xref: /openbmc/linux/net/netfilter/ipset/Kconfig (revision 3932b9ca) 
1menuconfig IP_SET
2	tristate "IP set support"
3	depends on INET && NETFILTER
4	select NETFILTER_NETLINK
5	help
6	  This option adds IP set support to the kernel.
7	  In order to define and use the sets, you need the userspace utility
8	  ipset(8). You can use the sets in netfilter via the "set" match
9	  and "SET" target.
10
11	  To compile it as a module, choose M here.  If unsure, say N.
12
13if IP_SET
14
15config IP_SET_MAX
16	int "Maximum number of IP sets"
17	default 256
18	range 2 65534
19	depends on IP_SET
20	help
21	  You can define here default value of the maximum number
22	  of IP sets for the kernel.
23
24	  The value can be overridden by the 'max_sets' module
25	  parameter of the 'ip_set' module.
26
27config IP_SET_BITMAP_IP
28	tristate "bitmap:ip set support"
29	depends on IP_SET
30	help
31	  This option adds the bitmap:ip set type support, by which one
32	  can store IPv4 addresses (or network addresse) from a range.
33
34	  To compile it as a module, choose M here.  If unsure, say N.
35
36config IP_SET_BITMAP_IPMAC
37	tristate "bitmap:ip,mac set support"
38	depends on IP_SET
39	help
40	  This option adds the bitmap:ip,mac set type support, by which one
41	  can store IPv4 address and (source) MAC address pairs from a range.
42
43	  To compile it as a module, choose M here.  If unsure, say N.
44
45config IP_SET_BITMAP_PORT
46	tristate "bitmap:port set support"
47	depends on IP_SET
48	help
49	  This option adds the bitmap:port set type support, by which one
50	  can store TCP/UDP port numbers from a range.
51
52	  To compile it as a module, choose M here.  If unsure, say N.
53
54config IP_SET_HASH_IP
55	tristate "hash:ip set support"
56	depends on IP_SET
57	help
58	  This option adds the hash:ip set type support, by which one
59	  can store arbitrary IPv4 or IPv6 addresses (or network addresses)
60	  in a set.
61
62	  To compile it as a module, choose M here.  If unsure, say N.
63
64config IP_SET_HASH_IPMARK
65	tristate "hash:ip,mark set support"
66	depends on IP_SET
67	help
68	  This option adds the hash:ip,mark set type support, by which one
69	  can store IPv4/IPv6 address and mark pairs.
70
71	  To compile it as a module, choose M here.  If unsure, say N.
72
73config IP_SET_HASH_IPPORT
74	tristate "hash:ip,port set support"
75	depends on IP_SET
76	help
77	  This option adds the hash:ip,port set type support, by which one
78	  can store IPv4/IPv6 address and protocol/port pairs.
79
80	  To compile it as a module, choose M here.  If unsure, say N.
81
82config IP_SET_HASH_IPPORTIP
83	tristate "hash:ip,port,ip set support"
84	depends on IP_SET
85	help
86	  This option adds the hash:ip,port,ip set type support, by which
87	  one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6
88	  address triples in a set.
89
90	  To compile it as a module, choose M here.  If unsure, say N.
91
92config IP_SET_HASH_IPPORTNET
93	tristate "hash:ip,port,net set support"
94	depends on IP_SET
95	help
96	  This option adds the hash:ip,port,net set type support, by which
97	  one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6
98	  network address/prefix triples in a set.
99
100	  To compile it as a module, choose M here.  If unsure, say N.
101
102config IP_SET_HASH_NETPORTNET
103	tristate "hash:net,port,net set support"
104	depends on IP_SET
105	help
106	  This option adds the hash:net,port,net set type support, by which
107	  one can store two IPv4/IPv6 subnets, and a protocol/port in a set.
108
109	  To compile it as a module, choose M here.  If unsure, say N.
110
111config IP_SET_HASH_NET
112	tristate "hash:net set support"
113	depends on IP_SET
114	help
115	  This option adds the hash:net set type support, by which
116	  one can store IPv4/IPv6 network address/prefix elements in a set.
117
118	  To compile it as a module, choose M here.  If unsure, say N.
119
120config IP_SET_HASH_NETNET
121	tristate "hash:net,net set support"
122	depends on IP_SET
123	help
124	  This option adds the hash:net,net  set type support, by which
125	  one can store IPv4/IPv6 network address/prefix pairs in a set.
126
127	  To compile it as a module, choose M here.  If unsure, say N.
128
129config IP_SET_HASH_NETPORT
130	tristate "hash:net,port set support"
131	depends on IP_SET
132	help
133	  This option adds the hash:net,port set type support, by which
134	  one can store IPv4/IPv6 network address/prefix and
135	  protocol/port pairs as elements in a set.
136
137	  To compile it as a module, choose M here.  If unsure, say N.
138
139config IP_SET_HASH_NETIFACE
140	tristate "hash:net,iface set support"
141	depends on IP_SET
142	help
143	  This option adds the hash:net,iface set type support, by which
144	  one can store IPv4/IPv6 network address/prefix and
145	  interface name pairs as elements in a set.
146
147	  To compile it as a module, choose M here.  If unsure, say N.
148
149config IP_SET_LIST_SET
150	tristate "list:set set support"
151	depends on IP_SET
152	help
153	  This option adds the list:set set type support. In this
154	  kind of set one can store the name of other sets and it forms
155	  an ordered union of the member sets.
156
157	  To compile it as a module, choose M here.  If unsure, say N.
158
159endif # IP_SET
160