Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | # |
2 | # Bridge netfilter configuration | |
3 | # | |
4 | ||
5 | menu "Bridge: Netfilter Configuration" | |
6 | depends on BRIDGE && NETFILTER | |
7 | ||
8 | config BRIDGE_NF_EBTABLES | |
9 | tristate "Ethernet Bridge tables (ebtables) support" | |
10 | help | |
11 | ebtables is a general, extensible frame/packet identification | |
12 | framework. Say 'Y' or 'M' here if you want to do Ethernet | |
13 | filtering/NAT/brouting on the Ethernet bridge. | |
14 | # | |
15 | # tables | |
16 | # | |
17 | config BRIDGE_EBT_BROUTE | |
18 | tristate "ebt: broute table support" | |
19 | depends on BRIDGE_NF_EBTABLES | |
20 | help | |
21 | The ebtables broute table is used to define rules that decide between | |
22 | bridging and routing frames, giving Linux the functionality of a | |
23 | brouter. See the man page for ebtables(8) and examples on the ebtables | |
24 | website. | |
25 | ||
26 | To compile it as a module, choose M here. If unsure, say N. | |
27 | ||
28 | config BRIDGE_EBT_T_FILTER | |
29 | tristate "ebt: filter table support" | |
30 | depends on BRIDGE_NF_EBTABLES | |
31 | help | |
32 | The ebtables filter table is used to define frame filtering rules at | |
33 | local input, forwarding and local output. See the man page for | |
34 | ebtables(8). | |
35 | ||
36 | To compile it as a module, choose M here. If unsure, say N. | |
37 | ||
38 | config BRIDGE_EBT_T_NAT | |
39 | tristate "ebt: nat table support" | |
40 | depends on BRIDGE_NF_EBTABLES | |
41 | help | |
42 | The ebtables nat table is used to define rules that alter the MAC | |
43 | source address (MAC SNAT) or the MAC destination address (MAC DNAT). | |
44 | See the man page for ebtables(8). | |
45 | ||
46 | To compile it as a module, choose M here. If unsure, say N. | |
47 | # | |
48 | # matches | |
49 | # | |
50 | config BRIDGE_EBT_802_3 | |
51 | tristate "ebt: 802.3 filter support" | |
52 | depends on BRIDGE_NF_EBTABLES | |
53 | help | |
54 | This option adds matching support for 802.3 Ethernet frames. | |
55 | ||
56 | To compile it as a module, choose M here. If unsure, say N. | |
57 | ||
58 | config BRIDGE_EBT_AMONG | |
59 | tristate "ebt: among filter support" | |
60 | depends on BRIDGE_NF_EBTABLES | |
61 | help | |
62 | This option adds the among match, which allows matching the MAC source | |
63 | and/or destination address on a list of addresses. Optionally, | |
64 | MAC/IP address pairs can be matched, f.e. for anti-spoofing rules. | |
65 | ||
66 | To compile it as a module, choose M here. If unsure, say N. | |
67 | ||
68 | config BRIDGE_EBT_ARP | |
69 | tristate "ebt: ARP filter support" | |
70 | depends on BRIDGE_NF_EBTABLES | |
71 | help | |
72 | This option adds the ARP match, which allows ARP and RARP header field | |
73 | filtering. | |
74 | ||
75 | To compile it as a module, choose M here. If unsure, say N. | |
76 | ||
77 | config BRIDGE_EBT_IP | |
78 | tristate "ebt: IP filter support" | |
79 | depends on BRIDGE_NF_EBTABLES | |
80 | help | |
81 | This option adds the IP match, which allows basic IP header field | |
82 | filtering. | |
83 | ||
84 | To compile it as a module, choose M here. If unsure, say N. | |
85 | ||
86 | config BRIDGE_EBT_LIMIT | |
87 | tristate "ebt: limit match support" | |
88 | depends on BRIDGE_NF_EBTABLES | |
89 | help | |
90 | This option adds the limit match, which allows you to control | |
91 | the rate at which a rule can be matched. This match is the | |
92 | equivalent of the iptables limit match. | |
93 | ||
94 | If you want to compile it as a module, say M here and read | |
95 | <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. | |
96 | ||
97 | config BRIDGE_EBT_MARK | |
98 | tristate "ebt: mark filter support" | |
99 | depends on BRIDGE_NF_EBTABLES | |
100 | help | |
101 | This option adds the mark match, which allows matching frames based on | |
102 | the 'nfmark' value in the frame. This can be set by the mark target. | |
103 | This value is the same as the one used in the iptables mark match and | |
104 | target. | |
105 | ||
106 | To compile it as a module, choose M here. If unsure, say N. | |
107 | ||
108 | config BRIDGE_EBT_PKTTYPE | |
109 | tristate "ebt: packet type filter support" | |
110 | depends on BRIDGE_NF_EBTABLES | |
111 | help | |
112 | This option adds the packet type match, which allows matching on the | |
113 | type of packet based on its Ethernet "class" (as determined by | |
114 | the generic networking code): broadcast, multicast, | |
115 | for this host alone or for another host. | |
116 | ||
117 | To compile it as a module, choose M here. If unsure, say N. | |
118 | ||
119 | config BRIDGE_EBT_STP | |
120 | tristate "ebt: STP filter support" | |
121 | depends on BRIDGE_NF_EBTABLES | |
122 | help | |
123 | This option adds the Spanning Tree Protocol match, which | |
124 | allows STP header field filtering. | |
125 | ||
126 | To compile it as a module, choose M here. If unsure, say N. | |
127 | ||
128 | config BRIDGE_EBT_VLAN | |
129 | tristate "ebt: 802.1Q VLAN filter support" | |
130 | depends on BRIDGE_NF_EBTABLES | |
131 | help | |
132 | This option adds the 802.1Q vlan match, which allows the filtering of | |
133 | 802.1Q vlan fields. | |
134 | ||
135 | To compile it as a module, choose M here. If unsure, say N. | |
136 | # | |
137 | # targets | |
138 | # | |
139 | config BRIDGE_EBT_ARPREPLY | |
140 | tristate "ebt: arp reply target support" | |
eb3f8f5e | 141 | depends on BRIDGE_NF_EBTABLES && INET |
1da177e4 LT |
142 | help |
143 | This option adds the arp reply target, which allows | |
144 | automatically sending arp replies to arp requests. | |
145 | ||
146 | To compile it as a module, choose M here. If unsure, say N. | |
147 | ||
148 | config BRIDGE_EBT_DNAT | |
149 | tristate "ebt: dnat target support" | |
150 | depends on BRIDGE_NF_EBTABLES | |
151 | help | |
152 | This option adds the MAC DNAT target, which allows altering the MAC | |
153 | destination address of frames. | |
154 | ||
155 | To compile it as a module, choose M here. If unsure, say N. | |
156 | ||
157 | config BRIDGE_EBT_MARK_T | |
158 | tristate "ebt: mark target support" | |
159 | depends on BRIDGE_NF_EBTABLES | |
160 | help | |
161 | This option adds the mark target, which allows marking frames by | |
162 | setting the 'nfmark' value in the frame. | |
163 | This value is the same as the one used in the iptables mark match and | |
164 | target. | |
165 | ||
166 | To compile it as a module, choose M here. If unsure, say N. | |
167 | ||
168 | config BRIDGE_EBT_REDIRECT | |
169 | tristate "ebt: redirect target support" | |
170 | depends on BRIDGE_NF_EBTABLES | |
171 | help | |
172 | This option adds the MAC redirect target, which allows altering the MAC | |
173 | destination address of a frame to that of the device it arrived on. | |
174 | ||
175 | To compile it as a module, choose M here. If unsure, say N. | |
176 | ||
177 | config BRIDGE_EBT_SNAT | |
178 | tristate "ebt: snat target support" | |
179 | depends on BRIDGE_NF_EBTABLES | |
180 | help | |
181 | This option adds the MAC SNAT target, which allows altering the MAC | |
182 | source address of frames. | |
183 | ||
184 | To compile it as a module, choose M here. If unsure, say N. | |
185 | # | |
186 | # watchers | |
187 | # | |
188 | config BRIDGE_EBT_LOG | |
189 | tristate "ebt: log support" | |
190 | depends on BRIDGE_NF_EBTABLES | |
191 | help | |
192 | This option adds the log watcher, that you can use in any rule | |
193 | in any ebtables table. It records info about the frame header | |
194 | to the syslog. | |
195 | ||
196 | To compile it as a module, choose M here. If unsure, say N. | |
197 | ||
198 | config BRIDGE_EBT_ULOG | |
d5228a4f | 199 | tristate "ebt: ulog support (OBSOLETE)" |
1da177e4 LT |
200 | depends on BRIDGE_NF_EBTABLES |
201 | help | |
d5228a4f BDS |
202 | This option enables the old bridge-specific "ebt_ulog" implementation |
203 | which has been obsoleted by the new "nfnetlink_log" code (see | |
204 | CONFIG_NETFILTER_NETLINK_LOG). | |
205 | ||
1da177e4 LT |
206 | This option adds the ulog watcher, that you can use in any rule |
207 | in any ebtables table. The packet is passed to a userspace | |
208 | logging daemon using netlink multicast sockets. This differs | |
209 | from the log watcher in the sense that the complete packet is | |
210 | sent to userspace instead of a descriptive text and that | |
211 | netlink multicast sockets are used instead of the syslog. | |
212 | ||
213 | To compile it as a module, choose M here. If unsure, say N. | |
214 | ||
215 | endmenu |