
 121        tristate "ebt: STP filter support"
 122        help
 123          This option adds the Spanning Tree Protocol match, which
 124          allows STP header field filtering.
 125
 126          To compile it as a module, choose M here.  If unsure, say N.
 127
 128config BRIDGE_EBT_VLAN
 129        tristate "ebt: 802.1Q VLAN filter support"
 130        help
 131          This option adds the 802.1Q vlan match, which allows the filtering of
 132          802.1Q vlan fields.
 133
 134          To compile it as a module, choose M here.  If unsure, say N.
 135#
 136# targets
 137#
 138config BRIDGE_EBT_ARPREPLY
 139        tristate "ebt: arp reply target support"
 140        depends on BRIDGE_NF_EBTABLES && INET
 141        help
 142          This option adds the arp reply target, which allows
 143          automatically sending arp replies to arp requests.
 144
 145          To compile it as a module, choose M here.  If unsure, say N.
 146
 147config BRIDGE_EBT_DNAT
 148        tristate "ebt: dnat target support"
 149        help
 150          This option adds the MAC DNAT target, which allows altering the MAC
 151          destination address of frames.
 152
 153          To compile it as a module, choose M here.  If unsure, say N.
 154
 155config BRIDGE_EBT_MARK_T
 156        tristate "ebt: mark target support"
 157        help
 158          This option adds the mark target, which allows marking frames by
 159          setting the 'nfmark' value in the frame.
 160          This value is the same as the one used in the iptables mark match and
 161          target.
 162
 163          To compile it as a module, choose M here.  If unsure, say N.
 164
 165config BRIDGE_EBT_REDIRECT
 166        tristate "ebt: redirect target support"
 167        help
 168          This option adds the MAC redirect target, which allows altering the MAC
 169          destination address of a frame to that of the device it arrived on.
 170
 171          To compile it as a module, choose M here.  If unsure, say N.
 172
 173config BRIDGE_EBT_SNAT
 174        tristate "ebt: snat target support"
 175        help
 176          This option adds the MAC SNAT target, which allows altering the MAC
 177          source address of frames.
 178
 179          To compile it as a module, choose M here.  If unsure, say N.
 180#
 181# watchers
 182#
 183config BRIDGE_EBT_LOG
 184        tristate "ebt: log support"
 185        help
 186          This option adds the log watcher, that you can use in any rule
 187          in any ebtables table. It records info about the frame header
 188          to the syslog.
 189
 190          To compile it as a module, choose M here.  If unsure, say N.
 191
 192config BRIDGE_EBT_ULOG
 193        tristate "ebt: ulog support (OBSOLETE)"
 194        help
 195          This option enables the old bridge-specific "ebt_ulog" implementation
 196          which has been obsoleted by the new "nfnetlink_log" code (see
 197          CONFIG_NETFILTER_NETLINK_LOG).
 198
 199          This option adds the ulog watcher, that you can use in any rule
 200          in any ebtables table. The packet is passed to a userspace
 201          logging daemon using netlink multicast sockets. This differs
 202          from the log watcher in the sense that the complete packet is
 203          sent to userspace instead of a descriptive text and that
 204          netlink multicast sockets are used instead of the syslog.
 205
 206          To compile it as a module, choose M here.  If unsure, say N.
 207
 208config BRIDGE_EBT_NFLOG
 209        tristate "ebt: nflog support"
 210        help
 211          This option enables the nflog watcher, which allows to LOG
 212          messages through the netfilter logging API, which can use
 213          either the old LOG target, the old ULOG target or nfnetlink_log
 214          as backend.
 215
 216          This option adds the nflog watcher, that you can use in any rule
 217          in any ebtables table.
 218
 219          To compile it as a module, choose M here.  If unsure, say N.
 220
 221endif # BRIDGE_NF_EBTABLES
 222