Wikia

How To Wiki

How to configure the Linux kernel/net/netfilter

< How to configure the Linux kernel | net

1,795pages on
this wiki
Talk0

Howto configure the Linux kernel / net / netfilter


Core Netfilter ConfigurationEdit

    • depends on NET && NETFILTER


  • Option: NETFILTER_NETLINK
    • Kernel Versions: 2.6.15.6 ... tristate Netfilter netlink interface help If this option is enabled, the kernel will include support for the new netfilter netlink interface.


  • Option: NETFILTER_NETLINK_QUEUE
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) Netfilter NFQUEUE over NFNETLINK interface
    • depends on NETFILTER_NETLINK
      If this option isenabled, the kernel will include support for queueing packets via NFNETLINK.


  • Option: NETFILTER_NETLINK_LOG
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) Netfilter LOG over NFNETLINK interface
    • depends on NETFILTER_NETLINK
      If this option is enabled, the kernel will include support for logging packets via NFNETLINK.
      This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms, and is also scheduled to replace the old syslog-based ipt_LOG and ip6t_LOG modules.


  • Option: NF_CONNTRACK
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) Layer 3 Independent Connection tracking (EXPERIMENTAL)
    • depends on EXPERIMENTAL && IP_NF_CONNTRACK=n
    • default n
      Connection tracking keeps a record of what packets have passed through your machine, in order to figure out how they are related into connections.
      Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols.
      To compile it as a module, choose M here. If unsure, say N.


  • Option: NF_CT_ACCT
    • Kernel Versions: 2.6.15.6 ...
    • (on/off) Connection tracking flow accounting
    • depends on NF_CONNTRACK
      If this option is enabled, the connection tracking code will keep per-flow packet and byte counters.
      Those counters can be used for flow-based accounting or the `connbytes' match.
      If unsure, say `N'.


  • Option: NF_CONNTRACK_MARK
    • Kernel Versions: 2.6.15.6 ...
    • (on/off) 'Connection mark tracking support'
    • depends on NF_CONNTRACK
      This option enables support for connection marks, used by the `CONNMARK' target and `connmark' match. Similar to the mark value of packets, but this mark value is kept in the conntrack session instead of the individual packets.


  • Option: NF_CONNTRACK_EVENTS
    • Kernel Versions: 2.6.15.6 ...
    • (on/off) Connection tracking events (EXPERIMENTAL)
    • depends on EXPERIMENTAL && NF_CONNTRACK
      If this option is enabled, the connection tracking code will provide a notifier chain that can be used by other kernel code to get notified aboutchanges in the connection tracking state.
      If unsure, say `N'.


  • Option: NF_CT_PROTO_SCTP
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) 'SCTP protocol on new connection tracking support (EXPERIMENTAL)'
    • depends on EXPERIMENTAL && NF_CONNTRACK
    • default n
      With this option enabled, the layer 3 independent connection tracking code will be able to do state tracking on SCTP connections.
      If you want to compile it as a module, say M here and read Documentation/modules.txt. If unsure, say `N'.


  • Option: NF_CONNTRACK_FTP
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) FTP support on new connection tracking (EXPERIMENTAL)
    • depends on EXPERIMENTAL && NF_CONNTRACK
      Tracking FTP connections is problematic: special helpers are required for tracking them, and doing masquerading and other forms of Network Address Translation on them.
      This is FTP support on Layer 3 independent connection tracking. Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols.
      To compile it as a module, choose M here. If unsure, say N.



Linux Kernel Configuration

Around Wikia's network

Random Wiki