summaryrefslogtreecommitdiffstats
path: root/kernel/linux2.5/net/bridge/netfilter/Config.help
blob: f8f3b951915fa76b59b0d1ce393f0e2aa4d3cb65 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
CONFIG_BRIDGE_EBT
  ebtables is an extendable frame filtering system for the Linux
  Ethernet bridge. Its usage and implementation is very similar to that
  of iptables.
  The difference is that ebtables works on the Link Layer, while iptables
  works on the Network Layer. ebtables can filter all frames that come
  into contact with a logical bridge device.
  Apart from filtering, ebtables also allows MAC source and destination
  alterations (we call it MAC SNAT and MAC DNAT) and also provides
  functionality for making Linux a brouter.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_T_FILTER
  The ebtables filter table is used to define frame filtering rules at
  local input, forwarding and local output. See the man page for
  ebtables(8).

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_T_NAT
  The ebtables nat table is used to define rules that alter the MAC
  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
  See the man page for ebtables(8).

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_BROUTE
  The ebtables broute table is used to define rules that decide between
  bridging and routing frames, giving Linux the functionality of a
  brouter. See the man page for ebtables(8) and examples on the ebtables
  website.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_LOG
  This option adds the log target, that you can use in any rule in
  any ebtables table. It records the frame header to the syslog.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_IPF
  This option adds the IP match, which allows basic IP header field
  filtering.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_ARPF
  This option adds the ARP match, which allows ARP and RARP header field
  filtering.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_VLANF
  This option adds the 802.1Q vlan match, which allows the filtering of
  802.1Q vlan fields.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_MARKF
  This option adds the mark match, which allows matching frames based on
  the 'nfmark' value in the frame. This can be set by the mark target.
  This value is the same as the one used in the iptables mark match and
  target.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_SNAT
  This option adds the MAC SNAT target, which allows altering the MAC
  source address of frames.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_DNAT
  This option adds the MAC DNAT target, which allows altering the MAC
  destination address of frames.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_REDIRECT
  This option adds the MAC redirect target, which allows altering the MAC
  destination address of a frame to that of the device it arrived on.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.

CONFIG_BRIDGE_EBT_MARK_T
  This option adds the mark target, which allows marking frames by
  setting the 'nfmark' value in the frame.
  This value is the same as the one used in the iptables mark match and
  target.

  If you want to compile it as a module, say M here and read
  <file:Documentation/modules.txt>.  If unsure, say `N'.