into connections.
This is required to do Masquerading or other kinds of Network
- Address Translation (except for Fast NAT). It can also be used to
- enhance packet filtering (see `Connection state match support'
- below).
+ Address Translation. It can also be used to enhance packet
+ filtering (see `Connection state match support' below).
To compile it as a module, choose M here. If unsure, say N.
Those counters can be used for flow-based accounting or the
`connbytes' match.
+ Please note that currently this option only sets a default state.
+ You may change it at boot time with nf_conntrack.acct=0/1 kernel
+ paramater or by loading the nf_conntrack module with acct=0/1.
+
+ You may also disable/enable it on a running system with:
+ sysctl net.netfilter.nf_conntrack_acct=0/1
+
+ This option will be removed in 2.6.29.
+
If unsure, say `N'.
config NF_CONNTRACK_MARK
If unsure, say 'N'.
config NF_CONNTRACK_EVENTS
- bool "Connection tracking events (EXPERIMENTAL)"
- depends on EXPERIMENTAL && NF_CONNTRACK
+ bool "Connection tracking events"
+ depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED
help
If this option is enabled, the connection tracking code will
If unsure, say `N'.
+config NF_CT_PROTO_DCCP
+ tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)'
+ depends on EXPERIMENTAL && NF_CONNTRACK
+ depends on NETFILTER_ADVANCED
+ default IP_DCCP
+ help
+ With this option enabled, the layer 3 independent connection
+ tracking code will be able to do state tracking on DCCP connections.
+
+ If unsure, say 'N'.
+
config NF_CT_PROTO_GRE
tristate
depends on NF_CONNTRACK
tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
depends on EXPERIMENTAL && NF_CONNTRACK
depends on NETFILTER_ADVANCED
+ default IP_SCTP
help
With this option enabled, the layer 3 independent connection
tracking code will be able to do state tracking on SCTP connections.
<file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
config NF_CT_PROTO_UDPLITE
- tristate 'UDP-Lite protocol connection tracking support (EXPERIMENTAL)'
- depends on EXPERIMENTAL && NF_CONNTRACK
+ tristate 'UDP-Lite protocol connection tracking support'
+ depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED
help
With this option enabled, the layer 3 independent connection
To compile it as a module, choose M here. If unsure, say N.
config NF_CONNTRACK_H323
- tristate "H.323 protocol support (EXPERIMENTAL)"
- depends on EXPERIMENTAL && NF_CONNTRACK && (IPV6 || IPV6=n)
+ tristate "H.323 protocol support"
+ depends on NF_CONNTRACK && (IPV6 || IPV6=n)
depends on NETFILTER_ADVANCED
help
H.323 is a VoIP signalling protocol from ITU-T. As one of the most
To compile it as a module, choose M here. If unsure, say N.
config NF_CONNTRACK_NETBIOS_NS
- tristate "NetBIOS name service protocol support (EXPERIMENTAL)"
- depends on EXPERIMENTAL && NF_CONNTRACK
+ tristate "NetBIOS name service protocol support"
+ depends on NF_CONNTRACK
depends on NETFILTER_ADVANCED
help
NetBIOS name service requests are sent as broadcast messages from an
To compile it as a module, choose M here. If unsure, say N.
config NF_CONNTRACK_SIP
- tristate "SIP protocol support (EXPERIMENTAL)"
- depends on EXPERIMENTAL && NF_CONNTRACK
+ tristate "SIP protocol support"
+ depends on NF_CONNTRACK
default m if NETFILTER_ADVANCED=n
help
SIP is an application-layer control protocol that can establish,
To compile it as a module, choose M here. If unsure, say N.
config NF_CT_NETLINK
- tristate 'Connection tracking netlink interface (EXPERIMENTAL)'
- depends on EXPERIMENTAL && NF_CONNTRACK
+ tristate 'Connection tracking netlink interface'
+ depends on NF_CONNTRACK
select NETFILTER_NETLINK
depends on NF_NAT=n || NF_NAT
default m if NETFILTER_ADVANCED=n
tristate '"dccp" protocol match support'
depends on NETFILTER_XTABLES
depends on NETFILTER_ADVANCED
+ default IP_DCCP
help
With this option enabled, you will be able to use the iptables
`dccp' match in order to match on DCCP source/destination ports
To compile it as a module, choose M here. If unsure, say Y.
+config NETFILTER_XT_MATCH_IPRANGE
+ tristate '"iprange" address range match support'
+ depends on NETFILTER_XTABLES
+ depends on NETFILTER_ADVANCED
+ ---help---
+ This option adds a "iprange" match, which allows you to match based on
+ an IP address range. (Normal iptables only matches on single addresses
+ with an optional mask.)
+
+ If unsure, say M.
+
config NETFILTER_XT_MATCH_LENGTH
tristate '"length" match support'
depends on NETFILTER_XTABLES
tristate '"sctp" protocol match support (EXPERIMENTAL)'
depends on NETFILTER_XTABLES && EXPERIMENTAL
depends on NETFILTER_ADVANCED
+ default IP_SCTP
help
With this option enabled, you will be able to use the
`sctp' match in order to match on SCTP source/destination ports
projects / linux-2.6 / blobdiff