netfilter: move NAT Kconfig switches out of the iptables scope

	help

	  This option enables the ARP support for nf_tables.

config NF_NAT_IPV4

	tristate "IPv4 NAT"

	depends on NF_CONNTRACK_IPV4

	default m if NETFILTER_ADVANCED=n

	select NF_NAT

	help

	  The IPv4 NAT option allows masquerading, port forwarding and other

	  forms of full Network Address Port Translation. This can be

	  controlled by iptables or nft.

if NF_NAT_IPV4

config NF_NAT_SNMP_BASIC

	tristate "Basic SNMP-ALG support"

	depends on NF_CONNTRACK_SNMP

	depends on NETFILTER_ADVANCED

	default NF_NAT && NF_CONNTRACK_SNMP

	---help---

	  This module implements an Application Layer Gateway (ALG) for

	  SNMP payloads.  In conjunction with NAT, it allows a network

	  management system to access multiple private networks with

	  conflicting addresses.  It works by modifying IP addresses

	  inside SNMP payloads to match IP-layer NAT mapping.

	  This is the "basic" form of SNMP-ALG, as described in RFC 2962

	  To compile it as a module, choose M here.  If unsure, say N.

config NF_NAT_PROTO_GRE

	tristate

	depends on NF_CT_PROTO_GRE

config NF_NAT_PPTP

	tristate

	depends on NF_CONNTRACK

	default NF_CONNTRACK_PPTP

	select NF_NAT_PROTO_GRE

config NF_NAT_H323

	tristate

	depends on NF_CONNTRACK

	default NF_CONNTRACK_H323

endif # NF_NAT_IPV4

config IP_NF_IPTABLES

	tristate "IP tables support (required for filtering/masq/NAT)"

	default m if NETFILTER_ADVANCED=n

	  To compile it as a module, choose M here. If unsure, say N.

# NAT + specific targets: nf_conntrack

config NF_NAT_IPV4

	tristate "IPv4 NAT"

config IP_NF_NAT

	tristate "iptables NAT support"

	depends on NF_CONNTRACK_IPV4

	default m if NETFILTER_ADVANCED=n

	select NF_NAT

	select NF_NAT_IPV4

	select NETFILTER_XT_NAT

	help

	  The IPv4 NAT option allows masquerading, port forwarding and other

	  forms of full Network Address Port Translation.  It is controlled by

	  the `nat' table in iptables: see the man page for iptables(8).

	  This enables the `nat' table in iptables. This allows masquerading,

	  port forwarding and other forms of full Network Address Port

	  Translation.

	  To compile it as a module, choose M here.  If unsure, say N.

if NF_NAT_IPV4

if IP_NF_NAT

config IP_NF_TARGET_MASQUERADE

	tristate "MASQUERADE target support"

	(e.g. when running oldconfig). It selects

	CONFIG_NETFILTER_XT_TARGET_REDIRECT.

endif

config NF_NAT_SNMP_BASIC

	tristate "Basic SNMP-ALG support"

	depends on NF_CONNTRACK_SNMP && NF_NAT_IPV4

	depends on NETFILTER_ADVANCED

	default NF_NAT && NF_CONNTRACK_SNMP

	---help---

	  This module implements an Application Layer Gateway (ALG) for

	  SNMP payloads.  In conjunction with NAT, it allows a network

	  management system to access multiple private networks with

	  conflicting addresses.  It works by modifying IP addresses

	  inside SNMP payloads to match IP-layer NAT mapping.

	  This is the "basic" form of SNMP-ALG, as described in RFC 2962

	  To compile it as a module, choose M here.  If unsure, say N.

# If they want FTP, set to $CONFIG_IP_NF_NAT (m or y),

# or $CONFIG_IP_NF_FTP (m or y), whichever is weaker.

# From kconfig-language.txt:

#

#           <expr> '&&' <expr>                   (6)

#

# (6) Returns the result of min(/expr/, /expr/).

config NF_NAT_PROTO_GRE

	tristate

	depends on NF_NAT_IPV4 && NF_CT_PROTO_GRE

config NF_NAT_PPTP

	tristate

	depends on NF_CONNTRACK && NF_NAT_IPV4

	default NF_NAT_IPV4 && NF_CONNTRACK_PPTP

	select NF_NAT_PROTO_GRE

config NF_NAT_H323

	tristate

	depends on NF_CONNTRACK && NF_NAT_IPV4

	default NF_NAT_IPV4 && NF_CONNTRACK_H323

endif # IP_NF_NAT

# mangle + specific targets

config IP_NF_MANGLE

# the three instances of ip_tables

obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o

obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o

obj-$(CONFIG_NF_NAT_IPV4) += iptable_nat.o

obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o

obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o

obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o

	depends on NETFILTER_ADVANCED

	select NF_LOG_COMMON

config NF_NAT_IPV6

	tristate "IPv6 NAT"

	depends on NF_CONNTRACK_IPV6

	depends on NETFILTER_ADVANCED

	select NF_NAT

	help

	  The IPv6 NAT option allows masquerading, port forwarding and other

	  forms of full Network Address Port Translation. This can be

	  controlled by iptables or nft.

config IP6_NF_IPTABLES

	tristate "IP6 tables support (required for filtering)"

	depends on INET && IPV6

         If unsure, say N.

config NF_NAT_IPV6

	tristate "IPv6 NAT"

config IP6_NF_NAT

	tristate "ip6tables NAT support"

	depends on NF_CONNTRACK_IPV6

	depends on NETFILTER_ADVANCED

	select NF_NAT

	select NF_NAT_IPV6

	select NETFILTER_XT_NAT

	help

	  The IPv6 NAT option allows masquerading, port forwarding and other

	  forms of full Network Address Port Translation. It is controlled by

	  the `nat' table in ip6tables, see the man page for ip6tables(8).

	  This enables the `nat' table in ip6tables. This allows masquerading,

	  port forwarding and other forms of full Network Address Port

	  Translation.

	  To compile it as a module, choose M here.  If unsure, say N.

if NF_NAT_IPV6

if IP6_NF_NAT

config IP6_NF_TARGET_MASQUERADE

	tristate "MASQUERADE target support"

	  To compile it as a module, choose M here.  If unsure, say N.

endif # NF_NAT_IPV6

endif # IP6_NF_NAT

endif # IP6_NF_IPTABLES

obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o

obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o

obj-$(CONFIG_IP6_NF_SECURITY) += ip6table_security.o

obj-$(CONFIG_NF_NAT_IPV6) += ip6table_nat.o

obj-$(CONFIG_IP6_NF_NAT) += ip6table_nat.o

# objects for l3 independent conntrack

nf_conntrack_ipv6-y  :=  nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o

obj-$(CONFIG_NETFILTER_XT_MARK) += xt_mark.o

obj-$(CONFIG_NETFILTER_XT_CONNMARK) += xt_connmark.o

obj-$(CONFIG_NETFILTER_XT_SET) += xt_set.o

obj-$(CONFIG_NF_NAT) += xt_nat.o

obj-$(CONFIG_NETFILTER_XT_NAT) += xt_nat.o

# targets

obj-$(CONFIG_NETFILTER_XT_TARGET_AUDIT) += xt_AUDIT.o