Fandom

How To Wiki

How to configure the Linux kernel/net/netfilter

< How to configure the Linux kernel | net

1,795pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Howto configure the Linux kernel / net / netfilter


Core Netfilter ConfigurationEdit

    • depends on NET && NETFILTER


  • Option: NETFILTER_NETLINK
    • Kernel Versions: 2.6.15.6 ... tristate Netfilter netlink interface help If this option is enabled, the kernel will include support for the new netfilter netlink interface.


  • Option: NETFILTER_NETLINK_QUEUE
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) Netfilter NFQUEUE over NFNETLINK interface
    • depends on NETFILTER_NETLINK
      If this option isenabled, the kernel will include support for queueing packets via NFNETLINK.


  • Option: NETFILTER_NETLINK_LOG
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) Netfilter LOG over NFNETLINK interface
    • depends on NETFILTER_NETLINK
      If this option is enabled, the kernel will include support for logging packets via NFNETLINK.
      This obsoletes the existing ipt_ULOG and ebg_ulog mechanisms, and is also scheduled to replace the old syslog-based ipt_LOG and ip6t_LOG modules.


  • Option: NF_CONNTRACK
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) Layer 3 Independent Connection tracking (EXPERIMENTAL)
    • depends on EXPERIMENTAL && IP_NF_CONNTRACK=n
    • default n
      Connection tracking keeps a record of what packets have passed through your machine, in order to figure out how they are related into connections.
      Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols.
      To compile it as a module, choose M here. If unsure, say N.


  • Option: NF_CT_ACCT
    • Kernel Versions: 2.6.15.6 ...
    • (on/off) Connection tracking flow accounting
    • depends on NF_CONNTRACK
      If this option is enabled, the connection tracking code will keep per-flow packet and byte counters.
      Those counters can be used for flow-based accounting or the `connbytes' match.
      If unsure, say `N'.


  • Option: NF_CONNTRACK_MARK
    • Kernel Versions: 2.6.15.6 ...
    • (on/off) 'Connection mark tracking support'
    • depends on NF_CONNTRACK
      This option enables support for connection marks, used by the `CONNMARK' target and `connmark' match. Similar to the mark value of packets, but this mark value is kept in the conntrack session instead of the individual packets.


  • Option: NF_CONNTRACK_EVENTS
    • Kernel Versions: 2.6.15.6 ...
    • (on/off) Connection tracking events (EXPERIMENTAL)
    • depends on EXPERIMENTAL && NF_CONNTRACK
      If this option is enabled, the connection tracking code will provide a notifier chain that can be used by other kernel code to get notified aboutchanges in the connection tracking state.
      If unsure, say `N'.


  • Option: NF_CT_PROTO_SCTP
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) 'SCTP protocol on new connection tracking support (EXPERIMENTAL)'
    • depends on EXPERIMENTAL && NF_CONNTRACK
    • default n
      With this option enabled, the layer 3 independent connection tracking code will be able to do state tracking on SCTP connections.
      If you want to compile it as a module, say M here and read Documentation/modules.txt. If unsure, say `N'.


  • Option: NF_CONNTRACK_FTP
    • Kernel Versions: 2.6.15.6 ...
    • (on/off/module) FTP support on new connection tracking (EXPERIMENTAL)
    • depends on EXPERIMENTAL && NF_CONNTRACK
      Tracking FTP connections is problematic: special helpers are required for tracking them, and doing masquerading and other forms of Network Address Translation on them.
      This is FTP support on Layer 3 independent connection tracking. Layer 3 independent connection tracking is experimental scheme which generalize ip_conntrack to support other layer 3 protocols.
      To compile it as a module, choose M here. If unsure, say N.



Linux Kernel Configuration

Also on Fandom

Random Wiki