How to configure the Linux kernel/net/netfilter

Howto configure the Linux kernel / net / netfilter

Core Netfilter Configuration

 * depends on NET && NETFILTER


 * Option: NETFILTER_NETLINK
 * Kernel Versions: 2.6.15.6 ...     tristate Netfilter netlink interface      help        If this option is enabled, the kernel will include support        for the new netfilter netlink interface.


 * Option: NETFILTER_NETLINK_QUEUE
 * Kernel Versions: 2.6.15.6 ...
 * (on/off/module) Netfilter NFQUEUE over NFNETLINK interface
 * depends on NETFILTER_NETLINK
 * If this option isenabled, the kernel will include support for queueing packets via NFNETLINK.


 * Option: NETFILTER_NETLINK_LOG
 * Kernel Versions: 2.6.15.6 ...
 * (on/off/module) Netfilter LOG over NFNETLINK interface
 * depends on NETFILTER_NETLINK
 * If this option is enabled, the kernel will include support for logging packets via NFNETLINK.
 * This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms, and is also scheduled to replace the old syslog-based ipt_LOG and ip6t_LOG modules.


 * Option: NF_CONNTRACK
 * Kernel Versions: 2.6.15.6 ...
 * (on/off/module) Layer 3 Independent Connection tracking (EXPERIMENTAL)
 * depends on EXPERIMENTAL && IP_NF_CONNTRACK=n
 * default n
 * Connection tracking keeps a record of what packets have passed through your machine, in order to figure out how they are related into connections.
 * Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols.
 * To compile it as a module, choose M here. If unsure, say N.


 * Option: NF_CT_ACCT
 * Kernel Versions: 2.6.15.6 ...
 * (on/off) Connection tracking flow accounting
 * depends on NF_CONNTRACK
 * If this option is enabled, the connection tracking code will keep per-flow packet and byte counters.
 * Those counters can be used for flow-based accounting or the `connbytes' match.
 * If unsure, say `N'.


 * Option: NF_CONNTRACK_MARK
 * Kernel Versions: 2.6.15.6 ...
 * (on/off)  'Connection mark tracking support'
 * depends on NF_CONNTRACK
 * This option enables support for connection marks, used by the `CONNMARK' target and `connmark' match. Similar to the mark value of packets, but this mark value is kept in the conntrack session instead of the individual packets.


 * Option: NF_CONNTRACK_EVENTS
 * Kernel Versions: 2.6.15.6 ...
 * (on/off) Connection tracking events (EXPERIMENTAL)
 * depends on EXPERIMENTAL && NF_CONNTRACK
 * If this option is enabled, the connection tracking code will provide a notifier chain that can be used by other kernel code to get notified aboutchanges in the connection tracking state.
 * If unsure, say `N'.


 * Option: NF_CT_PROTO_SCTP
 * Kernel Versions: 2.6.15.6 ...
 * (on/off/module) 'SCTP protocol on new connection tracking support (EXPERIMENTAL)'
 * depends on EXPERIMENTAL && NF_CONNTRACK
 * default n
 * With this option enabled, the layer 3 independent connection tracking code will be able to do state tracking on SCTP connections.
 * If you want to compile it as a module, say M here and read Documentation/modules.txt. If unsure, say `N'.


 * Option: NF_CONNTRACK_FTP
 * Kernel Versions: 2.6.15.6 ...
 * (on/off/module) FTP support on new connection tracking (EXPERIMENTAL)
 * depends on EXPERIMENTAL && NF_CONNTRACK
 * Tracking FTP connections is problematic: special helpers are required for tracking them, and doing masquerading and other forms of Network Address Translation on them.
 * This is FTP support on Layer 3 independent connection tracking. Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols.
 * To compile it as a module, choose M here. If unsure, say N.

Linux Kernel Configuration