Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | # |
2 | # Bridge netfilter configuration | |
3 | # | |
96518518 | 4 | # |
f5efc696 | 5 | menuconfig NF_TABLES_BRIDGE |
1708803e | 6 | depends on BRIDGE && NETFILTER && NF_TABLES |
96518518 | 7 | tristate "Ethernet Bridge nf_tables support" |
1da177e4 | 8 | |
f5efc696 TB |
9 | if NF_TABLES_BRIDGE |
10 | ||
11 | config NFT_BRIDGE_META | |
12 | tristate "Netfilter nf_table bridge meta support" | |
13 | depends on NFT_META | |
14 | help | |
15 | Add support for bridge dedicated meta key. | |
16 | ||
85f5b308 PNA |
17 | config NFT_BRIDGE_REJECT |
18 | tristate "Netfilter nf_tables bridge reject support" | |
19 | depends on NFT_REJECT && NFT_REJECT_IPV4 && NFT_REJECT_IPV6 | |
20 | help | |
21 | Add support to reject packets. | |
22 | ||
960649d1 PNA |
23 | config NF_LOG_BRIDGE |
24 | tristate "Bridge packet logging" | |
25 | ||
f5efc696 TB |
26 | endif # NF_TABLES_BRIDGE |
27 | ||
20f3c56f | 28 | menuconfig BRIDGE_NF_EBTABLES |
1da177e4 | 29 | tristate "Ethernet Bridge tables (ebtables) support" |
1708803e | 30 | depends on BRIDGE && NETFILTER && NETFILTER_XTABLES |
1da177e4 LT |
31 | help |
32 | ebtables is a general, extensible frame/packet identification | |
33 | framework. Say 'Y' or 'M' here if you want to do Ethernet | |
34 | filtering/NAT/brouting on the Ethernet bridge. | |
20f3c56f JE |
35 | |
36 | if BRIDGE_NF_EBTABLES | |
37 | ||
1da177e4 LT |
38 | # |
39 | # tables | |
40 | # | |
41 | config BRIDGE_EBT_BROUTE | |
42 | tristate "ebt: broute table support" | |
1da177e4 LT |
43 | help |
44 | The ebtables broute table is used to define rules that decide between | |
45 | bridging and routing frames, giving Linux the functionality of a | |
46 | brouter. See the man page for ebtables(8) and examples on the ebtables | |
47 | website. | |
48 | ||
49 | To compile it as a module, choose M here. If unsure, say N. | |
50 | ||
51 | config BRIDGE_EBT_T_FILTER | |
52 | tristate "ebt: filter table support" | |
1da177e4 LT |
53 | help |
54 | The ebtables filter table is used to define frame filtering rules at | |
55 | local input, forwarding and local output. See the man page for | |
56 | ebtables(8). | |
57 | ||
58 | To compile it as a module, choose M here. If unsure, say N. | |
59 | ||
60 | config BRIDGE_EBT_T_NAT | |
61 | tristate "ebt: nat table support" | |
1da177e4 LT |
62 | help |
63 | The ebtables nat table is used to define rules that alter the MAC | |
64 | source address (MAC SNAT) or the MAC destination address (MAC DNAT). | |
65 | See the man page for ebtables(8). | |
66 | ||
67 | To compile it as a module, choose M here. If unsure, say N. | |
68 | # | |
69 | # matches | |
70 | # | |
71 | config BRIDGE_EBT_802_3 | |
72 | tristate "ebt: 802.3 filter support" | |
1da177e4 LT |
73 | help |
74 | This option adds matching support for 802.3 Ethernet frames. | |
75 | ||
76 | To compile it as a module, choose M here. If unsure, say N. | |
77 | ||
78 | config BRIDGE_EBT_AMONG | |
79 | tristate "ebt: among filter support" | |
1da177e4 LT |
80 | help |
81 | This option adds the among match, which allows matching the MAC source | |
82 | and/or destination address on a list of addresses. Optionally, | |
83 | MAC/IP address pairs can be matched, f.e. for anti-spoofing rules. | |
84 | ||
85 | To compile it as a module, choose M here. If unsure, say N. | |
86 | ||
87 | config BRIDGE_EBT_ARP | |
88 | tristate "ebt: ARP filter support" | |
1da177e4 LT |
89 | help |
90 | This option adds the ARP match, which allows ARP and RARP header field | |
91 | filtering. | |
92 | ||
93 | To compile it as a module, choose M here. If unsure, say N. | |
94 | ||
95 | config BRIDGE_EBT_IP | |
96 | tristate "ebt: IP filter support" | |
1da177e4 LT |
97 | help |
98 | This option adds the IP match, which allows basic IP header field | |
99 | filtering. | |
100 | ||
101 | To compile it as a module, choose M here. If unsure, say N. | |
102 | ||
93f65158 KT |
103 | config BRIDGE_EBT_IP6 |
104 | tristate "ebt: IP6 filter support" | |
f586287e | 105 | depends on BRIDGE_NF_EBTABLES && IPV6 |
93f65158 KT |
106 | help |
107 | This option adds the IP6 match, which allows basic IPV6 header field | |
108 | filtering. | |
109 | ||
110 | To compile it as a module, choose M here. If unsure, say N. | |
111 | ||
1da177e4 LT |
112 | config BRIDGE_EBT_LIMIT |
113 | tristate "ebt: limit match support" | |
1da177e4 LT |
114 | help |
115 | This option adds the limit match, which allows you to control | |
116 | the rate at which a rule can be matched. This match is the | |
117 | equivalent of the iptables limit match. | |
118 | ||
119 | If you want to compile it as a module, say M here and read | |
120 | <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. | |
121 | ||
122 | config BRIDGE_EBT_MARK | |
123 | tristate "ebt: mark filter support" | |
1da177e4 LT |
124 | help |
125 | This option adds the mark match, which allows matching frames based on | |
126 | the 'nfmark' value in the frame. This can be set by the mark target. | |
127 | This value is the same as the one used in the iptables mark match and | |
128 | target. | |
129 | ||
130 | To compile it as a module, choose M here. If unsure, say N. | |
131 | ||
132 | config BRIDGE_EBT_PKTTYPE | |
133 | tristate "ebt: packet type filter support" | |
1da177e4 LT |
134 | help |
135 | This option adds the packet type match, which allows matching on the | |
136 | type of packet based on its Ethernet "class" (as determined by | |
137 | the generic networking code): broadcast, multicast, | |
138 | for this host alone or for another host. | |
139 | ||
140 | To compile it as a module, choose M here. If unsure, say N. | |
141 | ||
142 | config BRIDGE_EBT_STP | |
143 | tristate "ebt: STP filter support" | |
1da177e4 LT |
144 | help |
145 | This option adds the Spanning Tree Protocol match, which | |
146 | allows STP header field filtering. | |
147 | ||
148 | To compile it as a module, choose M here. If unsure, say N. | |
149 | ||
150 | config BRIDGE_EBT_VLAN | |
151 | tristate "ebt: 802.1Q VLAN filter support" | |
1da177e4 LT |
152 | help |
153 | This option adds the 802.1Q vlan match, which allows the filtering of | |
154 | 802.1Q vlan fields. | |
155 | ||
156 | To compile it as a module, choose M here. If unsure, say N. | |
157 | # | |
158 | # targets | |
159 | # | |
160 | config BRIDGE_EBT_ARPREPLY | |
161 | tristate "ebt: arp reply target support" | |
eb3f8f5e | 162 | depends on BRIDGE_NF_EBTABLES && INET |
1da177e4 LT |
163 | help |
164 | This option adds the arp reply target, which allows | |
165 | automatically sending arp replies to arp requests. | |
166 | ||
167 | To compile it as a module, choose M here. If unsure, say N. | |
168 | ||
169 | config BRIDGE_EBT_DNAT | |
170 | tristate "ebt: dnat target support" | |
1da177e4 LT |
171 | help |
172 | This option adds the MAC DNAT target, which allows altering the MAC | |
173 | destination address of frames. | |
174 | ||
175 | To compile it as a module, choose M here. If unsure, say N. | |
176 | ||
177 | config BRIDGE_EBT_MARK_T | |
178 | tristate "ebt: mark target support" | |
1da177e4 LT |
179 | help |
180 | This option adds the mark target, which allows marking frames by | |
181 | setting the 'nfmark' value in the frame. | |
182 | This value is the same as the one used in the iptables mark match and | |
183 | target. | |
184 | ||
185 | To compile it as a module, choose M here. If unsure, say N. | |
186 | ||
187 | config BRIDGE_EBT_REDIRECT | |
188 | tristate "ebt: redirect target support" | |
1da177e4 LT |
189 | help |
190 | This option adds the MAC redirect target, which allows altering the MAC | |
191 | destination address of a frame to that of the device it arrived on. | |
192 | ||
193 | To compile it as a module, choose M here. If unsure, say N. | |
194 | ||
195 | config BRIDGE_EBT_SNAT | |
196 | tristate "ebt: snat target support" | |
1da177e4 LT |
197 | help |
198 | This option adds the MAC SNAT target, which allows altering the MAC | |
199 | source address of frames. | |
200 | ||
201 | To compile it as a module, choose M here. If unsure, say N. | |
202 | # | |
203 | # watchers | |
204 | # | |
205 | config BRIDGE_EBT_LOG | |
206 | tristate "ebt: log support" | |
1da177e4 LT |
207 | help |
208 | This option adds the log watcher, that you can use in any rule | |
209 | in any ebtables table. It records info about the frame header | |
210 | to the syslog. | |
211 | ||
212 | To compile it as a module, choose M here. If unsure, say N. | |
213 | ||
e7bfd0a1 PW |
214 | config BRIDGE_EBT_NFLOG |
215 | tristate "ebt: nflog support" | |
e7bfd0a1 PW |
216 | help |
217 | This option enables the nflog watcher, which allows to LOG | |
218 | messages through the netfilter logging API, which can use | |
219 | either the old LOG target, the old ULOG target or nfnetlink_log | |
220 | as backend. | |
221 | ||
58de7862 | 222 | This option adds the nflog watcher, that you can use in any rule |
e7bfd0a1 PW |
223 | in any ebtables table. |
224 | ||
225 | To compile it as a module, choose M here. If unsure, say N. | |
226 | ||
20f3c56f | 227 | endif # BRIDGE_NF_EBTABLES |