1#
2# Bridge netfilter configuration
3#
4
5menuconfig BRIDGE_NF_EBTABLES
6	tristate "Ethernet Bridge tables (ebtables) support"
7	depends on BRIDGE && NETFILTER
8	select NETFILTER_XTABLES
9	help
10	  ebtables is a general, extensible frame/packet identification
11	  framework. Say 'Y' or 'M' here if you want to do Ethernet
12	  filtering/NAT/brouting on the Ethernet bridge.
13
14if BRIDGE_NF_EBTABLES
15
16#
17# tables
18#
19config BRIDGE_EBT_BROUTE
20	tristate "ebt: broute table support"
21	help
22	  The ebtables broute table is used to define rules that decide between
23	  bridging and routing frames, giving Linux the functionality of a
24	  brouter. See the man page for ebtables(8) and examples on the ebtables
25	  website.
26
27	  To compile it as a module, choose M here.  If unsure, say N.
28
29config BRIDGE_EBT_T_FILTER
30	tristate "ebt: filter table support"
31	help
32	  The ebtables filter table is used to define frame filtering rules at
33	  local input, forwarding and local output. See the man page for
34	  ebtables(8).
35
36	  To compile it as a module, choose M here.  If unsure, say N.
37
38config BRIDGE_EBT_T_NAT
39	tristate "ebt: nat table support"
40	help
41	  The ebtables nat table is used to define rules that alter the MAC
42	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
43	  See the man page for ebtables(8).
44
45	  To compile it as a module, choose M here.  If unsure, say N.
46#
47# matches
48#
49config BRIDGE_EBT_802_3
50	tristate "ebt: 802.3 filter support"
51	help
52	  This option adds matching support for 802.3 Ethernet frames.
53
54	  To compile it as a module, choose M here.  If unsure, say N.
55
56config BRIDGE_EBT_AMONG
57	tristate "ebt: among filter support"
58	help
59	  This option adds the among match, which allows matching the MAC source
60	  and/or destination address on a list of addresses. Optionally,
61	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
62
63	  To compile it as a module, choose M here.  If unsure, say N.
64
65config BRIDGE_EBT_ARP
66	tristate "ebt: ARP filter support"
67	help
68	  This option adds the ARP match, which allows ARP and RARP header field
69	  filtering.
70
71	  To compile it as a module, choose M here.  If unsure, say N.
72
73config BRIDGE_EBT_IP
74	tristate "ebt: IP filter support"
75	help
76	  This option adds the IP match, which allows basic IP header field
77	  filtering.
78
79	  To compile it as a module, choose M here.  If unsure, say N.
80
81config BRIDGE_EBT_IP6
82	tristate "ebt: IP6 filter support"
83	depends on BRIDGE_NF_EBTABLES && IPV6
84	help
85	  This option adds the IP6 match, which allows basic IPV6 header field
86	  filtering.
87
88	  To compile it as a module, choose M here.  If unsure, say N.
89
90config BRIDGE_EBT_LIMIT
91	tristate "ebt: limit match support"
92	help
93	  This option adds the limit match, which allows you to control
94	  the rate at which a rule can be matched. This match is the
95	  equivalent of the iptables limit match.
96
97	  If you want to compile it as a module, say M here and read
98	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
99
100config BRIDGE_EBT_MARK
101	tristate "ebt: mark filter support"
102	help
103	  This option adds the mark match, which allows matching frames based on
104	  the 'nfmark' value in the frame. This can be set by the mark target.
105	  This value is the same as the one used in the iptables mark match and
106	  target.
107
108	  To compile it as a module, choose M here.  If unsure, say N.
109
110config BRIDGE_EBT_PKTTYPE
111	tristate "ebt: packet type filter support"
112	help
113	  This option adds the packet type match, which allows matching on the
114	  type of packet based on its Ethernet "class" (as determined by
115	  the generic networking code): broadcast, multicast,
116	  for this host alone or for another host.
117
118	  To compile it as a module, choose M here.  If unsure, say N.
119
120config BRIDGE_EBT_STP
121	tristate "ebt: STP filter support"
122	help
123	  This option adds the Spanning Tree Protocol match, which
124	  allows STP header field filtering.
125
126	  To compile it as a module, choose M here.  If unsure, say N.
127
128config BRIDGE_EBT_VLAN
129	tristate "ebt: 802.1Q VLAN filter support"
130	help
131	  This option adds the 802.1Q vlan match, which allows the filtering of
132	  802.1Q vlan fields.
133
134	  To compile it as a module, choose M here.  If unsure, say N.
135#
136# targets
137#
138config BRIDGE_EBT_ARPREPLY
139	tristate "ebt: arp reply target support"
140	depends on BRIDGE_NF_EBTABLES && INET
141	help
142	  This option adds the arp reply target, which allows
143	  automatically sending arp replies to arp requests.
144
145	  To compile it as a module, choose M here.  If unsure, say N.
146
147config BRIDGE_EBT_DNAT
148	tristate "ebt: dnat target support"
149	help
150	  This option adds the MAC DNAT target, which allows altering the MAC
151	  destination address of frames.
152
153	  To compile it as a module, choose M here.  If unsure, say N.
154
155config BRIDGE_EBT_MARK_T
156	tristate "ebt: mark target support"
157	help
158	  This option adds the mark target, which allows marking frames by
159	  setting the 'nfmark' value in the frame.
160	  This value is the same as the one used in the iptables mark match and
161	  target.
162
163	  To compile it as a module, choose M here.  If unsure, say N.
164
165config BRIDGE_EBT_REDIRECT
166	tristate "ebt: redirect target support"
167	help
168	  This option adds the MAC redirect target, which allows altering the MAC
169	  destination address of a frame to that of the device it arrived on.
170
171	  To compile it as a module, choose M here.  If unsure, say N.
172
173config BRIDGE_EBT_SNAT
174	tristate "ebt: snat target support"
175	help
176	  This option adds the MAC SNAT target, which allows altering the MAC
177	  source address of frames.
178
179	  To compile it as a module, choose M here.  If unsure, say N.
180#
181# watchers
182#
183config BRIDGE_EBT_LOG
184	tristate "ebt: log support"
185	help
186	  This option adds the log watcher, that you can use in any rule
187	  in any ebtables table. It records info about the frame header
188	  to the syslog.
189
190	  To compile it as a module, choose M here.  If unsure, say N.
191
192config BRIDGE_EBT_ULOG
193	tristate "ebt: ulog support (OBSOLETE)"
194	help
195	  This option enables the old bridge-specific "ebt_ulog" implementation
196	  which has been obsoleted by the new "nfnetlink_log" code (see
197	  CONFIG_NETFILTER_NETLINK_LOG).
198
199	  This option adds the ulog watcher, that you can use in any rule
200	  in any ebtables table. The packet is passed to a userspace
201	  logging daemon using netlink multicast sockets. This differs
202	  from the log watcher in the sense that the complete packet is
203	  sent to userspace instead of a descriptive text and that
204	  netlink multicast sockets are used instead of the syslog.
205
206	  To compile it as a module, choose M here.  If unsure, say N.
207
208config BRIDGE_EBT_NFLOG
209	tristate "ebt: nflog support"
210	help
211	  This option enables the nflog watcher, which allows to LOG
212	  messages through the netfilter logging API, which can use
213	  either the old LOG target, the old ULOG target or nfnetlink_log
214	  as backend.
215
216	  This option adds the nflog watcher, that you can use in any rule
217	  in any ebtables table.
218
219	  To compile it as a module, choose M here.  If unsure, say N.
220
221endif # BRIDGE_NF_EBTABLES
222