1menu "Core Netfilter Configuration" 2 depends on NET && NETFILTER 3 4config NETFILTER_NETLINK 5 tristate "Netfilter netlink interface" 6 help 7 If this option is enabled, the kernel will include support 8 for the new netfilter netlink interface. 9 10config NETFILTER_NETLINK_QUEUE 11 tristate "Netfilter NFQUEUE over NFNETLINK interface" 12 depends on NETFILTER_NETLINK 13 help 14 If this option isenabled, the kernel will include support 15 for queueing packets via NFNETLINK. 16 17config NETFILTER_NETLINK_LOG 18 tristate "Netfilter LOG over NFNETLINK interface" 19 depends on NETFILTER_NETLINK 20 help 21 If this option is enabled, the kernel will include support 22 for logging packets via NFNETLINK. 23 24 This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms, 25 and is also scheduled to replace the old syslog-based ipt_LOG 26 and ip6t_LOG modules. 27 28config NF_CONNTRACK 29 tristate "Layer 3 Independent Connection tracking (EXPERIMENTAL)" 30 depends on EXPERIMENTAL && IP_NF_CONNTRACK=n 31 default n 32 ---help--- 33 Connection tracking keeps a record of what packets have passed 34 through your machine, in order to figure out how they are related 35 into connections. 36 37 Layer 3 independent connection tracking is experimental scheme 38 which generalize ip_conntrack to support other layer 3 protocols. 39 40 To compile it as a module, choose M here. If unsure, say N. 41 42config NF_CT_ACCT 43 bool "Connection tracking flow accounting" 44 depends on NF_CONNTRACK 45 help 46 If this option is enabled, the connection tracking code will 47 keep per-flow packet and byte counters. 48 49 Those counters can be used for flow-based accounting or the 50 `connbytes' match. 51 52 If unsure, say `N'. 53 54config NF_CONNTRACK_MARK 55 bool 'Connection mark tracking support' 56 depends on NF_CONNTRACK 57 help 58 This option enables support for connection marks, used by the 59 `CONNMARK' target and `connmark' match. Similar to the mark value 60 of packets, but this mark value is kept in the conntrack session 61 instead of the individual packets. 62 63config NF_CONNTRACK_EVENTS 64 bool "Connection tracking events (EXPERIMENTAL)" 65 depends on EXPERIMENTAL && NF_CONNTRACK 66 help 67 If this option is enabled, the connection tracking code will 68 provide a notifier chain that can be used by other kernel code 69 to get notified aboutchanges in the connection tracking state. 70 71 If unsure, say `N'. 72 73config NF_CT_PROTO_SCTP 74 tristate 'SCTP protocol on new connection tracking support (EXPERIMENTAL)' 75 depends on EXPERIMENTAL && NF_CONNTRACK 76 default n 77 help 78 With this option enabled, the layer 3 independent connection 79 tracking code will be able to do state tracking on SCTP connections. 80 81 If you want to compile it as a module, say M here and read 82 Documentation/modules.txt. If unsure, say `N'. 83 84config NF_CONNTRACK_FTP 85 tristate "FTP support on new connection tracking (EXPERIMENTAL)" 86 depends on EXPERIMENTAL && NF_CONNTRACK 87 help 88 Tracking FTP connections is problematic: special helpers are 89 required for tracking them, and doing masquerading and other forms 90 of Network Address Translation on them. 91 92 This is FTP support on Layer 3 independent connection tracking. 93 Layer 3 independent connection tracking is experimental scheme 94 which generalize ip_conntrack to support other layer 3 protocols. 95 96 To compile it as a module, choose M here. If unsure, say N. 97 98config NF_CT_NETLINK 99 tristate 'Connection tracking netlink interface (EXPERIMENTAL)' 100 depends on EXPERIMENTAL && NF_CONNTRACK && NETFILTER_NETLINK 101 depends on NF_CONNTRACK!=y || NETFILTER_NETLINK!=m 102 help 103 This option enables support for a netlink-based userspace interface 104 105endmenu 106