mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-22 07:33:43 +01:00
Kernel configuration update
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6867 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
f57e5a6cfa
commit
39ed4ee27e
BIN
docs/images/kernel-2.6.20-1.png
Normal file
BIN
docs/images/kernel-2.6.20-1.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 63 KiB |
BIN
docs/images/kernel-2.6.20-2.png
Normal file
BIN
docs/images/kernel-2.6.20-2.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 60 KiB |
BIN
docs/images/kernel-2.6.20-3.png
Normal file
BIN
docs/images/kernel-2.6.20-3.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 53 KiB |
116
docs/kernel.xml
116
docs/kernel.xml
@ -348,4 +348,120 @@ CONFIG_IP_NF_ARP_MANGLE=m
|
||||
</programlisting>
|
||||
</blockquote>
|
||||
</section>
|
||||
|
||||
<section id="v2.6.20">
|
||||
<title>Kernel 2.6.20 and Later Netfilter Options</title>
|
||||
|
||||
<para>Beginning with kernel 2.6.20, the Netfilter kernel configuration was
|
||||
completely changed. It is split into "Core Netfilter Configuration" and
|
||||
"IP Netfilter Configuration". The next graphic shows how I have configured
|
||||
the Core options -- these are the standard Ubuntu settings.</para>
|
||||
|
||||
<para>The next two graphics show the Core Configuration settings - these
|
||||
are the standard Ubuntu setting with the exception of CONNTRACK Target
|
||||
support (Ubuntu inexplicably includes conntrack match support but not
|
||||
CONNTRACK target support). The two graphics show mostly the same
|
||||
information but the configuration menu is slignly larger than my display
|
||||
so I captured it in two images.<graphic
|
||||
fileref="images/kernel-2.6.20-1.png" /><graphic
|
||||
fileref="images/kernel-2.6.20-2.png" />The next graphic shows the IP
|
||||
Netfilter Configuration -- these are the standard Ubuntu settions.<graphic
|
||||
fileref="images/kernel-2.6.20-3.png" />Here is the corresponding CONFIG
|
||||
file exerpt.<programlisting>CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
|
||||
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
|
||||
CONFIG_NETFILTER_XT_TARGET_DSCP=m
|
||||
CONFIG_NETFILTER_XT_TARGET_MARK=m
|
||||
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
|
||||
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
|
||||
# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
|
||||
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
|
||||
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
|
||||
CONFIG_NETFILTER_XT_MATCH_DCCP=m
|
||||
CONFIG_NETFILTER_XT_MATCH_DSCP=m
|
||||
CONFIG_NETFILTER_XT_MATCH_ESP=m
|
||||
CONFIG_NETFILTER_XT_MATCH_HELPER=m
|
||||
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
|
||||
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
|
||||
CONFIG_NETFILTER_XT_MATCH_MAC=m
|
||||
CONFIG_NETFILTER_XT_MATCH_MARK=m
|
||||
CONFIG_NETFILTER_XT_MATCH_POLICY=m
|
||||
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
|
||||
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
|
||||
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
|
||||
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
|
||||
CONFIG_NETFILTER_XT_MATCH_REALM=m
|
||||
CONFIG_NETFILTER_XT_MATCH_SCTP=m
|
||||
CONFIG_NETFILTER_XT_MATCH_STATE=m
|
||||
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
|
||||
CONFIG_NETFILTER_XT_MATCH_STRING=m
|
||||
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
|
||||
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
|
||||
CONFIG_NF_CONNTRACK_SUPPORT=y
|
||||
CONFIG_NF_CONNTRACK_ENABLED=m
|
||||
# CONFIG_IP_NF_CONNTRACK_SUPPORT is not set
|
||||
CONFIG_NF_CONNTRACK=m
|
||||
CONFIG_NF_CT_ACCT=y
|
||||
CONFIG_NF_CONNTRACK_MARK=y
|
||||
CONFIG_NF_CONNTRACK_SECMARK=y
|
||||
CONFIG_NF_CONNTRACK_EVENTS=y
|
||||
CONFIG_NF_CT_PROTO_GRE=m
|
||||
CONFIG_NF_CT_PROTO_SCTP=m
|
||||
CONFIG_NF_CONNTRACK_AMANDA=m
|
||||
CONFIG_NF_CONNTRACK_FTP=m
|
||||
CONFIG_NF_CONNTRACK_H323=m
|
||||
CONFIG_NF_CONNTRACK_IRC=m
|
||||
CONFIG_NF_CONNTRACK_NETBIOS_NS=m
|
||||
CONFIG_NF_CONNTRACK_PPTP=m
|
||||
CONFIG_NF_CONNTRACK_SIP=m
|
||||
CONFIG_NF_CONNTRACK_TFTP=m
|
||||
CONFIG_NF_CT_NETLINK=m
|
||||
CONFIG_NF_CONNTRACK_IPV4=m
|
||||
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
|
||||
CONFIG_IP_NF_QUEUE=m
|
||||
CONFIG_IP_NF_IPTABLES=m
|
||||
CONFIG_IP_NF_MATCH_IPRANGE=m
|
||||
CONFIG_IP_NF_MATCH_TOS=m
|
||||
CONFIG_IP_NF_MATCH_RECENT=m
|
||||
CONFIG_IP_NF_MATCH_ECN=m
|
||||
CONFIG_IP_NF_MATCH_AH=m
|
||||
CONFIG_IP_NF_MATCH_TTL=m
|
||||
CONFIG_IP_NF_MATCH_OWNER=m
|
||||
CONFIG_IP_NF_MATCH_ADDRTYPE=m
|
||||
CONFIG_IP_NF_FILTER=m
|
||||
CONFIG_IP_NF_TARGET_REJECT=m
|
||||
CONFIG_IP_NF_TARGET_LOG=m
|
||||
CONFIG_IP_NF_TARGET_ULOG=m
|
||||
CONFIG_IP_NF_TARGET_TCPMSS=m
|
||||
CONFIG_NF_NAT=m
|
||||
CONFIG_NF_NAT_NEEDED=y
|
||||
CONFIG_IP_NF_TARGET_MASQUERADE=m
|
||||
CONFIG_IP_NF_TARGET_REDIRECT=m
|
||||
CONFIG_IP_NF_TARGET_NETMAP=m
|
||||
CONFIG_IP_NF_TARGET_SAME=m
|
||||
CONFIG_NF_NAT_SNMP_BASIC=m
|
||||
CONFIG_NF_NAT_PROTO_GRE=m
|
||||
CONFIG_NF_NAT_FTP=m
|
||||
CONFIG_NF_NAT_IRC=m
|
||||
CONFIG_NF_NAT_TFTP=m
|
||||
CONFIG_NF_NAT_AMANDA=m
|
||||
CONFIG_NF_NAT_PPTP=m
|
||||
CONFIG_NF_NAT_H323=m
|
||||
CONFIG_NF_NAT_SIP=m
|
||||
CONFIG_IP_NF_MANGLE=m
|
||||
CONFIG_IP_NF_TARGET_TOS=m
|
||||
CONFIG_IP_NF_TARGET_ECN=m
|
||||
CONFIG_IP_NF_TARGET_TTL=m
|
||||
CONFIG_IP_NF_TARGET_CLUSTERIP=m
|
||||
CONFIG_IP_NF_RAW=m
|
||||
CONFIG_IP_NF_ARPTABLES=m
|
||||
CONFIG_IP_NF_ARPFILTER=m
|
||||
CONFIG_IP_NF_ARP_MANGLE=m
|
||||
</programlisting></para>
|
||||
|
||||
<para></para>
|
||||
</section>
|
||||
</article>
|
||||
Loading…
Reference in New Issue
Block a user