[NETFILTER]: Add CONFIG_NETFILTER_ADVANCED option

	  You can say Y here if you want to get additional messages useful in

	  debugging the netfilter code.

config NETFILTER_ADVANCED

	bool "Advanced netfilter configuration"

	depends on NETFILTER

	default y

	help

	  If you say Y here you can select between all the netfilter modules.

	  If you say N the more ununsual ones will not be shown and the

	  basic ones needed by most people will default to 'M'.

	  If unsure, say Y.

config BRIDGE_NETFILTER

	bool "Bridged IP/ARP packets filtering"

	depends on BRIDGE && NETFILTER && INET

	depends on NETFILTER_ADVANCED

	default y

	---help---

	  Enabling this option will let arptables resp. iptables see bridged

#

menu "Bridge: Netfilter Configuration"

	depends on BRIDGE && NETFILTER

	depends on BRIDGE && BRIDGE_NETFILTER

config BRIDGE_NF_EBTABLES

	tristate "Ethernet Bridge tables (ebtables) support"

menu "DECnet: Netfilter Configuration"

	depends on DECNET && NETFILTER && EXPERIMENTAL

	depends on NETFILTER_ADVANCED

config DECNET_NF_GRABULATOR

	tristate "Routing message grabulator (for userland routing daemon)"

config NF_CONNTRACK_IPV4

	tristate "IPv4 connection tracking support (required for NAT)"

	depends on NF_CONNTRACK

	default m if NETFILTER_ADVANCED=n

	---help---

	  Connection tracking keeps a record of what packets have passed

	  through your machine, in order to figure out how they are related

config IP_NF_QUEUE

	tristate "IP Userspace queueing via NETLINK (OBSOLETE)"

	depends on NETFILTER_ADVANCED

	help

	  Netfilter has the ability to queue packets to user space: the

	  netlink device can be used to access them using this driver.

config IP_NF_IPTABLES

	tristate "IP tables support (required for filtering/masq/NAT)"

	default m if NETFILTER_ADVANCED=n

	select NETFILTER_XTABLES

	help

	  iptables is a general, extensible packet identification framework.

config IP_NF_MATCH_IPRANGE

	tristate '"iprange" match support'

	depends on IP_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This option makes possible to match IP addresses against IP address

	  ranges.

config IP_NF_MATCH_RECENT

	tristate '"recent" match support'

	depends on IP_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This match is used for creating one or many lists of recently

	  used addresses and then matching against that/those list(s).

config IP_NF_MATCH_ECN

	tristate '"ecn" match support'

	depends on IP_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This option adds a `ECN' match, which allows you to match against

	  the IPv4 and TCP header ECN fields.

config IP_NF_MATCH_AH

	tristate '"ah" match support'

	depends on IP_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This match extension allows you to match a range of SPIs

	  inside AH header of IPSec packets.

config IP_NF_MATCH_TTL

	tristate '"ttl" match support'

	depends on IP_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This adds CONFIG_IP_NF_MATCH_TTL option, which enabled the user

	  to match packets by their TTL value.

config IP_NF_MATCH_ADDRTYPE

	tristate '"addrtype" address type match support'

	depends on IP_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This option allows you to match what routing thinks of an address,

	  eg. UNICAST, LOCAL, BROADCAST, ...

config IP_NF_FILTER

	tristate "Packet filtering"

	depends on IP_NF_IPTABLES

	default m if NETFILTER_ADVANCED=n

	help

	  Packet filtering defines a table `filter', which has a series of

	  rules for simple packet filtering at local input, forwarding and

config IP_NF_TARGET_REJECT

	tristate "REJECT target support"

	depends on IP_NF_FILTER

	default m if NETFILTER_ADVANCED=n

	help

	  The REJECT target allows a filtering rule to specify that an ICMP

	  error should be issued in response to an incoming packet, rather

config IP_NF_TARGET_LOG

	tristate "LOG target support"

	depends on IP_NF_IPTABLES

	default m if NETFILTER_ADVANCED=n

	help

	  This option adds a `LOG' target, which allows you to create rules in

	  any iptables table which records the packet header to the syslog.

config IP_NF_TARGET_ULOG

	tristate "ULOG target support"

	depends on IP_NF_IPTABLES

	default m if NETFILTER_ADVANCED=n

	---help---

	  This option enables the old IPv4-only "ipt_ULOG" implementation

config NF_NAT

	tristate "Full NAT"

	depends on IP_NF_IPTABLES && NF_CONNTRACK_IPV4

	default m if NETFILTER_ADVANCED=n

	help

	  The Full NAT option allows masquerading, port forwarding and other

	  forms of full Network Address Port Translation.  It is controlled by

config IP_NF_TARGET_MASQUERADE

	tristate "MASQUERADE target support"

	depends on NF_NAT

	default m if NETFILTER_ADVANCED=n

	help

	  Masquerading is a special case of NAT: all outgoing connections are

	  changed to seem to come from a particular interface's address, and

config IP_NF_TARGET_REDIRECT

	tristate "REDIRECT target support"

	depends on NF_NAT

	depends on NETFILTER_ADVANCED

	help

	  REDIRECT is a special case of NAT: all incoming connections are

	  mapped onto the incoming interface's address, causing the packets to

config IP_NF_TARGET_NETMAP

	tristate "NETMAP target support"

	depends on NF_NAT

	depends on NETFILTER_ADVANCED

	help

	  NETMAP is an implementation of static 1:1 NAT mapping of network

	  addresses. It maps the network address part, while keeping the host

config NF_NAT_SNMP_BASIC

	tristate "Basic SNMP-ALG support (EXPERIMENTAL)"

	depends on EXPERIMENTAL && NF_NAT

	depends on NETFILTER_ADVANCED

	---help---

	  This module implements an Application Layer Gateway (ALG) for

config IP_NF_MANGLE

	tristate "Packet mangling"

	depends on IP_NF_IPTABLES

	default m if NETFILTER_ADVANCED=n

	help

	  This option adds a `mangle' table to iptables: see the man page for

	  iptables(8).  This table is used for various packet alterations

config IP_NF_TARGET_ECN

	tristate "ECN target support"

	depends on IP_NF_MANGLE

	depends on NETFILTER_ADVANCED

	---help---

	  This option adds a `ECN' target, which can be used in the iptables mangle

	  table.  

config IP_NF_TARGET_TTL

	tristate  'TTL target support'

	depends on IP_NF_MANGLE

	depends on NETFILTER_ADVANCED

	help

	  This option adds a `TTL' target, which enables the user to modify

	  the TTL value of the IP header.

	tristate "CLUSTERIP target support (EXPERIMENTAL)"

	depends on IP_NF_MANGLE && EXPERIMENTAL

	depends on NF_CONNTRACK_IPV4

	depends on NETFILTER_ADVANCED

	select NF_CONNTRACK_MARK

	help

	  The CLUSTERIP target allows you to build load-balancing clusters of

config IP_NF_RAW

	tristate  'raw table support (required for NOTRACK/TRACE)'

	depends on IP_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This option adds a `raw' table to iptables. This table is the very

	  first in the netfilter framework and hooks in at the PREROUTING

config IP_NF_ARPTABLES

	tristate "ARP tables support"

	select NETFILTER_XTABLES

	depends on NETFILTER_ADVANCED

	help

	  arptables is a general, extensible packet identification framework.

	  The ARP packet filtering and mangling (manipulation)subsystems

config NF_CONNTRACK_IPV6

	tristate "IPv6 connection tracking support (EXPERIMENTAL)"

	depends on INET && IPV6 && EXPERIMENTAL && NF_CONNTRACK

	default m if NETFILTER_ADVANCED=n

	---help---

	  Connection tracking keeps a record of what packets have passed

	  through your machine, in order to figure out how they are related

config IP6_NF_QUEUE

	tristate "IP6 Userspace queueing via NETLINK (OBSOLETE)"

	depends on INET && IPV6 && NETFILTER && EXPERIMENTAL

	depends on NETFILTER_ADVANCED

	---help---

	  This option adds a queue handler to the kernel for IPv6

	tristate "IP6 tables support (required for filtering)"

	depends on INET && IPV6 && EXPERIMENTAL

	select NETFILTER_XTABLES

	default m if NETFILTER_ADVANCED=n

	help

	  ip6tables is a general, extensible packet identification framework.

	  Currently only the packet filtering and packet mangling subsystem

config IP6_NF_MATCH_RT

	tristate '"rt" Routing header match support'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  rt matching allows you to match packets based on the routing

	  header of the packet.

config IP6_NF_MATCH_OPTS

	tristate '"hopbyhop" and "dst" opts header match support'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This allows one to match packets based on the hop-by-hop

	  and destination options headers of a packet.

config IP6_NF_MATCH_FRAG

	tristate '"frag" Fragmentation header match support'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  frag matching allows you to match packets based on the fragmentation

	  header of the packet.

config IP6_NF_MATCH_HL

	tristate '"hl" match support'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  HL matching allows you to match packets based on the hop

	  limit of the packet.

config IP6_NF_MATCH_IPV6HEADER

	tristate '"ipv6header" IPv6 Extension Headers Match'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This module allows one to match packets based upon

	  the ipv6 extension headers.

config IP6_NF_MATCH_AH

	tristate '"ah" match support'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This module allows one to match AH packets.

config IP6_NF_MATCH_MH

	tristate '"mh" match support'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This module allows one to match MH packets.

config IP6_NF_MATCH_EUI64

	tristate '"eui64" address check'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This module performs checking on the IPv6 source address

	  Compares the last 64 bits with the EUI64 (delivered

config IP6_NF_FILTER

	tristate "Packet filtering"

	depends on IP6_NF_IPTABLES

	default m if NETFILTER_ADVANCED=n

	help

	  Packet filtering defines a table `filter', which has a series of

	  rules for simple packet filtering at local input, forwarding and

config IP6_NF_TARGET_LOG

	tristate "LOG target support"

	depends on IP6_NF_FILTER

	default m if NETFILTER_ADVANCED=n

	help

	  This option adds a `LOG' target, which allows you to create rules in

	  any iptables table which records the packet header to the syslog.

config IP6_NF_TARGET_REJECT

	tristate "REJECT target support"

	depends on IP6_NF_FILTER

	default m if NETFILTER_ADVANCED=n

	help

	  The REJECT target allows a filtering rule to specify that an ICMPv6

	  error should be issued in response to an incoming packet, rather

config IP6_NF_MANGLE

	tristate "Packet mangling"

	depends on IP6_NF_IPTABLES

	default m if NETFILTER_ADVANCED=n

	help

	  This option adds a `mangle' table to iptables: see the man page for

	  iptables(8).  This table is used for various packet alterations

config IP6_NF_TARGET_HL

	tristate  'HL (hoplimit) target support'

	depends on IP6_NF_MANGLE

	depends on NETFILTER_ADVANCED

	help

	  This option adds a `HL' target, which enables the user to decrement

	  the hoplimit value of the IPv6 header or set it to a given (lower)

config IP6_NF_RAW

	tristate  'raw table support (required for TRACE)'

	depends on IP6_NF_IPTABLES

	depends on NETFILTER_ADVANCED

	help

	  This option adds a `raw' table to ip6tables. This table is the very

	  first in the netfilter framework and hooks in at the PREROUTING