1# 2# IP netfilter configuration 3# 4 5menu "IPv6: Netfilter Configuration" 6 depends on INET && IPV6 && NETFILTER 7 8config NF_CONNTRACK_IPV6 9 tristate "IPv6 connection tracking support" 10 depends on INET && IPV6 && NF_CONNTRACK 11 default m if NETFILTER_ADVANCED=n 12 ---help--- 13 Connection tracking keeps a record of what packets have passed 14 through your machine, in order to figure out how they are related 15 into connections. 16 17 This is IPv6 support on Layer 3 independent connection tracking. 18 Layer 3 independent connection tracking is experimental scheme 19 which generalize ip_conntrack to support other layer 3 protocols. 20 21 To compile it as a module, choose M here. If unsure, say N. 22 23config IP6_NF_QUEUE 24 tristate "IP6 Userspace queueing via NETLINK (OBSOLETE)" 25 depends on INET && IPV6 && NETFILTER 26 depends on NETFILTER_ADVANCED 27 ---help--- 28 29 This option adds a queue handler to the kernel for IPv6 30 packets which enables users to receive the filtered packets 31 with QUEUE target using libipq. 32 33 This option enables the old IPv6-only "ip6_queue" implementation 34 which has been obsoleted by the new "nfnetlink_queue" code (see 35 CONFIG_NETFILTER_NETLINK_QUEUE). 36 37 (C) Fernando Anton 2001 38 IPv64 Project - Work based in IPv64 draft by Arturo Azcorra. 39 Universidad Carlos III de Madrid 40 Universidad Politecnica de Alcala de Henares 41 email: <fanton@it.uc3m.es>. 42 43 To compile it as a module, choose M here. If unsure, say N. 44 45config IP6_NF_IPTABLES 46 tristate "IP6 tables support (required for filtering)" 47 depends on INET && IPV6 48 select NETFILTER_XTABLES 49 default m if NETFILTER_ADVANCED=n 50 help 51 ip6tables is a general, extensible packet identification framework. 52 Currently only the packet filtering and packet mangling subsystem 53 for IPv6 use this, but connection tracking is going to follow. 54 Say 'Y' or 'M' here if you want to use either of those. 55 56 To compile it as a module, choose M here. If unsure, say N. 57 58if IP6_NF_IPTABLES 59 60# The simple matches. 61config IP6_NF_MATCH_AH 62 tristate '"ah" match support' 63 depends on NETFILTER_ADVANCED 64 help 65 This module allows one to match AH packets. 66 67 To compile it as a module, choose M here. If unsure, say N. 68 69config IP6_NF_MATCH_EUI64 70 tristate '"eui64" address check' 71 depends on NETFILTER_ADVANCED 72 help 73 This module performs checking on the IPv6 source address 74 Compares the last 64 bits with the EUI64 (delivered 75 from the MAC address) address 76 77 To compile it as a module, choose M here. If unsure, say N. 78 79config IP6_NF_MATCH_FRAG 80 tristate '"frag" Fragmentation header match support' 81 depends on NETFILTER_ADVANCED 82 help 83 frag matching allows you to match packets based on the fragmentation 84 header of the packet. 85 86 To compile it as a module, choose M here. If unsure, say N. 87 88config IP6_NF_MATCH_OPTS 89 tristate '"hbh" hop-by-hop and "dst" opts header match support' 90 depends on NETFILTER_ADVANCED 91 help 92 This allows one to match packets based on the hop-by-hop 93 and destination options headers of a packet. 94 95 To compile it as a module, choose M here. If unsure, say N. 96 97config IP6_NF_MATCH_HL 98 tristate '"hl" hoplimit match support' 99 depends on NETFILTER_ADVANCED 100 select NETFILTER_XT_MATCH_HL 101 ---help--- 102 This is a backwards-compat option for the user's convenience 103 (e.g. when running oldconfig). It selects 104 CONFIG_NETFILTER_XT_MATCH_HL. 105 106config IP6_NF_MATCH_IPV6HEADER 107 tristate '"ipv6header" IPv6 Extension Headers Match' 108 default m if NETFILTER_ADVANCED=n 109 help 110 This module allows one to match packets based upon 111 the ipv6 extension headers. 112 113 To compile it as a module, choose M here. If unsure, say N. 114 115config IP6_NF_MATCH_MH 116 tristate '"mh" match support' 117 depends on NETFILTER_ADVANCED 118 help 119 This module allows one to match MH packets. 120 121 To compile it as a module, choose M here. If unsure, say N. 122 123config IP6_NF_MATCH_RT 124 tristate '"rt" Routing header match support' 125 depends on NETFILTER_ADVANCED 126 help 127 rt matching allows you to match packets based on the routing 128 header of the packet. 129 130 To compile it as a module, choose M here. If unsure, say N. 131 132# The targets 133config IP6_NF_TARGET_HL 134 tristate '"HL" hoplimit target support' 135 depends on NETFILTER_ADVANCED && IP6_NF_MANGLE 136 select NETFILTER_XT_TARGET_HL 137 ---help--- 138 This is a backwards-compatible option for the user's convenience 139 (e.g. when running oldconfig). It selects 140 CONFIG_NETFILTER_XT_TARGET_HL. 141 142config IP6_NF_TARGET_LOG 143 tristate "LOG target support" 144 default m if NETFILTER_ADVANCED=n 145 help 146 This option adds a `LOG' target, which allows you to create rules in 147 any iptables table which records the packet header to the syslog. 148 149 To compile it as a module, choose M here. If unsure, say N. 150 151config IP6_NF_FILTER 152 tristate "Packet filtering" 153 default m if NETFILTER_ADVANCED=n 154 help 155 Packet filtering defines a table `filter', which has a series of 156 rules for simple packet filtering at local input, forwarding and 157 local output. See the man page for iptables(8). 158 159 To compile it as a module, choose M here. If unsure, say N. 160 161config IP6_NF_TARGET_REJECT 162 tristate "REJECT target support" 163 depends on IP6_NF_FILTER 164 default m if NETFILTER_ADVANCED=n 165 help 166 The REJECT target allows a filtering rule to specify that an ICMPv6 167 error should be issued in response to an incoming packet, rather 168 than silently being dropped. 169 170 To compile it as a module, choose M here. If unsure, say N. 171 172config IP6_NF_MANGLE 173 tristate "Packet mangling" 174 default m if NETFILTER_ADVANCED=n 175 help 176 This option adds a `mangle' table to iptables: see the man page for 177 iptables(8). This table is used for various packet alterations 178 which can effect how the packet is routed. 179 180 To compile it as a module, choose M here. If unsure, say N. 181 182config IP6_NF_RAW 183 tristate 'raw table support (required for TRACE)' 184 depends on NETFILTER_ADVANCED 185 help 186 This option adds a `raw' table to ip6tables. This table is the very 187 first in the netfilter framework and hooks in at the PREROUTING 188 and OUTPUT chains. 189 190 If you want to compile it as a module, say M here and read 191 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. 192 193# security table for MAC policy 194config IP6_NF_SECURITY 195 tristate "Security table" 196 depends on SECURITY 197 depends on NETFILTER_ADVANCED 198 help 199 This option adds a `security' table to iptables, for use 200 with Mandatory Access Control (MAC) policy. 201 202 If unsure, say N. 203 204endif # IP6_NF_IPTABLES 205 206endmenu 207 208