xref: /openbmc/linux/net/netfilter/ipset/Kconfig (revision 93d90ad7) 
1menuconfig IP_SET
2	tristate "IP set support"
3	depends on INET && NETFILTER
4	select NETFILTER_NETLINK
5	help
6	  This option adds IP set support to the kernel.
7	  In order to define and use the sets, you need the userspace utility
8	  ipset(8). You can use the sets in netfilter via the "set" match
9	  and "SET" target.
10
11	  To compile it as a module, choose M here.  If unsure, say N.
12
13if IP_SET
14
15config IP_SET_MAX
16	int "Maximum number of IP sets"
17	default 256
18	range 2 65534
19	depends on IP_SET
20	help
21	  You can define here default value of the maximum number
22	  of IP sets for the kernel.
23
24	  The value can be overridden by the 'max_sets' module
25	  parameter of the 'ip_set' module.
26
27config IP_SET_BITMAP_IP
28	tristate "bitmap:ip set support"
29	depends on IP_SET
30	help
31	  This option adds the bitmap:ip set type support, by which one
32	  can store IPv4 addresses (or network addresse) from a range.
33
34	  To compile it as a module, choose M here.  If unsure, say N.
35
36config IP_SET_BITMAP_IPMAC
37	tristate "bitmap:ip,mac set support"
38	depends on IP_SET
39	help
40	  This option adds the bitmap:ip,mac set type support, by which one
41	  can store IPv4 address and (source) MAC address pairs from a range.
42
43	  To compile it as a module, choose M here.  If unsure, say N.
44
45config IP_SET_BITMAP_PORT
46	tristate "bitmap:port set support"
47	depends on IP_SET
48	help
49	  This option adds the bitmap:port set type support, by which one
50	  can store TCP/UDP port numbers from a range.
51
52	  To compile it as a module, choose M here.  If unsure, say N.
53
54config IP_SET_HASH_IP
55	tristate "hash:ip set support"
56	depends on IP_SET
57	help
58	  This option adds the hash:ip set type support, by which one
59	  can store arbitrary IPv4 or IPv6 addresses (or network addresses)
60	  in a set.
61
62	  To compile it as a module, choose M here.  If unsure, say N.
63
64config IP_SET_HASH_IPMARK
65	tristate "hash:ip,mark set support"
66	depends on IP_SET
67	help
68	  This option adds the hash:ip,mark set type support, by which one
69	  can store IPv4/IPv6 address and mark pairs.
70
71	  To compile it as a module, choose M here.  If unsure, say N.
72
73config IP_SET_HASH_IPPORT
74	tristate "hash:ip,port set support"
75	depends on IP_SET
76	help
77	  This option adds the hash:ip,port set type support, by which one
78	  can store IPv4/IPv6 address and protocol/port pairs.
79
80	  To compile it as a module, choose M here.  If unsure, say N.
81
82config IP_SET_HASH_IPPORTIP
83	tristate "hash:ip,port,ip set support"
84	depends on IP_SET
85	help
86	  This option adds the hash:ip,port,ip set type support, by which
87	  one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6
88	  address triples in a set.
89
90	  To compile it as a module, choose M here.  If unsure, say N.
91
92config IP_SET_HASH_IPPORTNET
93	tristate "hash:ip,port,net set support"
94	depends on IP_SET
95	help
96	  This option adds the hash:ip,port,net set type support, by which
97	  one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6
98	  network address/prefix triples in a set.
99
100	  To compile it as a module, choose M here.  If unsure, say N.
101
102config IP_SET_HASH_MAC
103	tristate "hash:mac set support"
104	depends on IP_SET
105	help
106	  This option adds the hash:mac set type support, by which
107	  one can store MAC (ethernet address) elements in a set.
108
109	  To compile it as a module, choose M here.  If unsure, say N.
110
111config IP_SET_HASH_NETPORTNET
112	tristate "hash:net,port,net set support"
113	depends on IP_SET
114	help
115	  This option adds the hash:net,port,net set type support, by which
116	  one can store two IPv4/IPv6 subnets, and a protocol/port in a set.
117
118	  To compile it as a module, choose M here.  If unsure, say N.
119
120config IP_SET_HASH_NET
121	tristate "hash:net set support"
122	depends on IP_SET
123	help
124	  This option adds the hash:net set type support, by which
125	  one can store IPv4/IPv6 network address/prefix elements in a set.
126
127	  To compile it as a module, choose M here.  If unsure, say N.
128
129config IP_SET_HASH_NETNET
130	tristate "hash:net,net set support"
131	depends on IP_SET
132	help
133	  This option adds the hash:net,net  set type support, by which
134	  one can store IPv4/IPv6 network address/prefix pairs in a set.
135
136	  To compile it as a module, choose M here.  If unsure, say N.
137
138config IP_SET_HASH_NETPORT
139	tristate "hash:net,port set support"
140	depends on IP_SET
141	help
142	  This option adds the hash:net,port set type support, by which
143	  one can store IPv4/IPv6 network address/prefix and
144	  protocol/port pairs as elements in a set.
145
146	  To compile it as a module, choose M here.  If unsure, say N.
147
148config IP_SET_HASH_NETIFACE
149	tristate "hash:net,iface set support"
150	depends on IP_SET
151	help
152	  This option adds the hash:net,iface set type support, by which
153	  one can store IPv4/IPv6 network address/prefix and
154	  interface name pairs as elements in a set.
155
156	  To compile it as a module, choose M here.  If unsure, say N.
157
158config IP_SET_LIST_SET
159	tristate "list:set set support"
160	depends on IP_SET
161	help
162	  This option adds the list:set set type support. In this
163	  kind of set one can store the name of other sets and it forms
164	  an ordered union of the member sets.
165
166	  To compile it as a module, choose M here.  If unsure, say N.
167
168endif # IP_SET
169