GNU Linux-libre 4.14.251-gnu1

[releases.git] / net / bridge / netfilter / Kconfig

#
# Bridge netfilter configuration
#
#
menuconfig NF_TABLES_BRIDGE
        depends on BRIDGE && NETFILTER && NF_TABLES
        tristate "Ethernet Bridge nf_tables support"

if NF_TABLES_BRIDGE

config NFT_BRIDGE_META
        tristate "Netfilter nf_table bridge meta support"
        depends on NFT_META
        help
          Add support for bridge dedicated meta key.

config NFT_BRIDGE_REJECT
        tristate "Netfilter nf_tables bridge reject support"
        depends on NFT_REJECT && NFT_REJECT_IPV4 && NFT_REJECT_IPV6
        help
          Add support to reject packets.

config NF_LOG_BRIDGE
        tristate "Bridge packet logging"
        select NF_LOG_COMMON

endif # NF_TABLES_BRIDGE

menuconfig BRIDGE_NF_EBTABLES
        tristate "Ethernet Bridge tables (ebtables) support"
        depends on BRIDGE && NETFILTER && NETFILTER_XTABLES
        help
          ebtables is a general, extensible frame/packet identification
          framework. Say 'Y' or 'M' here if you want to do Ethernet
          filtering/NAT/brouting on the Ethernet bridge.

if BRIDGE_NF_EBTABLES

#
# tables
#
config BRIDGE_EBT_BROUTE
        tristate "ebt: broute table support"
        help
          The ebtables broute table is used to define rules that decide between
          bridging and routing frames, giving Linux the functionality of a
          brouter. See the man page for ebtables(8) and examples on the ebtables
          website.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_T_FILTER
        tristate "ebt: filter table support"
        help
          The ebtables filter table is used to define frame filtering rules at
          local input, forwarding and local output. See the man page for
          ebtables(8).

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_T_NAT
        tristate "ebt: nat table support"
        help
          The ebtables nat table is used to define rules that alter the MAC
          source address (MAC SNAT) or the MAC destination address (MAC DNAT).
          See the man page for ebtables(8).

          To compile it as a module, choose M here.  If unsure, say N.
#
# matches
#
config BRIDGE_EBT_802_3
        tristate "ebt: 802.3 filter support"
        help
          This option adds matching support for 802.3 Ethernet frames.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_AMONG
        tristate "ebt: among filter support"
        help
          This option adds the among match, which allows matching the MAC source
          and/or destination address on a list of addresses. Optionally,
          MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_ARP
        tristate "ebt: ARP filter support"
        help
          This option adds the ARP match, which allows ARP and RARP header field
          filtering.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_IP
        tristate "ebt: IP filter support"
        help
          This option adds the IP match, which allows basic IP header field
          filtering.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_IP6
        tristate "ebt: IP6 filter support"
        depends on BRIDGE_NF_EBTABLES && IPV6
        help
          This option adds the IP6 match, which allows basic IPV6 header field
          filtering.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_LIMIT
        tristate "ebt: limit match support"
        help
          This option adds the limit match, which allows you to control
          the rate at which a rule can be matched. This match is the
          equivalent of the iptables limit match.

          If you want to compile it as a module, say M here and read
          <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.

config BRIDGE_EBT_MARK
        tristate "ebt: mark filter support"
        help
          This option adds the mark match, which allows matching frames based on
          the 'nfmark' value in the frame. This can be set by the mark target.
          This value is the same as the one used in the iptables mark match and
          target.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_PKTTYPE
        tristate "ebt: packet type filter support"
        help
          This option adds the packet type match, which allows matching on the
          type of packet based on its Ethernet "class" (as determined by
          the generic networking code): broadcast, multicast,
          for this host alone or for another host.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_STP
        tristate "ebt: STP filter support"
        help
          This option adds the Spanning Tree Protocol match, which
          allows STP header field filtering.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_VLAN
        tristate "ebt: 802.1Q VLAN filter support"
        help
          This option adds the 802.1Q vlan match, which allows the filtering of
          802.1Q vlan fields.

          To compile it as a module, choose M here.  If unsure, say N.
#
# targets
#
config BRIDGE_EBT_ARPREPLY
        tristate "ebt: arp reply target support"
        depends on BRIDGE_NF_EBTABLES && INET
        help
          This option adds the arp reply target, which allows
          automatically sending arp replies to arp requests.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_DNAT
        tristate "ebt: dnat target support"
        help
          This option adds the MAC DNAT target, which allows altering the MAC
          destination address of frames.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_MARK_T
        tristate "ebt: mark target support"
        help
          This option adds the mark target, which allows marking frames by
          setting the 'nfmark' value in the frame.
          This value is the same as the one used in the iptables mark match and
          target.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_REDIRECT
        tristate "ebt: redirect target support"
        help
          This option adds the MAC redirect target, which allows altering the MAC
          destination address of a frame to that of the device it arrived on.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_SNAT
        tristate "ebt: snat target support"
        help
          This option adds the MAC SNAT target, which allows altering the MAC
          source address of frames.

          To compile it as a module, choose M here.  If unsure, say N.
#
# watchers
#
config BRIDGE_EBT_LOG
        tristate "ebt: log support"
        help
          This option adds the log watcher, that you can use in any rule
          in any ebtables table. It records info about the frame header
          to the syslog.

          To compile it as a module, choose M here.  If unsure, say N.

config BRIDGE_EBT_NFLOG
        tristate "ebt: nflog support"
        help
          This option enables the nflog watcher, which allows to LOG
          messages through the netfilter logging API, which can use
          either the old LOG target, the old ULOG target or nfnetlink_log
          as backend.

          This option adds the nflog watcher, that you can use in any rule
          in any ebtables table.

          To compile it as a module, choose M here.  If unsure, say N.

endif # BRIDGE_NF_EBTABLES