summaryrefslogtreecommitdiff
path: root/net/netfilter/ipset/Kconfig
blob: 3c273483df239647ddeeeaa8c0d1f63245233754 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# SPDX-License-Identifier: GPL-2.0-only
menuconfig IP_SET
	tristate "IP set support"
	depends on INET && NETFILTER
	select NETFILTER_NETLINK
	help
	  This option adds IP set support to the kernel.
	  In order to define and use the sets, you need the userspace utility
	  ipset(8). You can use the sets in netfilter via the "set" match
	  and "SET" target.

	  To compile it as a module, choose M here.  If unsure, say N.

if IP_SET

config IP_SET_MAX
	int "Maximum number of IP sets"
	default 256
	range 2 65534
	depends on IP_SET
	help
	  You can define here default value of the maximum number 
	  of IP sets for the kernel.

	  The value can be overridden by the 'max_sets' module
	  parameter of the 'ip_set' module.

config IP_SET_BITMAP_IP
	tristate "bitmap:ip set support"
	depends on IP_SET
	help
	  This option adds the bitmap:ip set type support, by which one
	  can store IPv4 addresses (or network addresse) from a range.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_BITMAP_IPMAC
	tristate "bitmap:ip,mac set support"
	depends on IP_SET
	help
	  This option adds the bitmap:ip,mac set type support, by which one
	  can store IPv4 address and (source) MAC address pairs from a range.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_BITMAP_PORT
	tristate "bitmap:port set support"
	depends on IP_SET
	help
	  This option adds the bitmap:port set type support, by which one
	  can store TCP/UDP port numbers from a range.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_IP
	tristate "hash:ip set support"
	depends on IP_SET
	help
	  This option adds the hash:ip set type support, by which one
	  can store arbitrary IPv4 or IPv6 addresses (or network addresses)
	  in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_IPMARK
	tristate "hash:ip,mark set support"
	depends on IP_SET
	help
	  This option adds the hash:ip,mark set type support, by which one
	  can store IPv4/IPv6 address and mark pairs.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_IPPORT
	tristate "hash:ip,port set support"
	depends on IP_SET
	help
	  This option adds the hash:ip,port set type support, by which one
	  can store IPv4/IPv6 address and protocol/port pairs.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_IPPORTIP
	tristate "hash:ip,port,ip set support"
	depends on IP_SET
	help
	  This option adds the hash:ip,port,ip set type support, by which
	  one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6
	  address triples in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_IPPORTNET
	tristate "hash:ip,port,net set support"
	depends on IP_SET
	help
	  This option adds the hash:ip,port,net set type support, by which
	  one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6
	  network address/prefix triples in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_IPMAC
	tristate "hash:ip,mac set support"
	depends on IP_SET
	help
	  This option adds the hash:ip,mac set type support, by which
	  one can store IPv4/IPv6 address and MAC (ethernet address) pairs in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_MAC
	tristate "hash:mac set support"
	depends on IP_SET
	help
	  This option adds the hash:mac set type support, by which
	  one can store MAC (ethernet address) elements in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_NETPORTNET
	tristate "hash:net,port,net set support"
	depends on IP_SET
	help
	  This option adds the hash:net,port,net set type support, by which
	  one can store two IPv4/IPv6 subnets, and a protocol/port in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_NET
	tristate "hash:net set support"
	depends on IP_SET
	help
	  This option adds the hash:net set type support, by which
	  one can store IPv4/IPv6 network address/prefix elements in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_NETNET
	tristate "hash:net,net set support"
	depends on IP_SET
	help
	  This option adds the hash:net,net  set type support, by which
	  one can store IPv4/IPv6 network address/prefix pairs in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_NETPORT
	tristate "hash:net,port set support"
	depends on IP_SET
	help
	  This option adds the hash:net,port set type support, by which
	  one can store IPv4/IPv6 network address/prefix and
	  protocol/port pairs as elements in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_HASH_NETIFACE
	tristate "hash:net,iface set support"
	depends on IP_SET
	help
	  This option adds the hash:net,iface set type support, by which
	  one can store IPv4/IPv6 network address/prefix and
	  interface name pairs as elements in a set.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_SET_LIST_SET
	tristate "list:set set support"
	depends on IP_SET
	help
	  This option adds the list:set set type support. In this
	  kind of set one can store the name of other sets and it forms
	  an ordered union of the member sets.

	  To compile it as a module, choose M here.  If unsure, say N.

endif # IP_SET