1#
2# Bridge netfilter configuration
3#
4#
5menuconfig NF_TABLES_BRIDGE
6	depends on BRIDGE && NETFILTER && NF_TABLES
7	tristate "Ethernet Bridge nf_tables support"
8
9if NF_TABLES_BRIDGE
10
11config NFT_BRIDGE_META
12	tristate "Netfilter nf_table bridge meta support"
13	depends on NFT_META
14	help
15	  Add support for bridge dedicated meta key.
16
17config NFT_BRIDGE_REJECT
18	tristate "Netfilter nf_tables bridge reject support"
19	depends on NFT_REJECT && NFT_REJECT_IPV4 && NFT_REJECT_IPV6
20	help
21	  Add support to reject packets.
22
23config NF_LOG_BRIDGE
24	tristate "Bridge packet logging"
25
26endif # NF_TABLES_BRIDGE
27
28menuconfig BRIDGE_NF_EBTABLES
29	tristate "Ethernet Bridge tables (ebtables) support"
30	depends on BRIDGE && NETFILTER && NETFILTER_XTABLES
31	help
32	  ebtables is a general, extensible frame/packet identification
33	  framework. Say 'Y' or 'M' here if you want to do Ethernet
34	  filtering/NAT/brouting on the Ethernet bridge.
35
36if BRIDGE_NF_EBTABLES
37
38#
39# tables
40#
41config BRIDGE_EBT_BROUTE
42	tristate "ebt: broute table support"
43	help
44	  The ebtables broute table is used to define rules that decide between
45	  bridging and routing frames, giving Linux the functionality of a
46	  brouter. See the man page for ebtables(8) and examples on the ebtables
47	  website.
48
49	  To compile it as a module, choose M here.  If unsure, say N.
50
51config BRIDGE_EBT_T_FILTER
52	tristate "ebt: filter table support"
53	help
54	  The ebtables filter table is used to define frame filtering rules at
55	  local input, forwarding and local output. See the man page for
56	  ebtables(8).
57
58	  To compile it as a module, choose M here.  If unsure, say N.
59
60config BRIDGE_EBT_T_NAT
61	tristate "ebt: nat table support"
62	help
63	  The ebtables nat table is used to define rules that alter the MAC
64	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
65	  See the man page for ebtables(8).
66
67	  To compile it as a module, choose M here.  If unsure, say N.
68#
69# matches
70#
71config BRIDGE_EBT_802_3
72	tristate "ebt: 802.3 filter support"
73	help
74	  This option adds matching support for 802.3 Ethernet frames.
75
76	  To compile it as a module, choose M here.  If unsure, say N.
77
78config BRIDGE_EBT_AMONG
79	tristate "ebt: among filter support"
80	help
81	  This option adds the among match, which allows matching the MAC source
82	  and/or destination address on a list of addresses. Optionally,
83	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
84
85	  To compile it as a module, choose M here.  If unsure, say N.
86
87config BRIDGE_EBT_ARP
88	tristate "ebt: ARP filter support"
89	help
90	  This option adds the ARP match, which allows ARP and RARP header field
91	  filtering.
92
93	  To compile it as a module, choose M here.  If unsure, say N.
94
95config BRIDGE_EBT_IP
96	tristate "ebt: IP filter support"
97	help
98	  This option adds the IP match, which allows basic IP header field
99	  filtering.
100
101	  To compile it as a module, choose M here.  If unsure, say N.
102
103config BRIDGE_EBT_IP6
104	tristate "ebt: IP6 filter support"
105	depends on BRIDGE_NF_EBTABLES && IPV6
106	help
107	  This option adds the IP6 match, which allows basic IPV6 header field
108	  filtering.
109
110	  To compile it as a module, choose M here.  If unsure, say N.
111
112config BRIDGE_EBT_LIMIT
113	tristate "ebt: limit match support"
114	help
115	  This option adds the limit match, which allows you to control
116	  the rate at which a rule can be matched. This match is the
117	  equivalent of the iptables limit match.
118
119	  If you want to compile it as a module, say M here and read
120	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
121
122config BRIDGE_EBT_MARK
123	tristate "ebt: mark filter support"
124	help
125	  This option adds the mark match, which allows matching frames based on
126	  the 'nfmark' value in the frame. This can be set by the mark target.
127	  This value is the same as the one used in the iptables mark match and
128	  target.
129
130	  To compile it as a module, choose M here.  If unsure, say N.
131
132config BRIDGE_EBT_PKTTYPE
133	tristate "ebt: packet type filter support"
134	help
135	  This option adds the packet type match, which allows matching on the
136	  type of packet based on its Ethernet "class" (as determined by
137	  the generic networking code): broadcast, multicast,
138	  for this host alone or for another host.
139
140	  To compile it as a module, choose M here.  If unsure, say N.
141
142config BRIDGE_EBT_STP
143	tristate "ebt: STP filter support"
144	help
145	  This option adds the Spanning Tree Protocol match, which
146	  allows STP header field filtering.
147
148	  To compile it as a module, choose M here.  If unsure, say N.
149
150config BRIDGE_EBT_VLAN
151	tristate "ebt: 802.1Q VLAN filter support"
152	help
153	  This option adds the 802.1Q vlan match, which allows the filtering of
154	  802.1Q vlan fields.
155
156	  To compile it as a module, choose M here.  If unsure, say N.
157#
158# targets
159#
160config BRIDGE_EBT_ARPREPLY
161	tristate "ebt: arp reply target support"
162	depends on BRIDGE_NF_EBTABLES && INET
163	help
164	  This option adds the arp reply target, which allows
165	  automatically sending arp replies to arp requests.
166
167	  To compile it as a module, choose M here.  If unsure, say N.
168
169config BRIDGE_EBT_DNAT
170	tristate "ebt: dnat target support"
171	help
172	  This option adds the MAC DNAT target, which allows altering the MAC
173	  destination address of frames.
174
175	  To compile it as a module, choose M here.  If unsure, say N.
176
177config BRIDGE_EBT_MARK_T
178	tristate "ebt: mark target support"
179	help
180	  This option adds the mark target, which allows marking frames by
181	  setting the 'nfmark' value in the frame.
182	  This value is the same as the one used in the iptables mark match and
183	  target.
184
185	  To compile it as a module, choose M here.  If unsure, say N.
186
187config BRIDGE_EBT_REDIRECT
188	tristate "ebt: redirect target support"
189	help
190	  This option adds the MAC redirect target, which allows altering the MAC
191	  destination address of a frame to that of the device it arrived on.
192
193	  To compile it as a module, choose M here.  If unsure, say N.
194
195config BRIDGE_EBT_SNAT
196	tristate "ebt: snat target support"
197	help
198	  This option adds the MAC SNAT target, which allows altering the MAC
199	  source address of frames.
200
201	  To compile it as a module, choose M here.  If unsure, say N.
202#
203# watchers
204#
205config BRIDGE_EBT_LOG
206	tristate "ebt: log support"
207	help
208	  This option adds the log watcher, that you can use in any rule
209	  in any ebtables table. It records info about the frame header
210	  to the syslog.
211
212	  To compile it as a module, choose M here.  If unsure, say N.
213
214config BRIDGE_EBT_NFLOG
215	tristate "ebt: nflog support"
216	help
217	  This option enables the nflog watcher, which allows to LOG
218	  messages through the netfilter logging API, which can use
219	  either the old LOG target, the old ULOG target or nfnetlink_log
220	  as backend.
221
222	  This option adds the nflog watcher, that you can use in any rule
223	  in any ebtables table.
224
225	  To compile it as a module, choose M here.  If unsure, say N.
226
227endif # BRIDGE_NF_EBTABLES
228