~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,3 +1,4 @@
	1	+# SPDX-License-Identifier: GPL-2.0-only
1	2	#
2	3	# IP netfilter configuration
3	4	#
..	..	@@ -26,14 +27,6 @@
26	27	This option enables the IPv4 support for nf_tables.
27	28
28	29	if NF_TABLES_IPV4
29		-
30		-config NFT_CHAIN_ROUTE_IPV4
31		- tristate "IPv4 nf_tables route chain support"
32		- help
33		- This option enables the "route" chain for IPv4 in nf_tables. This
34		- chain type is used to force packet re-routing after mangling header
35		- fields such as the source, destination, type of service and
36		- the packet mark.
37	30
38	31	config NFT_REJECT_IPV4
39	32	select NF_REJECT_IPV4
..	..	@@ -94,57 +87,14 @@
94	87	tristate "IPv4 packet rejection"
95	88	default m if NETFILTER_ADVANCED=n
96	89
97		-config NF_NAT_IPV4
98		- tristate "IPv4 NAT"
99		- depends on NF_CONNTRACK
100		- default m if NETFILTER_ADVANCED=n
101		- select NF_NAT
102		- help
103		- The IPv4 NAT option allows masquerading, port forwarding and other
104		- forms of full Network Address Port Translation. This can be
105		- controlled by iptables or nft.
106		-
107		-if NF_NAT_IPV4
108		-
109		-config NF_NAT_MASQUERADE_IPV4
110		- bool
111		-
112		-if NF_TABLES
113		-config NFT_CHAIN_NAT_IPV4
114		- depends on NF_TABLES_IPV4
115		- tristate "IPv4 nf_tables nat chain support"
116		- help
117		- This option enables the "nat" chain for IPv4 in nf_tables. This
118		- chain type is used to perform Network Address Translation (NAT)
119		- packet transformations such as the source, destination address and
120		- source and destination ports.
121		-
122		-config NFT_MASQ_IPV4
123		- tristate "IPv4 masquerading support for nf_tables"
124		- depends on NF_TABLES_IPV4
125		- depends on NFT_MASQ
126		- select NF_NAT_MASQUERADE_IPV4
127		- help
128		- This is the expression that provides IPv4 masquerading support for
129		- nf_tables.
130		-
131		-config NFT_REDIR_IPV4
132		- tristate "IPv4 redirect support for nf_tables"
133		- depends on NF_TABLES_IPV4
134		- depends on NFT_REDIR
135		- select NF_NAT_REDIRECT
136		- help
137		- This is the expression that provides IPv4 redirect support for
138		- nf_tables.
139		-endif # NF_TABLES
140		-
	90	+if NF_NAT
141	91	config NF_NAT_SNMP_BASIC
142	92	tristate "Basic SNMP-ALG support"
143	93	depends on NF_CONNTRACK_SNMP
144	94	depends on NETFILTER_ADVANCED
145	95	default NF_NAT && NF_CONNTRACK_SNMP
146	96	select ASN1
147		- ---help---
	97	+ help
148	98
149	99	This module implements an Application Layer Gateway (ALG) for
150	100	SNMP payloads. In conjunction with NAT, it allows a network
..	..	@@ -156,22 +106,17 @@
156	106
157	107	To compile it as a module, choose M here. If unsure, say N.
158	108
159		-config NF_NAT_PROTO_GRE
160		- tristate
161		- depends on NF_CT_PROTO_GRE
162		-
163	109	config NF_NAT_PPTP
164	110	tristate
165	111	depends on NF_CONNTRACK
166	112	default NF_CONNTRACK_PPTP
167		- select NF_NAT_PROTO_GRE
168	113
169	114	config NF_NAT_H323
170	115	tristate
171	116	depends on NF_CONNTRACK
172	117	default NF_CONNTRACK_H323
173	118
174		-endif # NF_NAT_IPV4
	119	+endif # NF_NAT
175	120
176	121	config IP_NF_IPTABLES
177	122	tristate "IP tables support (required for filtering/masq/NAT)"
..	..	@@ -201,7 +146,7 @@
201	146	tristate '"ecn" match support'
202	147	depends on NETFILTER_ADVANCED
203	148	select NETFILTER_XT_MATCH_ECN
204		- ---help---
	149	+ help
205	150	This is a backwards-compat option for the user's convenience
206	151	(e.g. when running oldconfig). It selects
207	152	CONFIG_NETFILTER_XT_MATCH_ECN.
..	..	@@ -210,7 +155,7 @@
210	155	tristate '"rpfilter" reverse path filter match support'
211	156	depends on NETFILTER_ADVANCED
212	157	depends on IP_NF_MANGLE \|\| IP_NF_RAW
213		- ---help---
	158	+ help
214	159	This option allows you to match packets whose replies would
215	160	go out via the interface the packet came in.
216	161
..	..	@@ -221,7 +166,7 @@
221	166	tristate '"ttl" match support'
222	167	depends on NETFILTER_ADVANCED
223	168	select NETFILTER_XT_MATCH_HL
224		- ---help---
	169	+ help
225	170	This is a backwards-compat option for the user's convenience
226	171	(e.g. when running oldconfig). It selects
227	172	CONFIG_NETFILTER_XT_MATCH_HL.
..	..	@@ -268,7 +213,6 @@
268	213	depends on NF_CONNTRACK
269	214	default m if NETFILTER_ADVANCED=n
270	215	select NF_NAT
271		- select NF_NAT_IPV4
272	216	select NETFILTER_XT_NAT
273	217	help
274	218	This enables the `nat' table in iptables. This allows masquerading,
..	..	@@ -281,22 +225,16 @@
281	225
282	226	config IP_NF_TARGET_MASQUERADE
283	227	tristate "MASQUERADE target support"
284		- select NF_NAT_MASQUERADE_IPV4
285		- default m if NETFILTER_ADVANCED=n
	228	+ select NETFILTER_XT_TARGET_MASQUERADE
286	229	help
287		- Masquerading is a special case of NAT: all outgoing connections are
288		- changed to seem to come from a particular interface's address, and
289		- if the interface goes down, those connections are lost. This is
290		- only useful for dialup accounts with dynamic IP address (ie. your IP
291		- address will be different on next dialup).
292		-
293		- To compile it as a module, choose M here. If unsure, say N.
	230	+ This is a backwards-compat option for the user's convenience
	231	+ (e.g. when running oldconfig). It selects NETFILTER_XT_TARGET_MASQUERADE.
294	232
295	233	config IP_NF_TARGET_NETMAP
296	234	tristate "NETMAP target support"
297	235	depends on NETFILTER_ADVANCED
298	236	select NETFILTER_XT_TARGET_NETMAP
299		- ---help---
	237	+ help
300	238	This is a backwards-compat option for the user's convenience
301	239	(e.g. when running oldconfig). It selects
302	240	CONFIG_NETFILTER_XT_TARGET_NETMAP.
..	..	@@ -305,7 +243,7 @@
305	243	tristate "REDIRECT target support"
306	244	depends on NETFILTER_ADVANCED
307	245	select NETFILTER_XT_TARGET_REDIRECT
308		- ---help---
	246	+ help
309	247	This is a backwards-compat option for the user's convenience
310	248	(e.g. when running oldconfig). It selects
311	249	CONFIG_NETFILTER_XT_TARGET_REDIRECT.
..	..	@@ -334,16 +272,16 @@
334	272	The CLUSTERIP target allows you to build load-balancing clusters of
335	273	network servers without having a dedicated load-balancing
336	274	router/server/switch.
337		-
	275	+
338	276	To compile it as a module, choose M here. If unsure, say N.
339	277
340	278	config IP_NF_TARGET_ECN
341	279	tristate "ECN target support"
342	280	depends on IP_NF_MANGLE
343	281	depends on NETFILTER_ADVANCED
344		- ---help---
	282	+ help
345	283	This option adds a `ECN' target, which can be used in the iptables mangle
346		- table.
	284	+ table.
347	285
348	286	You can use this target to remove the ECN bits from the IPv4 header of
349	287	an IP packet. This is particularly useful, if you need to work around
..	..	@@ -356,7 +294,7 @@
356	294	tristate '"TTL" target support'
357	295	depends on NETFILTER_ADVANCED && IP_NF_MANGLE
358	296	select NETFILTER_XT_TARGET_HL
359		- ---help---
	297	+ help
360	298	This is a backwards-compatible option for the user's convenience
361	299	(e.g. when running oldconfig). It selects
362	300	CONFIG_NETFILTER_XT_TARGET_HL.
..	..	@@ -368,9 +306,9 @@
368	306	This option adds a `raw' table to iptables. This table is the very
369	307	first in the netfilter framework and hooks in at the PREROUTING
370	308	and OUTPUT chains.
371		-
	309	+
372	310	If you want to compile it as a module, say M here and read
373		- <file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
	311	+ <file:Documentation/kbuild/modules.rst>. If unsure, say `N'.
374	312
375	313	# security table for MAC policy
376	314	config IP_NF_SECURITY
..	..	@@ -380,7 +318,7 @@
380	318	help
381	319	This option adds a `security' table to iptables, for use
382	320	with Mandatory Access Control (MAC) policy.
383		-
	321	+
384	322	If unsure, say N.
385	323
386	324	endif # IP_NF_IPTABLES