Commit c2df73de authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy

netfilter: xtables: use "if" blocks in Kconfig

Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent aba0d348
...@@ -61,10 +61,11 @@ config IP_NF_IPTABLES ...@@ -61,10 +61,11 @@ config IP_NF_IPTABLES
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
if IP_NF_IPTABLES
# The matches. # The matches.
config IP_NF_MATCH_ADDRTYPE config IP_NF_MATCH_ADDRTYPE
tristate '"addrtype" address type match support' tristate '"addrtype" address type match support'
depends on IP_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option allows you to match what routing thinks of an address, This option allows you to match what routing thinks of an address,
...@@ -75,7 +76,6 @@ config IP_NF_MATCH_ADDRTYPE ...@@ -75,7 +76,6 @@ config IP_NF_MATCH_ADDRTYPE
config IP_NF_MATCH_AH config IP_NF_MATCH_AH
tristate '"ah" match support' tristate '"ah" match support'
depends on IP_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This match extension allows you to match a range of SPIs This match extension allows you to match a range of SPIs
...@@ -85,7 +85,6 @@ config IP_NF_MATCH_AH ...@@ -85,7 +85,6 @@ config IP_NF_MATCH_AH
config IP_NF_MATCH_ECN config IP_NF_MATCH_ECN
tristate '"ecn" match support' tristate '"ecn" match support'
depends on IP_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `ECN' match, which allows you to match against This option adds a `ECN' match, which allows you to match against
...@@ -95,7 +94,6 @@ config IP_NF_MATCH_ECN ...@@ -95,7 +94,6 @@ config IP_NF_MATCH_ECN
config IP_NF_MATCH_TTL config IP_NF_MATCH_TTL
tristate '"ttl" match support' tristate '"ttl" match support'
depends on IP_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This adds CONFIG_IP_NF_MATCH_TTL option, which enabled the user This adds CONFIG_IP_NF_MATCH_TTL option, which enabled the user
...@@ -106,7 +104,6 @@ config IP_NF_MATCH_TTL ...@@ -106,7 +104,6 @@ config IP_NF_MATCH_TTL
# `filter', generic and specific targets # `filter', generic and specific targets
config IP_NF_FILTER config IP_NF_FILTER
tristate "Packet filtering" tristate "Packet filtering"
depends on IP_NF_IPTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
Packet filtering defines a table `filter', which has a series of Packet filtering defines a table `filter', which has a series of
...@@ -128,7 +125,6 @@ config IP_NF_TARGET_REJECT ...@@ -128,7 +125,6 @@ config IP_NF_TARGET_REJECT
config IP_NF_TARGET_LOG config IP_NF_TARGET_LOG
tristate "LOG target support" tristate "LOG target support"
depends on IP_NF_IPTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
This option adds a `LOG' target, which allows you to create rules in This option adds a `LOG' target, which allows you to create rules in
...@@ -138,7 +134,6 @@ config IP_NF_TARGET_LOG ...@@ -138,7 +134,6 @@ config IP_NF_TARGET_LOG
config IP_NF_TARGET_ULOG config IP_NF_TARGET_ULOG
tristate "ULOG target support" tristate "ULOG target support"
depends on IP_NF_IPTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
---help--- ---help---
...@@ -159,7 +154,7 @@ config IP_NF_TARGET_ULOG ...@@ -159,7 +154,7 @@ config IP_NF_TARGET_ULOG
# NAT + specific targets: nf_conntrack # NAT + specific targets: nf_conntrack
config NF_NAT config NF_NAT
tristate "Full NAT" tristate "Full NAT"
depends on IP_NF_IPTABLES && NF_CONNTRACK_IPV4 depends on NF_CONNTRACK_IPV4
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
The Full NAT option allows masquerading, port forwarding and other The Full NAT option allows masquerading, port forwarding and other
...@@ -254,44 +249,43 @@ config NF_NAT_PROTO_SCTP ...@@ -254,44 +249,43 @@ config NF_NAT_PROTO_SCTP
config NF_NAT_FTP config NF_NAT_FTP
tristate tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT depends on NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_FTP default NF_NAT && NF_CONNTRACK_FTP
config NF_NAT_IRC config NF_NAT_IRC
tristate tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT depends on NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_IRC default NF_NAT && NF_CONNTRACK_IRC
config NF_NAT_TFTP config NF_NAT_TFTP
tristate tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT depends on NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_TFTP default NF_NAT && NF_CONNTRACK_TFTP
config NF_NAT_AMANDA config NF_NAT_AMANDA
tristate tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT depends on NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_AMANDA default NF_NAT && NF_CONNTRACK_AMANDA
config NF_NAT_PPTP config NF_NAT_PPTP
tristate tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT depends on NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_PPTP default NF_NAT && NF_CONNTRACK_PPTP
select NF_NAT_PROTO_GRE select NF_NAT_PROTO_GRE
config NF_NAT_H323 config NF_NAT_H323
tristate tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT depends on NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_H323 default NF_NAT && NF_CONNTRACK_H323
config NF_NAT_SIP config NF_NAT_SIP
tristate tristate
depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT depends on NF_CONNTRACK && NF_NAT
default NF_NAT && NF_CONNTRACK_SIP default NF_NAT && NF_CONNTRACK_SIP
# mangle + specific targets # mangle + specific targets
config IP_NF_MANGLE config IP_NF_MANGLE
tristate "Packet mangling" tristate "Packet mangling"
depends on IP_NF_IPTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
This option adds a `mangle' table to iptables: see the man page for This option adds a `mangle' table to iptables: see the man page for
...@@ -346,7 +340,6 @@ config IP_NF_TARGET_TTL ...@@ -346,7 +340,6 @@ config IP_NF_TARGET_TTL
# raw + specific targets # raw + specific targets
config IP_NF_RAW config IP_NF_RAW
tristate 'raw table support (required for NOTRACK/TRACE)' tristate 'raw table support (required for NOTRACK/TRACE)'
depends on IP_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `raw' table to iptables. This table is the very This option adds a `raw' table to iptables. This table is the very
...@@ -359,7 +352,6 @@ config IP_NF_RAW ...@@ -359,7 +352,6 @@ config IP_NF_RAW
# security table for MAC policy # security table for MAC policy
config IP_NF_SECURITY config IP_NF_SECURITY
tristate "Security table" tristate "Security table"
depends on IP_NF_IPTABLES
depends on SECURITY depends on SECURITY
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
...@@ -368,6 +360,8 @@ config IP_NF_SECURITY ...@@ -368,6 +360,8 @@ config IP_NF_SECURITY
If unsure, say N. If unsure, say N.
endif # IP_NF_IPTABLES
# ARP tables # ARP tables
config IP_NF_ARPTABLES config IP_NF_ARPTABLES
tristate "ARP tables support" tristate "ARP tables support"
...@@ -380,9 +374,10 @@ config IP_NF_ARPTABLES ...@@ -380,9 +374,10 @@ config IP_NF_ARPTABLES
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
if IP_NF_ARPTABLES
config IP_NF_ARPFILTER config IP_NF_ARPFILTER
tristate "ARP packet filtering" tristate "ARP packet filtering"
depends on IP_NF_ARPTABLES
help help
ARP packet filtering defines a table `filter', which has a series of ARP packet filtering defines a table `filter', which has a series of
rules for simple ARP packet filtering at local input and rules for simple ARP packet filtering at local input and
...@@ -393,10 +388,11 @@ config IP_NF_ARPFILTER ...@@ -393,10 +388,11 @@ config IP_NF_ARPFILTER
config IP_NF_ARP_MANGLE config IP_NF_ARP_MANGLE
tristate "ARP payload mangling" tristate "ARP payload mangling"
depends on IP_NF_ARPTABLES
help help
Allows altering the ARP packet payload: source and destination Allows altering the ARP packet payload: source and destination
hardware and network addresses. hardware and network addresses.
endif # IP_NF_ARPTABLES
endmenu endmenu
...@@ -55,10 +55,11 @@ config IP6_NF_IPTABLES ...@@ -55,10 +55,11 @@ config IP6_NF_IPTABLES
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
if IP6_NF_IPTABLES
# The simple matches. # The simple matches.
config IP6_NF_MATCH_AH config IP6_NF_MATCH_AH
tristate '"ah" match support' tristate '"ah" match support'
depends on IP6_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This module allows one to match AH packets. This module allows one to match AH packets.
...@@ -67,7 +68,6 @@ config IP6_NF_MATCH_AH ...@@ -67,7 +68,6 @@ config IP6_NF_MATCH_AH
config IP6_NF_MATCH_EUI64 config IP6_NF_MATCH_EUI64
tristate '"eui64" address check' tristate '"eui64" address check'
depends on IP6_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This module performs checking on the IPv6 source address This module performs checking on the IPv6 source address
...@@ -78,7 +78,6 @@ config IP6_NF_MATCH_EUI64 ...@@ -78,7 +78,6 @@ config IP6_NF_MATCH_EUI64
config IP6_NF_MATCH_FRAG config IP6_NF_MATCH_FRAG
tristate '"frag" Fragmentation header match support' tristate '"frag" Fragmentation header match support'
depends on IP6_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
frag matching allows you to match packets based on the fragmentation frag matching allows you to match packets based on the fragmentation
...@@ -88,7 +87,6 @@ config IP6_NF_MATCH_FRAG ...@@ -88,7 +87,6 @@ config IP6_NF_MATCH_FRAG
config IP6_NF_MATCH_OPTS config IP6_NF_MATCH_OPTS
tristate '"hbh" hop-by-hop and "dst" opts header match support' tristate '"hbh" hop-by-hop and "dst" opts header match support'
depends on IP6_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This allows one to match packets based on the hop-by-hop This allows one to match packets based on the hop-by-hop
...@@ -98,7 +96,6 @@ config IP6_NF_MATCH_OPTS ...@@ -98,7 +96,6 @@ config IP6_NF_MATCH_OPTS
config IP6_NF_MATCH_HL config IP6_NF_MATCH_HL
tristate '"hl" match support' tristate '"hl" match support'
depends on IP6_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
HL matching allows you to match packets based on the hop HL matching allows you to match packets based on the hop
...@@ -108,7 +105,6 @@ config IP6_NF_MATCH_HL ...@@ -108,7 +105,6 @@ config IP6_NF_MATCH_HL
config IP6_NF_MATCH_IPV6HEADER config IP6_NF_MATCH_IPV6HEADER
tristate '"ipv6header" IPv6 Extension Headers Match' tristate '"ipv6header" IPv6 Extension Headers Match'
depends on IP6_NF_IPTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
This module allows one to match packets based upon This module allows one to match packets based upon
...@@ -118,7 +114,6 @@ config IP6_NF_MATCH_IPV6HEADER ...@@ -118,7 +114,6 @@ config IP6_NF_MATCH_IPV6HEADER
config IP6_NF_MATCH_MH config IP6_NF_MATCH_MH
tristate '"mh" match support' tristate '"mh" match support'
depends on IP6_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This module allows one to match MH packets. This module allows one to match MH packets.
...@@ -127,7 +122,6 @@ config IP6_NF_MATCH_MH ...@@ -127,7 +122,6 @@ config IP6_NF_MATCH_MH
config IP6_NF_MATCH_RT config IP6_NF_MATCH_RT
tristate '"rt" Routing header match support' tristate '"rt" Routing header match support'
depends on IP6_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
rt matching allows you to match packets based on the routing rt matching allows you to match packets based on the routing
...@@ -138,7 +132,6 @@ config IP6_NF_MATCH_RT ...@@ -138,7 +132,6 @@ config IP6_NF_MATCH_RT
# The targets # The targets
config IP6_NF_TARGET_LOG config IP6_NF_TARGET_LOG
tristate "LOG target support" tristate "LOG target support"
depends on IP6_NF_IPTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
This option adds a `LOG' target, which allows you to create rules in This option adds a `LOG' target, which allows you to create rules in
...@@ -148,7 +141,6 @@ config IP6_NF_TARGET_LOG ...@@ -148,7 +141,6 @@ config IP6_NF_TARGET_LOG
config IP6_NF_FILTER config IP6_NF_FILTER
tristate "Packet filtering" tristate "Packet filtering"
depends on IP6_NF_IPTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
Packet filtering defines a table `filter', which has a series of Packet filtering defines a table `filter', which has a series of
...@@ -170,7 +162,6 @@ config IP6_NF_TARGET_REJECT ...@@ -170,7 +162,6 @@ config IP6_NF_TARGET_REJECT
config IP6_NF_MANGLE config IP6_NF_MANGLE
tristate "Packet mangling" tristate "Packet mangling"
depends on IP6_NF_IPTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
This option adds a `mangle' table to iptables: see the man page for This option adds a `mangle' table to iptables: see the man page for
...@@ -198,7 +189,6 @@ config IP6_NF_TARGET_HL ...@@ -198,7 +189,6 @@ config IP6_NF_TARGET_HL
config IP6_NF_RAW config IP6_NF_RAW
tristate 'raw table support (required for TRACE)' tristate 'raw table support (required for TRACE)'
depends on IP6_NF_IPTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `raw' table to ip6tables. This table is the very This option adds a `raw' table to ip6tables. This table is the very
...@@ -211,7 +201,6 @@ config IP6_NF_RAW ...@@ -211,7 +201,6 @@ config IP6_NF_RAW
# security table for MAC policy # security table for MAC policy
config IP6_NF_SECURITY config IP6_NF_SECURITY
tristate "Security table" tristate "Security table"
depends on IP6_NF_IPTABLES
depends on SECURITY depends on SECURITY
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
...@@ -220,5 +209,7 @@ config IP6_NF_SECURITY ...@@ -220,5 +209,7 @@ config IP6_NF_SECURITY
If unsure, say N. If unsure, say N.
endif # IP6_NF_IPTABLES
endmenu endmenu
...@@ -38,10 +38,11 @@ config NF_CONNTRACK ...@@ -38,10 +38,11 @@ config NF_CONNTRACK
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
if NF_CONNTRACK
config NF_CT_ACCT config NF_CT_ACCT
bool "Connection tracking flow accounting" bool "Connection tracking flow accounting"
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
depends on NF_CONNTRACK
help help
If this option is enabled, the connection tracking code will If this option is enabled, the connection tracking code will
keep per-flow packet and byte counters. keep per-flow packet and byte counters.
...@@ -63,7 +64,6 @@ config NF_CT_ACCT ...@@ -63,7 +64,6 @@ config NF_CT_ACCT
config NF_CONNTRACK_MARK config NF_CONNTRACK_MARK
bool 'Connection mark tracking support' bool 'Connection mark tracking support'
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
depends on NF_CONNTRACK
help help
This option enables support for connection marks, used by the This option enables support for connection marks, used by the
`CONNMARK' target and `connmark' match. Similar to the mark value `CONNMARK' target and `connmark' match. Similar to the mark value
...@@ -72,7 +72,7 @@ config NF_CONNTRACK_MARK ...@@ -72,7 +72,7 @@ config NF_CONNTRACK_MARK
config NF_CONNTRACK_SECMARK config NF_CONNTRACK_SECMARK
bool 'Connection tracking security mark support' bool 'Connection tracking security mark support'
depends on NF_CONNTRACK && NETWORK_SECMARK depends on NETWORK_SECMARK
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
This option enables security markings to be applied to This option enables security markings to be applied to
...@@ -85,7 +85,6 @@ config NF_CONNTRACK_SECMARK ...@@ -85,7 +85,6 @@ config NF_CONNTRACK_SECMARK
config NF_CONNTRACK_EVENTS config NF_CONNTRACK_EVENTS
bool "Connection tracking events" bool "Connection tracking events"
depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
If this option is enabled, the connection tracking code will If this option is enabled, the connection tracking code will
...@@ -96,7 +95,7 @@ config NF_CONNTRACK_EVENTS ...@@ -96,7 +95,7 @@ config NF_CONNTRACK_EVENTS
config NF_CT_PROTO_DCCP config NF_CT_PROTO_DCCP
tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)' tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)'
depends on EXPERIMENTAL && NF_CONNTRACK depends on EXPERIMENTAL
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
default IP_DCCP default IP_DCCP
help help
...@@ -107,11 +106,10 @@ config NF_CT_PROTO_DCCP ...@@ -107,11 +106,10 @@ config NF_CT_PROTO_DCCP
config NF_CT_PROTO_GRE config NF_CT_PROTO_GRE
tristate tristate
depends on NF_CONNTRACK
config NF_CT_PROTO_SCTP config NF_CT_PROTO_SCTP
tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)' tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
depends on EXPERIMENTAL && NF_CONNTRACK depends on EXPERIMENTAL
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
default IP_SCTP default IP_SCTP
help help
...@@ -123,7 +121,6 @@ config NF_CT_PROTO_SCTP ...@@ -123,7 +121,6 @@ config NF_CT_PROTO_SCTP
config NF_CT_PROTO_UDPLITE config NF_CT_PROTO_UDPLITE
tristate 'UDP-Lite protocol connection tracking support' tristate 'UDP-Lite protocol connection tracking support'
depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
With this option enabled, the layer 3 independent connection With this option enabled, the layer 3 independent connection
...@@ -134,7 +131,6 @@ config NF_CT_PROTO_UDPLITE ...@@ -134,7 +131,6 @@ config NF_CT_PROTO_UDPLITE
config NF_CONNTRACK_AMANDA config NF_CONNTRACK_AMANDA
tristate "Amanda backup protocol support" tristate "Amanda backup protocol support"
depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
select TEXTSEARCH select TEXTSEARCH
select TEXTSEARCH_KMP select TEXTSEARCH_KMP
...@@ -150,7 +146,6 @@ config NF_CONNTRACK_AMANDA ...@@ -150,7 +146,6 @@ config NF_CONNTRACK_AMANDA
config NF_CONNTRACK_FTP config NF_CONNTRACK_FTP
tristate "FTP protocol support" tristate "FTP protocol support"
depends on NF_CONNTRACK
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
Tracking FTP connections is problematic: special helpers are Tracking FTP connections is problematic: special helpers are
...@@ -165,7 +160,7 @@ config NF_CONNTRACK_FTP ...@@ -165,7 +160,7 @@ config NF_CONNTRACK_FTP
config NF_CONNTRACK_H323 config NF_CONNTRACK_H323
tristate "H.323 protocol support" tristate "H.323 protocol support"
depends on NF_CONNTRACK && (IPV6 || IPV6=n) depends on (IPV6 || IPV6=n)
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
H.323 is a VoIP signalling protocol from ITU-T. As one of the most H.323 is a VoIP signalling protocol from ITU-T. As one of the most
...@@ -185,7 +180,6 @@ config NF_CONNTRACK_H323 ...@@ -185,7 +180,6 @@ config NF_CONNTRACK_H323
config NF_CONNTRACK_IRC config NF_CONNTRACK_IRC
tristate "IRC protocol support" tristate "IRC protocol support"
depends on NF_CONNTRACK
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
There is a commonly-used extension to IRC called There is a commonly-used extension to IRC called
...@@ -201,7 +195,6 @@ config NF_CONNTRACK_IRC ...@@ -201,7 +195,6 @@ config NF_CONNTRACK_IRC
config NF_CONNTRACK_NETBIOS_NS config NF_CONNTRACK_NETBIOS_NS
tristate "NetBIOS name service protocol support" tristate "NetBIOS name service protocol support"
depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
NetBIOS name service requests are sent as broadcast messages from an NetBIOS name service requests are sent as broadcast messages from an
...@@ -221,7 +214,6 @@ config NF_CONNTRACK_NETBIOS_NS ...@@ -221,7 +214,6 @@ config NF_CONNTRACK_NETBIOS_NS
config NF_CONNTRACK_PPTP config NF_CONNTRACK_PPTP
tristate "PPtP protocol support" tristate "PPtP protocol support"
depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
select NF_CT_PROTO_GRE select NF_CT_PROTO_GRE
help help
...@@ -241,7 +233,7 @@ config NF_CONNTRACK_PPTP ...@@ -241,7 +233,7 @@ config NF_CONNTRACK_PPTP
config NF_CONNTRACK_SANE config NF_CONNTRACK_SANE
tristate "SANE protocol support (EXPERIMENTAL)" tristate "SANE protocol support (EXPERIMENTAL)"
depends on EXPERIMENTAL && NF_CONNTRACK depends on EXPERIMENTAL
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
SANE is a protocol for remote access to scanners as implemented SANE is a protocol for remote access to scanners as implemented
...@@ -255,7 +247,6 @@ config NF_CONNTRACK_SANE ...@@ -255,7 +247,6 @@ config NF_CONNTRACK_SANE
config NF_CONNTRACK_SIP config NF_CONNTRACK_SIP
tristate "SIP protocol support" tristate "SIP protocol support"
depends on NF_CONNTRACK
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
SIP is an application-layer control protocol that can establish, SIP is an application-layer control protocol that can establish,
...@@ -268,7 +259,6 @@ config NF_CONNTRACK_SIP ...@@ -268,7 +259,6 @@ config NF_CONNTRACK_SIP
config NF_CONNTRACK_TFTP config NF_CONNTRACK_TFTP
tristate "TFTP protocol support" tristate "TFTP protocol support"
depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
TFTP connection tracking helper, this is required depending TFTP connection tracking helper, this is required depending
...@@ -280,7 +270,6 @@ config NF_CONNTRACK_TFTP ...@@ -280,7 +270,6 @@ config NF_CONNTRACK_TFTP
config NF_CT_NETLINK config NF_CT_NETLINK
tristate 'Connection tracking netlink interface' tristate 'Connection tracking netlink interface'
depends on NF_CONNTRACK
select NETFILTER_NETLINK select NETFILTER_NETLINK
depends on NF_NAT=n || NF_NAT depends on NF_NAT=n || NF_NAT
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
...@@ -302,6 +291,8 @@ config NETFILTER_TPROXY ...@@ -302,6 +291,8 @@ config NETFILTER_TPROXY
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
endif # NF_CONNTRACK
config NETFILTER_XTABLES config NETFILTER_XTABLES
tristate "Netfilter Xtables support (required for ip_tables)" tristate "Netfilter Xtables support (required for ip_tables)"
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
...@@ -309,11 +300,12 @@ config NETFILTER_XTABLES ...@@ -309,11 +300,12 @@ config NETFILTER_XTABLES
This is required if you intend to use any of ip_tables, This is required if you intend to use any of ip_tables,
ip6_tables or arp_tables. ip6_tables or arp_tables.
if NETFILTER_XTABLES
# alphabetically ordered list of targets # alphabetically ordered list of targets
config NETFILTER_XT_TARGET_CLASSIFY config NETFILTER_XT_TARGET_CLASSIFY
tristate '"CLASSIFY" target support' tristate '"CLASSIFY" target support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `CLASSIFY' target, which enables the user to set This option adds a `CLASSIFY' target, which enables the user to set
...@@ -326,7 +318,6 @@ config NETFILTER_XT_TARGET_CLASSIFY ...@@ -326,7 +318,6 @@ config NETFILTER_XT_TARGET_CLASSIFY
config NETFILTER_XT_TARGET_CONNMARK config NETFILTER_XT_TARGET_CONNMARK
tristate '"CONNMARK" target support' tristate '"CONNMARK" target support'
depends on NETFILTER_XTABLES
depends on IP_NF_MANGLE || IP6_NF_MANGLE depends on IP_NF_MANGLE || IP6_NF_MANGLE
depends on NF_CONNTRACK depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
...@@ -342,7 +333,7 @@ config NETFILTER_XT_TARGET_CONNMARK ...@@ -342,7 +333,7 @@ config NETFILTER_XT_TARGET_CONNMARK
config NETFILTER_XT_TARGET_CONNSECMARK config NETFILTER_XT_TARGET_CONNSECMARK
tristate '"CONNSECMARK" target support' tristate '"CONNSECMARK" target support'
depends on NETFILTER_XTABLES && NF_CONNTRACK && NF_CONNTRACK_SECMARK depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
The CONNSECMARK target copies security markings from packets The CONNSECMARK target copies security markings from packets
...@@ -354,7 +345,6 @@ config NETFILTER_XT_TARGET_CONNSECMARK ...@@ -354,7 +345,6 @@ config NETFILTER_XT_TARGET_CONNSECMARK
config NETFILTER_XT_TARGET_DSCP config NETFILTER_XT_TARGET_DSCP
tristate '"DSCP" and "TOS" target support' tristate '"DSCP" and "TOS" target support'
depends on NETFILTER_XTABLES
depends on IP_NF_MANGLE || IP6_NF_MANGLE depends on IP_NF_MANGLE || IP6_NF_MANGLE
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
...@@ -371,7 +361,6 @@ config NETFILTER_XT_TARGET_DSCP ...@@ -371,7 +361,6 @@ config NETFILTER_XT_TARGET_DSCP
config NETFILTER_XT_TARGET_MARK config NETFILTER_XT_TARGET_MARK
tristate '"MARK" target support' tristate '"MARK" target support'
depends on NETFILTER_XTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
This option adds a `MARK' target, which allows you to create rules This option adds a `MARK' target, which allows you to create rules
...@@ -385,7 +374,6 @@ config NETFILTER_XT_TARGET_MARK ...@@ -385,7 +374,6 @@ config NETFILTER_XT_TARGET_MARK
config NETFILTER_XT_TARGET_NFLOG config NETFILTER_XT_TARGET_NFLOG
tristate '"NFLOG" target support' tristate '"NFLOG" target support'
depends on NETFILTER_XTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
This option enables the NFLOG target, which allows to LOG This option enables the NFLOG target, which allows to LOG
...@@ -397,7 +385,6 @@ config NETFILTER_XT_TARGET_NFLOG ...@@ -397,7 +385,6 @@ config NETFILTER_XT_TARGET_NFLOG
config NETFILTER_XT_TARGET_NFQUEUE config NETFILTER_XT_TARGET_NFQUEUE
tristate '"NFQUEUE" target Support' tristate '"NFQUEUE" target Support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This target replaced the old obsolete QUEUE target. This target replaced the old obsolete QUEUE target.
...@@ -409,7 +396,6 @@ config NETFILTER_XT_TARGET_NFQUEUE ...@@ -409,7 +396,6 @@ config NETFILTER_XT_TARGET_NFQUEUE
config NETFILTER_XT_TARGET_NOTRACK config NETFILTER_XT_TARGET_NOTRACK
tristate '"NOTRACK" target support' tristate '"NOTRACK" target support'
depends on NETFILTER_XTABLES
depends on IP_NF_RAW || IP6_NF_RAW depends on IP_NF_RAW || IP6_NF_RAW
depends on NF_CONNTRACK depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
...@@ -424,7 +410,6 @@ config NETFILTER_XT_TARGET_NOTRACK ...@@ -424,7 +410,6 @@ config NETFILTER_XT_TARGET_NOTRACK
config NETFILTER_XT_TARGET_RATEEST config NETFILTER_XT_TARGET_RATEEST
tristate '"RATEEST" target support' tristate '"RATEEST" target support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `RATEEST' target, which allows to measure This option adds a `RATEEST' target, which allows to measure
...@@ -450,7 +435,6 @@ config NETFILTER_XT_TARGET_TPROXY ...@@ -450,7 +435,6 @@ config NETFILTER_XT_TARGET_TPROXY
config NETFILTER_XT_TARGET_TRACE config NETFILTER_XT_TARGET_TRACE
tristate '"TRACE" target support' tristate '"TRACE" target support'
depends on NETFILTER_XTABLES
depends on IP_NF_RAW || IP6_NF_RAW depends on IP_NF_RAW || IP6_NF_RAW
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
...@@ -463,7 +447,7 @@ config NETFILTER_XT_TARGET_TRACE ...@@ -463,7 +447,7 @@ config NETFILTER_XT_TARGET_TRACE
config NETFILTER_XT_TARGET_SECMARK config NETFILTER_XT_TARGET_SECMARK
tristate '"SECMARK" target support' tristate '"SECMARK" target support'
depends on NETFILTER_XTABLES && NETWORK_SECMARK depends on NETWORK_SECMARK
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
The SECMARK target allows security marking of network The SECMARK target allows security marking of network
...@@ -473,7 +457,7 @@ config NETFILTER_XT_TARGET_SECMARK ...@@ -473,7 +457,7 @@ config NETFILTER_XT_TARGET_SECMARK
config NETFILTER_XT_TARGET_TCPMSS config NETFILTER_XT_TARGET_TCPMSS
tristate '"TCPMSS" target support' tristate '"TCPMSS" target support'
depends on NETFILTER_XTABLES && (IPV6 || IPV6=n) depends on (IPV6 || IPV6=n)
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
---help--- ---help---
This option adds a `TCPMSS' target, which allows you to alter the This option adds a `TCPMSS' target, which allows you to alter the
...@@ -500,7 +484,7 @@ config NETFILTER_XT_TARGET_TCPMSS ...@@ -500,7 +484,7 @@ config NETFILTER_XT_TARGET_TCPMSS
config NETFILTER_XT_TARGET_TCPOPTSTRIP config NETFILTER_XT_TARGET_TCPOPTSTRIP
tristate '"TCPOPTSTRIP" target support (EXPERIMENTAL)' tristate '"TCPOPTSTRIP" target support (EXPERIMENTAL)'
depends on EXPERIMENTAL && NETFILTER_XTABLES depends on EXPERIMENTAL
depends on IP_NF_MANGLE || IP6_NF_MANGLE depends on IP_NF_MANGLE || IP6_NF_MANGLE
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
...@@ -509,7 +493,6 @@ config NETFILTER_XT_TARGET_TCPOPTSTRIP ...@@ -509,7 +493,6 @@ config NETFILTER_XT_TARGET_TCPOPTSTRIP
config NETFILTER_XT_MATCH_COMMENT config NETFILTER_XT_MATCH_COMMENT
tristate '"comment" match support' tristate '"comment" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `comment' dummy-match, which allows you to put This option adds a `comment' dummy-match, which allows you to put
...@@ -520,7 +503,6 @@ config NETFILTER_XT_MATCH_COMMENT ...@@ -520,7 +503,6 @@ config NETFILTER_XT_MATCH_COMMENT
config NETFILTER_XT_MATCH_CONNBYTES config NETFILTER_XT_MATCH_CONNBYTES
tristate '"connbytes" per-connection counter match support' tristate '"connbytes" per-connection counter match support'
depends on NETFILTER_XTABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
select NF_CT_ACCT select NF_CT_ACCT
...@@ -533,7 +515,6 @@ config NETFILTER_XT_MATCH_CONNBYTES ...@@ -533,7 +515,6 @@ config NETFILTER_XT_MATCH_CONNBYTES
config NETFILTER_XT_MATCH_CONNLIMIT config NETFILTER_XT_MATCH_CONNLIMIT
tristate '"connlimit" match support"' tristate '"connlimit" match support"'
depends on NETFILTER_XTABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
---help--- ---help---
...@@ -542,7 +523,6 @@ config NETFILTER_XT_MATCH_CONNLIMIT ...@@ -542,7 +523,6 @@ config NETFILTER_XT_MATCH_CONNLIMIT
config NETFILTER_XT_MATCH_CONNMARK config NETFILTER_XT_MATCH_CONNMARK
tristate '"connmark" connection mark match support' tristate '"connmark" connection mark match support'
depends on NETFILTER_XTABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
select NF_CONNTRACK_MARK select NF_CONNTRACK_MARK
...@@ -556,7 +536,6 @@ config NETFILTER_XT_MATCH_CONNMARK ...@@ -556,7 +536,6 @@ config NETFILTER_XT_MATCH_CONNMARK
config NETFILTER_XT_MATCH_CONNTRACK config NETFILTER_XT_MATCH_CONNTRACK
tristate '"conntrack" connection tracking match support' tristate '"conntrack" connection tracking match support'
depends on NETFILTER_XTABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
...@@ -570,7 +549,6 @@ config NETFILTER_XT_MATCH_CONNTRACK ...@@ -570,7 +549,6 @@ config NETFILTER_XT_MATCH_CONNTRACK
config NETFILTER_XT_MATCH_DCCP config NETFILTER_XT_MATCH_DCCP
tristate '"dccp" protocol match support' tristate '"dccp" protocol match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
default IP_DCCP default IP_DCCP
help help
...@@ -583,7 +561,6 @@ config NETFILTER_XT_MATCH_DCCP ...@@ -583,7 +561,6 @@ config NETFILTER_XT_MATCH_DCCP
config NETFILTER_XT_MATCH_DSCP config NETFILTER_XT_MATCH_DSCP
tristate '"dscp" and "tos" match support' tristate '"dscp" and "tos" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `DSCP' match, which allows you to match against This option adds a `DSCP' match, which allows you to match against
...@@ -599,7 +576,6 @@ config NETFILTER_XT_MATCH_DSCP ...@@ -599,7 +576,6 @@ config NETFILTER_XT_MATCH_DSCP
config NETFILTER_XT_MATCH_ESP config NETFILTER_XT_MATCH_ESP
tristate '"esp" match support' tristate '"esp" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This match extension allows you to match a range of SPIs This match extension allows you to match a range of SPIs
...@@ -609,7 +585,7 @@ config NETFILTER_XT_MATCH_ESP ...@@ -609,7 +585,7 @@ config NETFILTER_XT_MATCH_ESP
config NETFILTER_XT_MATCH_HASHLIMIT config NETFILTER_XT_MATCH_HASHLIMIT
tristate '"hashlimit" match support' tristate '"hashlimit" match support'
depends on NETFILTER_XTABLES && (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `hashlimit' match. This option adds a `hashlimit' match.
...@@ -624,7 +600,6 @@ config NETFILTER_XT_MATCH_HASHLIMIT ...@@ -624,7 +600,6 @@ config NETFILTER_XT_MATCH_HASHLIMIT
config NETFILTER_XT_MATCH_HELPER config NETFILTER_XT_MATCH_HELPER
tristate '"helper" match support' tristate '"helper" match support'
depends on NETFILTER_XTABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
...@@ -635,7 +610,6 @@ config NETFILTER_XT_MATCH_HELPER ...@@ -635,7 +610,6 @@ config NETFILTER_XT_MATCH_HELPER
config NETFILTER_XT_MATCH_IPRANGE config NETFILTER_XT_MATCH_IPRANGE
tristate '"iprange" address range match support' tristate '"iprange" address range match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
---help--- ---help---
This option adds a "iprange" match, which allows you to match based on This option adds a "iprange" match, which allows you to match based on
...@@ -646,7 +620,6 @@ config NETFILTER_XT_MATCH_IPRANGE ...@@ -646,7 +620,6 @@ config NETFILTER_XT_MATCH_IPRANGE
config NETFILTER_XT_MATCH_LENGTH config NETFILTER_XT_MATCH_LENGTH
tristate '"length" match support' tristate '"length" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option allows you to match the length of a packet against a This option allows you to match the length of a packet against a
...@@ -656,7 +629,6 @@ config NETFILTER_XT_MATCH_LENGTH ...@@ -656,7 +629,6 @@ config NETFILTER_XT_MATCH_LENGTH
config NETFILTER_XT_MATCH_LIMIT config NETFILTER_XT_MATCH_LIMIT
tristate '"limit" match support' tristate '"limit" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
limit matching allows you to control the rate at which a rule can be limit matching allows you to control the rate at which a rule can be
...@@ -667,7 +639,6 @@ config NETFILTER_XT_MATCH_LIMIT ...@@ -667,7 +639,6 @@ config NETFILTER_XT_MATCH_LIMIT
config NETFILTER_XT_MATCH_MAC config NETFILTER_XT_MATCH_MAC
tristate '"mac" address match support' tristate '"mac" address match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
MAC matching allows you to match packets based on the source MAC matching allows you to match packets based on the source
...@@ -677,7 +648,6 @@ config NETFILTER_XT_MATCH_MAC ...@@ -677,7 +648,6 @@ config NETFILTER_XT_MATCH_MAC
config NETFILTER_XT_MATCH_MARK config NETFILTER_XT_MATCH_MARK
tristate '"mark" match support' tristate '"mark" match support'
depends on NETFILTER_XTABLES
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
Netfilter mark matching allows you to match packets based on the Netfilter mark matching allows you to match packets based on the
...@@ -688,7 +658,6 @@ config NETFILTER_XT_MATCH_MARK ...@@ -688,7 +658,6 @@ config NETFILTER_XT_MATCH_MARK
config NETFILTER_XT_MATCH_MULTIPORT config NETFILTER_XT_MATCH_MULTIPORT
tristate '"multiport" Multiple port match support' tristate '"multiport" Multiple port match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
Multiport matching allows you to match TCP or UDP packets based on Multiport matching allows you to match TCP or UDP packets based on
...@@ -699,7 +668,6 @@ config NETFILTER_XT_MATCH_MULTIPORT ...@@ -699,7 +668,6 @@ config NETFILTER_XT_MATCH_MULTIPORT
config NETFILTER_XT_MATCH_OWNER config NETFILTER_XT_MATCH_OWNER
tristate '"owner" match support' tristate '"owner" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
---help--- ---help---
Socket owner matching allows you to match locally-generated packets Socket owner matching allows you to match locally-generated packets
...@@ -708,7 +676,7 @@ config NETFILTER_XT_MATCH_OWNER ...@@ -708,7 +676,7 @@ config NETFILTER_XT_MATCH_OWNER
config NETFILTER_XT_MATCH_POLICY config NETFILTER_XT_MATCH_POLICY
tristate 'IPsec "policy" match support' tristate 'IPsec "policy" match support'
depends on NETFILTER_XTABLES && XFRM depends on XFRM
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
Policy matching allows you to match packets based on the Policy matching allows you to match packets based on the
...@@ -719,7 +687,7 @@ config NETFILTER_XT_MATCH_POLICY ...@@ -719,7 +687,7 @@ config NETFILTER_XT_MATCH_POLICY
config NETFILTER_XT_MATCH_PHYSDEV config NETFILTER_XT_MATCH_PHYSDEV
tristate '"physdev" match support' tristate '"physdev" match support'
depends on NETFILTER_XTABLES && BRIDGE && BRIDGE_NETFILTER depends on BRIDGE && BRIDGE_NETFILTER
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
Physdev packet matching matches against the physical bridge ports Physdev packet matching matches against the physical bridge ports
...@@ -729,7 +697,6 @@ config NETFILTER_XT_MATCH_PHYSDEV ...@@ -729,7 +697,6 @@ config NETFILTER_XT_MATCH_PHYSDEV
config NETFILTER_XT_MATCH_PKTTYPE config NETFILTER_XT_MATCH_PKTTYPE
tristate '"pkttype" packet type match support' tristate '"pkttype" packet type match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
Packet type matching allows you to match a packet by Packet type matching allows you to match a packet by
...@@ -742,7 +709,6 @@ config NETFILTER_XT_MATCH_PKTTYPE ...@@ -742,7 +709,6 @@ config NETFILTER_XT_MATCH_PKTTYPE
config NETFILTER_XT_MATCH_QUOTA config NETFILTER_XT_MATCH_QUOTA
tristate '"quota" match support' tristate '"quota" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `quota' match, which allows to match on a This option adds a `quota' match, which allows to match on a
...@@ -753,7 +719,6 @@ config NETFILTER_XT_MATCH_QUOTA ...@@ -753,7 +719,6 @@ config NETFILTER_XT_MATCH_QUOTA
config NETFILTER_XT_MATCH_RATEEST config NETFILTER_XT_MATCH_RATEEST
tristate '"rateest" match support' tristate '"rateest" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
select NETFILTER_XT_TARGET_RATEEST select NETFILTER_XT_TARGET_RATEEST
help help
...@@ -764,7 +729,6 @@ config NETFILTER_XT_MATCH_RATEEST ...@@ -764,7 +729,6 @@ config NETFILTER_XT_MATCH_RATEEST
config NETFILTER_XT_MATCH_REALM config NETFILTER_XT_MATCH_REALM
tristate '"realm" match support' tristate '"realm" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
select NET_CLS_ROUTE select NET_CLS_ROUTE
help help
...@@ -779,7 +743,6 @@ config NETFILTER_XT_MATCH_REALM ...@@ -779,7 +743,6 @@ config NETFILTER_XT_MATCH_REALM
config NETFILTER_XT_MATCH_RECENT config NETFILTER_XT_MATCH_RECENT
tristate '"recent" match support' tristate '"recent" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
---help--- ---help---
This match is used for creating one or many lists of recently This match is used for creating one or many lists of recently
...@@ -797,7 +760,7 @@ config NETFILTER_XT_MATCH_RECENT_PROC_COMPAT ...@@ -797,7 +760,7 @@ config NETFILTER_XT_MATCH_RECENT_PROC_COMPAT
config NETFILTER_XT_MATCH_SCTP config NETFILTER_XT_MATCH_SCTP
tristate '"sctp" protocol match support (EXPERIMENTAL)' tristate '"sctp" protocol match support (EXPERIMENTAL)'
depends on NETFILTER_XTABLES && EXPERIMENTAL depends on EXPERIMENTAL
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
default IP_SCTP default IP_SCTP
help help
...@@ -825,7 +788,6 @@ config NETFILTER_XT_MATCH_SOCKET ...@@ -825,7 +788,6 @@ config NETFILTER_XT_MATCH_SOCKET
config NETFILTER_XT_MATCH_STATE config NETFILTER_XT_MATCH_STATE
tristate '"state" match support' tristate '"state" match support'
depends on NETFILTER_XTABLES
depends on NF_CONNTRACK depends on NF_CONNTRACK
default m if NETFILTER_ADVANCED=n default m if NETFILTER_ADVANCED=n
help help
...@@ -837,7 +799,6 @@ config NETFILTER_XT_MATCH_STATE ...@@ -837,7 +799,6 @@ config NETFILTER_XT_MATCH_STATE
config NETFILTER_XT_MATCH_STATISTIC config NETFILTER_XT_MATCH_STATISTIC
tristate '"statistic" match support' tristate '"statistic" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `statistic' match, which allows you to match This option adds a `statistic' match, which allows you to match
...@@ -847,7 +808,6 @@ config NETFILTER_XT_MATCH_STATISTIC ...@@ -847,7 +808,6 @@ config NETFILTER_XT_MATCH_STATISTIC
config NETFILTER_XT_MATCH_STRING config NETFILTER_XT_MATCH_STRING
tristate '"string" match support' tristate '"string" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
select TEXTSEARCH select TEXTSEARCH
select TEXTSEARCH_KMP select TEXTSEARCH_KMP
...@@ -861,7 +821,6 @@ config NETFILTER_XT_MATCH_STRING ...@@ -861,7 +821,6 @@ config NETFILTER_XT_MATCH_STRING
config NETFILTER_XT_MATCH_TCPMSS config NETFILTER_XT_MATCH_TCPMSS
tristate '"tcpmss" match support' tristate '"tcpmss" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help help
This option adds a `tcpmss' match, which allows you to examine the This option adds a `tcpmss' match, which allows you to examine the
...@@ -872,7 +831,6 @@ config NETFILTER_XT_MATCH_TCPMSS ...@@ -872,7 +831,6 @@ config NETFILTER_XT_MATCH_TCPMSS
config NETFILTER_XT_MATCH_TIME config NETFILTER_XT_MATCH_TIME
tristate '"time" match support' tristate '"time" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
---help--- ---help---
This option adds a "time" match, which allows you to match based on This option adds a "time" match, which allows you to match based on
...@@ -887,7 +845,6 @@ config NETFILTER_XT_MATCH_TIME ...@@ -887,7 +845,6 @@ config NETFILTER_XT_MATCH_TIME
config NETFILTER_XT_MATCH_U32 config NETFILTER_XT_MATCH_U32
tristate '"u32" match support' tristate '"u32" match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
---help--- ---help---
u32 allows you to extract quantities of up to 4 bytes from a packet, u32 allows you to extract quantities of up to 4 bytes from a packet,
...@@ -899,5 +856,6 @@ config NETFILTER_XT_MATCH_U32 ...@@ -899,5 +856,6 @@ config NETFILTER_XT_MATCH_U32
Details and examples are in the kernel module source. Details and examples are in the kernel module source.
endmenu endif # NETFILTER_XTABLES
endmenu
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment