Here is a patch against 2.4.0-test9,
which adds information about the modules produced by netfilter.
Please let me know if it is suitable.
Paul Schulz
** This message was bounced when I tried to send it to:
** Axil Boldt ([EMAIL PROTECTED])
** (Email address at the top of the file.. has this changed?)
-------------------------------------------------------------------------
diff -rU 3 kernel-source-2.4.0-test9/Documentation/Configure.help
kernel-source-2.4.0-test9ps1/Documentation/Configure.help
--- kernel-source-2.4.0-test9/Documentation/Configure.help Sat Sep 23 09:41:37
2000
+++ kernel-source-2.4.0-test9ps1/Documentation/Configure.help Wed Oct 11 23:30:13
+2000
@@ -1821,8 +1821,11 @@
enhance packet filtering (see `Connection state match support'
below).
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ip_conntrack.o.
+
+If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
FTP protocol support
CONFIG_IP_NF_FTP
@@ -1830,16 +1833,18 @@
required for tracking them, and doing masquerading and other forms
of Network Address Translation on them.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `Y'.
+ This driver is also available as a module. The module will be
+ called ip_conntrack_ftp.o. If you want to compile it as a module,
+ say M here and read Documentation/modules.txt. If unsure, say `Y'.
IP: user space queueing via NETLINK (EXPERIMENTAL)
CONFIG_IP_NF_QUEUE
Netfilter has the ability to queue packets to user space: the
netlink device can be used to access them using this driver.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ip_queue.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
IP: ip tables support (required for filtering/masq/NAT)
CONFIG_IP_NF_IPTABLES
@@ -1848,8 +1853,9 @@
etc) subsystems now use this: say `Y' or `M' here if you want to use
either of those.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ip_tables.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
limit match support
CONFIG_IP_NF_MATCH_LIMIT
@@ -1857,16 +1863,18 @@
matched: mainly useful in combination with the LOG target ("LOG
target support", below) and to avoid some Denial of Service attacks.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_limit.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
MAC address match support
CONFIG_IP_NF_MATCH_MAC
mac matching allows you to match packets based on the source
ethernet address of the packet.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_mac.o. If you want to compile it as a module, say M here
+ and read Documentation/modules.txt. If unsure, say `N'.
netfilter mark match support
CONFIG_IP_NF_MATCH_MARK
@@ -1874,8 +1882,9 @@
`nfmark' value in the packet. This can be set by the MARK target
(see below).
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_mark.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
Multiple port match support
CONFIG_IP_NF_MATCH_MULTIPORT
@@ -1883,16 +1892,18 @@
a series of source or destination ports: normally a rule can only
match a single range of ports.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_multiport.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
TOS match support
CONFIG_IP_NF_MATCH_TOS
TOS matching allows you to match packets based on the Type Of
Service fields of the IP packet.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_tos.o. If you want to compile it as a module, say M here
+ and read Documentation/modules.txt. If unsure, say `N'.
Connection state match support
CONFIG_IP_NF_MATCH_STATE
@@ -1900,24 +1911,27 @@
relationship to a tracked connection (ie. previous packets). This
is a powerful tool for packet classification.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_state.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
Unclean match support (EXPERIMENTAL)
CONFIG_IP_NF_MATCH_UNCLEAN
Unclean packet matching matches any strange or invalid packets, by
looking at a series of fields in the IP, TCP, UDP and ICMP headers.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_unclean.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
Owner match support (EXPERIMENTAL)
CONFIG_IP_NF_MATCH_OWNER
Packet owner matching allows you to match locally-generated packets
based on who created them: the user, group, process or session.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_owner.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
Packet filtering
CONFIG_IP_NF_FILTER
@@ -1925,8 +1939,9 @@
rules for simple packet filtering at local input, forwarding and
local output. See the man page for iptables(8).
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called iptable_filter.o. If you want to compile it as a module, say
+ M here and read Documentation/modules.txt. If unsure, say `N'.
REJECT target support
CONFIG_IP_NF_TARGET_REJECT
@@ -1934,16 +1949,18 @@
error should be issued in response to an incoming packet, rather
than silently being dropped.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_REJECT.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
MIRROR target support (EXPERIMENTAL)
CONFIG_IP_NF_TARGET_MIRROR
The MIRROR target allows a filtering rule to specify that an
incoming packet should be bounced back to the sender.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_MIRROR.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
Full NAT
CONFIG_IP_NF_NAT
@@ -1951,8 +1968,9 @@
forms of full Network Address Port Translation. It is controlled by
the `nat' table in iptables: see the man page for iptables(8).
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called iptable_nat.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
MASQUERADE target support
CONFIG_IP_NF_TARGET_MASQUERADE
@@ -1962,8 +1980,9 @@
only useful for dialup accounts with dynamic IP address (ie. your IP
address will be different on next dialup).
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_MASQUERADE.o. If you want to compile it as a module, say
+ M here and read Documentation/modules.txt. If unsure, say `N'.
REDIRECT target support
CONFIG_IP_NF_TARGET_REDIRECT
@@ -1972,8 +1991,9 @@
come to the local machine instead of passing through. This is
useful for transparent proxies.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_REDIRECT.o. If you want to compile it as a module, say M
+ here and read Documentation/modules.txt. If unsure, say `N'.
Packet mangling
CONFIG_IP_NF_MANGLE
@@ -1981,8 +2001,9 @@
iptables(8). This table is used for various packet alterations
which can effect how the packet is routed.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called iptable_mangle.o. If you want to compile it as a module, say
+ M here and read Documentation/modules.txt. If unsure, say `N'.
TOS target support
CONFIG_IP_NF_TARGET_TOS
@@ -1990,8 +2011,9 @@
the `mangle' table which alter the Type Of Service field of an IP
packet prior to routing.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_TOS.o. If you want to compile it as a module, say M here
+ and read Documentation/modules.txt. If unsure, say `N'.
MARK target support
CONFIG_IP_NF_TARGET_MARK
@@ -2002,16 +2024,18 @@
key') and can also be used by other subsystems to change their
behavior.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_MARK.o. If you want to compile it as a module, say M here
+ and read Documentation/modules.txt. If unsure, say `N'.
LOG target support
CONFIG_IP_NF_TARGET_LOG
This option adds a `LOG' target, which allows you to create rules in
any iptables table which records the packet header to the syslog.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipt_LOG.o. If you want to compile it as a module, say M here
+ and read Documentation/modules.txt. If unsure, say `N'.
ipchains (2.2-style) support
CONFIG_IP_NF_COMPAT_IPCHAINS
@@ -2021,8 +2045,9 @@
`Packet filtering'). With this enabled, you should be able to use
the ipchains tool exactly as in 2.2 kernels.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipchains.o. If you want to compile it as a module, say M here
+ and read Documentation/modules.txt. If unsure, say `N'.
ipfwadm (2.0-style) support
CONFIG_IP_NF_COMPAT_IPFWADM
@@ -2032,8 +2057,9 @@
`Packet filtering'). With this enabled, you should be able to use
the ipfwadm tool exactly as in 2.0 kernels.
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
+ This driver is also available as a module. The module will be
+ called ipfwadm.o. If you want to compile it as a module, say M here
+ and read Documentation/modules.txt. If unsure, say `N'.
SYN flood protection
CONFIG_SYN_COOKIES
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
