Documentation Updates

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1736 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 00:34:04 +01:00 · 2004-11-02 19:18:40 +00:00 · 2004-11-02 19:18:40 +00:00 · b1a3ce39a3
commit b1a3ce39a3
parent 29e3991465
3 changed files with 214 additions and 88 deletions
--- a/Shorewall-docs2/PPTP.xml
+++ b/Shorewall-docs2/PPTP.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2004-05-22</pubdate>
+    <pubdate>2004-11-02</pubdate>
    <copyright>
      <year>2001</year>
@ -35,10 +35,21 @@
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
-      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
+      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
      License</ulink></quote>.</para>
    </legalnotice>
    <revhistory>
      <revision>
        <revnumber>1.4</revnumber>
        <date>2004-11-02</date>
        <authorinitials>TE</authorinitials>
        <revremark>Added link to Greg Kops's tutorial.</revremark>
      </revision>
      <revision>
        <revnumber>1.3</revnumber>
@ -46,7 +57,8 @@
        <authorinitials>TE</authorinitials>
-        <revremark>Warning about PPTP conntrack patch and GRE tunnels.</revremark>
+        <revremark>Warning about PPTP conntrack patch and GRE
        tunnels.</revremark>
      </revision>
      <revision>
@ -56,7 +68,8 @@
        <authorinitials>TE</authorinitials>
-        <revremark>Revised instructions regarding PPTP conntrack patch.</revremark>
+        <revremark>Revised instructions regarding PPTP conntrack
        patch.</revremark>
      </revision>
      <revision>
@ -66,12 +79,14 @@
        <authorinitials>TE</authorinitials>
-        <revremark>Added note about PPTP module support in Bering 1.2</revremark>
+        <revremark>Added note about PPTP module support in Bering
        1.2</revremark>
      </revision>
    </revhistory>
    <abstract>
-      <para>Shorewall easily supports PPTP in a number of configurations.</para>
+      <para>Shorewall easily supports PPTP in a number of
      configurations.</para>
    </abstract>
  </articleinfo>
@ -80,8 +95,9 @@
    <note>
      <para>I am no longer attempting to maintain MPPE patches for current
-      Linux kernel&#39;s and pppd. I recommend that you refer to the following
+      Linux kernel's and pppd. I recommend that you refer to the following
-      URLs for information about installing MPPE into your kernel and pppd.</para>
+      URLs for information about installing MPPE into your kernel and
      pppd.</para>
    </note>
    <para>The <ulink url="http://pptpclient.sourceforge.net">Linux PPTP client
@ -89,12 +105,13 @@
    connections where your Linux system is the PPTP client. This is what I
    currently use. I am no longer running PoPToP but rather I use the PPTP
    Server included with XP Professional (see <ulink
-    url="PPTP.htm#ServerBehind">PPTP Server running behind your Firewall</ulink>
+    url="PPTP.htm#ServerBehind">PPTP Server running behind your
-    below).</para>
+    Firewall</ulink> below).</para>
    <variablelist>
      <varlistentry>
-        <term><ulink url="http://pptpclient.sourceforge.net">http://pptpclient.sourceforge.net</ulink></term>
+        <term><ulink
        url="http://pptpclient.sourceforge.net">http://pptpclient.sourceforge.net</ulink></term>
        <listitem>
          <para>Everything you need to run a PPTP client.</para>
@ -102,13 +119,23 @@
      </varlistentry>
      <varlistentry>
-        <term><ulink url="http://www.poptop.org">http://www.poptop.org</ulink></term>
+        <term><ulink
        url="http://www.poptop.org">http://www.poptop.org</ulink></term>
        <listitem>
          <para>The <quote>kernelmod</quote> package can be used to quickly
          install MPPE into your kernel without rebooting.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><ulink
        url="http://devel.elucid8design.com/el8/devel/tutorials/pptp.php">http://devel.elucid8design.com/el8/devel/tutorials/pptp.php</ulink></term>
        <listitem>
          <para>A nice tutorial for installing a PPTP server on Fedora.</para>
        </listitem>
      </varlistentry>
    </variablelist>
    <para>I am leaving the instructions for building MPPE-enabled kernels and
@ -120,8 +147,8 @@
    <title>PPTP Server Running on your Firewall</title>
    <para>I will try to give you an idea of how to set up a PPTP server on
-    your firewall system. This isn&#39;t a detailed HOWTO but rather an
+    your firewall system. This isn't a detailed HOWTO but rather an example of
-    example of how I have set up a working PPTP server on my own firewall.</para>
+    how I have set up a working PPTP server on my own firewall.</para>
    <para>The steps involved are:</para>
@ -181,15 +208,15 @@
      parent directory):</para>
      <programlisting>cd ppp-2.4.1
-patch -p1 &#60; ../ppp-2.4.0-openssl-0.9.6-mppe.patch
+patch -p1 &lt; ../ppp-2.4.0-openssl-0.9.6-mppe.patch
-patch -p1 &#60; ../ppp-2.4.1-MSCHAPv2-fix.patch
+patch -p1 &lt; ../ppp-2.4.1-MSCHAPv2-fix.patch
-(Optional) patch -p1 &#60; ../require-mppe.diff
+(Optional) patch -p1 &lt; ../require-mppe.diff
 ./configure
 make</programlisting>
      <para>You will need to install the resulting binary on your firewall
-      system. To do that, I NFS mount my source filesystem and use
+      system. To do that, I NFS mount my source filesystem and use <quote>make
-      <quote>make install</quote> from the ppp-2.4.1 directory.</para>
+      install</quote> from the ppp-2.4.1 directory.</para>
    </section>
    <section id="PatchKernel">
@ -207,8 +234,8 @@ make</programlisting>
      <para>Uncompress the patch into the same directory where your top-level
      kernel source is located and:</para>
-      <programlisting>cd &#60;your GNU/Linux source top-level directory&#62;
+      <programlisting>cd &lt;your GNU/Linux source top-level directory&gt;
-patch -p1 &#60; ../linux-2.4.16-openssl-0.9.6b-mppe.patch</programlisting>
+patch -p1 &lt; ../linux-2.4.16-openssl-0.9.6b-mppe.patch</programlisting>
      <para>Now configure your kernel. Here is my ppp configuration:</para>
@ -297,12 +324,12 @@ require-mppe-stateless</programlisting>
        </itemizedlist>
      </note>
-      <para>Here&#39;s my /etc/ppp/chap-secrets:</para>
+      <para>Here's my /etc/ppp/chap-secrets:</para>
      <programlisting>Secrets for authentication using CHAP
 # client        server    secret    IP addresses
-CPQTDM\\TEastep *         &#60;shhhhhh&#62; 192.168.1.7
+CPQTDM\\TEastep *         &lt;shhhhhh&gt; 192.168.1.7
-TEastep         *         &#60;shhhhhh&#62; 192.168.1.7</programlisting>
+TEastep         *         &lt;shhhhhh&gt; 192.168.1.7</programlisting>
      <para>I am the only user who connects to the server but I may connect
      either with or without a domain being specified. The system I connect
@ -338,7 +365,7 @@ remoteip 192.168.1.33-38</programlisting>
          </listitem>
          <listitem>
-            <para>The local IP is the same as my internal interface&#39;s
+            <para>The local IP is the same as my internal interface's
            (192.168.1.254).</para>
          </listitem>
@ -362,9 +389,9 @@ remoteip 192.168.1.33-38</programlisting>
 # description: control pptp server
 #
-case &#34;$1&#34; in
+case "$1" in
 start)
-    echo 1 &#62; /proc/sys/net/ipv4/ip_forward
+    echo 1 &gt; /proc/sys/net/ipv4/ip_forward
    modprobe ppp_async
    modprobe ppp_generic
    modprobe ppp_mppe
@ -387,7 +414,7 @@ status)
    ifconfig
    ;;
 *)
-    echo &#34;Usage: $0 {start|stop|restart|status}&#34;
+    echo "Usage: $0 {start|stop|restart|status}"
    ;;
 esac</programlisting>
    </section>
@ -398,11 +425,11 @@ esac</programlisting>
      <section>
        <title>Basic Setup</title>
-        <para>Here&#39; a basic setup that treats your remote users as if they
+        <para>Here' a basic setup that treats your remote users as if they
        were part of your <emphasis role="bold">loc</emphasis> zone. Note that
        if your primary internet connection uses ppp0, then be sure that
-        <emphasis role="bold">loc</emphasis> follows <emphasis role="bold">net</emphasis>
+        <emphasis role="bold">loc</emphasis> follows <emphasis
-        in /etc/shorewall/zones.</para>
+        role="bold">net</emphasis> in /etc/shorewall/zones.</para>
        <table>
          <title>/etc/shorewall/tunnels</title>
@ -606,12 +633,14 @@ esac</programlisting>
        <para>Often there will be situations where you want multiple
        connections from remote networks with these networks having different
-        firewalling requirements.<graphic fileref="images/MultiPPTP.png" /></para>
+        firewalling requirements.<graphic
        fileref="images/MultiPPTP.png" /></para>
-        <para>Here&#39;s how you configure this in Shorewall. Note that if
+        <para>Here's how you configure this in Shorewall. Note that if your
-        your primary internet connection uses ppp0 then be sure that the
+        primary internet connection uses ppp0 then be sure that the <emphasis
-        <emphasis role="bold">vpn{1-3}</emphasis> zones follows <emphasis
+        role="bold">vpn{1-3}</emphasis> zones follows <emphasis
-        role="bold">net</emphasis> in /etc/shorewall/zones as shown below.</para>
+        role="bold">net</emphasis> in /etc/shorewall/zones as shown
        below.</para>
        <table>
          <title>/etc/shorewall/tunnels</title>
@ -833,7 +862,7 @@ esac</programlisting>
            <entry>net</entry>
-            <entry>loc:&#60;<emphasis>server address</emphasis>&#62;</entry>
+            <entry>loc:&lt;<emphasis>server address</emphasis>&gt;</entry>
            <entry>tcp</entry>
@ -849,7 +878,7 @@ esac</programlisting>
            <entry>net</entry>
-            <entry>loc:&#60;<emphasis>server address</emphasis>&#62;</entry>
+            <entry>loc:&lt;<emphasis>server address</emphasis>&gt;</entry>
            <entry>47</entry>
@ -864,8 +893,8 @@ esac</programlisting>
    </table>
    <para>If you have multiple external IP address and you want to forward a
-    single &#60;<emphasis>external address</emphasis>&#62;, add the following
+    single &lt;<emphasis>external address</emphasis>&gt;, add the following to
-    to your /etc/shorewall/rules file:</para>
+    your /etc/shorewall/rules file:</para>
    <table>
      <title>/etc/shorewall/rules</title>
@ -895,7 +924,7 @@ esac</programlisting>
            <entry>net</entry>
-            <entry>loc:&#60;<emphasis>server address</emphasis>&#62;</entry>
+            <entry>loc:&lt;<emphasis>server address</emphasis>&gt;</entry>
            <entry>tcp</entry>
@ -903,7 +932,7 @@ esac</programlisting>
            <entry>-</entry>
-            <entry>&#60;<emphasis>external address</emphasis>&#62;</entry>
+            <entry>&lt;<emphasis>external address</emphasis>&gt;</entry>
          </row>
          <row>
@ -911,7 +940,7 @@ esac</programlisting>
            <entry>net</entry>
-            <entry>loc:&#60;<emphasis>server address</emphasis>&#62;</entry>
+            <entry>loc:&lt;<emphasis>server address</emphasis>&gt;</entry>
            <entry>47</entry>
@ -919,7 +948,7 @@ esac</programlisting>
            <entry>-</entry>
-            <entry>&#60;<emphasis>external address</emphasis>&#62;</entry>
+            <entry>&lt;<emphasis>external address</emphasis>&gt;</entry>
          </row>
        </tbody>
      </tgroup>
@ -929,10 +958,10 @@ esac</programlisting>
  <section id="ClientsBehind">
    <title>PPTP Clients Running Behind your Firewall</title>
-    <para>You shouldn&#39;t have to take any special action for this case
+    <para>You shouldn't have to take any special action for this case unless
-    unless you wish to connect multiple clients to the same external server.
+    you wish to connect multiple clients to the same external server. In that
-    In that case, you must install the PPTP connection/tracking and NAT patch
+    case, you must install the PPTP connection/tracking and NAT patch from
-    from <ulink url="http://www.netfilter.org">Netfilter Patch-O-Mati</ulink>c
+    <ulink url="http://www.netfilter.org">Netfilter Patch-O-Mati</ulink>c
    (some distributions are now shipping with this patch installed). I
    recommend that you also add these four lines to your
    /etc/shorewall/modules file:</para>
@ -1127,7 +1156,8 @@ loadmodule ip_nat_proto_gre</programlisting>
    </table>
    <table>
-      <title>/etc/shorewall/tunnels (For Shorewall versions 1.3.10 and later)</title>
+      <title>/etc/shorewall/tunnels (For Shorewall versions 1.3.10 and
      later)</title>
      <tgroup cols="4">
        <thead>
@ -1160,13 +1190,13 @@ loadmodule ip_nat_proto_gre</programlisting>
    <quote>cpq</quote> zone because I also run a PPTP server on my firewall
    (see above). Using this technique allows me to distinguish clients of my
    own PPTP server from arbitrary hosts at Compaq; I assign addresses in
-    192.168.1.0/24 to my PPTP clients and Compaq doesn&#39;t use that RFC1918
+    192.168.1.0/24 to my PPTP clients and Compaq doesn't use that RFC1918
    Class C subnet.</para>
    <para>I use this script in /etc/init.d to control the client. The reason
-    that I disable ECN when connecting is that the Compaq tunnel servers
+    that I disable ECN when connecting is that the Compaq tunnel servers don't
-    don&#39;t do ECN yet and reject the initial TCP connection request if I
+    do ECN yet and reject the initial TCP connection request if I enable ECN
-    enable ECN :-(</para>
+    :-(</para>
    <programlisting>#!/bin/sh
 #
@ -1175,48 +1205,48 @@ loadmodule ip_nat_proto_gre</programlisting>
 # chkconfig: 5 60 85
 # description: PPTP Link Control
 #
-NAME=&#34;Tandem&#34;
+NAME="Tandem"
 ADDRESS=tunnel-tandem.compaq.com
-USER=&#39;Tandem\tommy&#39;
+USER='Tandem\tommy'
 ECN=0
 DEBUG=
 start_pptp() {
-    echo $ECN &#62; /proc/sys/net/ipv4/tcp_ecn
+    echo $ECN &gt; /proc/sys/net/ipv4/tcp_ecn
    if /usr/sbin/pptp $ADDRESS user $USER noauth $DEBUG; then
        touch /var/lock/subsys/pptp
-        echo &#34;PPTP Connection to $NAME Started&#34;
+        echo "PPTP Connection to $NAME Started"
    fi
 }
 stop_pptp() {
-    if killall /usr/sbin/pptp 2&#62; /dev/null; then
+    if killall /usr/sbin/pptp 2&gt; /dev/null; then
-        echo &#34;Stopped pptp&#34;
+        echo "Stopped pptp"
    else
        rm -f /var/run/pptp/*
    fi
    # if killall pppd; then
-    # echo &#34;Stopped pppd&#34;
+    # echo "Stopped pppd"
    # fi
    rm -f /var/lock/subsys/pptp
-    echo 1 &#62; /proc/sys/net/ipv4/tcp_ecn
+    echo 1 &gt; /proc/sys/net/ipv4/tcp_ecn
 }
-case &#34;$1&#34; in
+case "$1" in
 start)
-    echo &#34;Starting PPTP Connection to ${NAME}...&#34;
+    echo "Starting PPTP Connection to ${NAME}..."
    start_pptp
    ;;
 stop)
-    echo &#34;Stopping $NAME PPTP Connection...&#34;
+    echo "Stopping $NAME PPTP Connection..."
    stop_pptp
    ;;
 restart)
-    echo &#34;Restarting $NAME PPTP Connection...&#34;
+    echo "Restarting $NAME PPTP Connection..."
    stop_pptp
    start_pptp
    ;;
@ -1224,11 +1254,11 @@ status)
    ifconfig
    ;;
 *)
-    echo &#34;Usage: $0 {start|stop|restart|status}&#34;
+    echo "Usage: $0 {start|stop|restart|status}"
    ;;
 esac</programlisting>
-    <para>Here&#39;s my /etc/ppp/options file:</para>
+    <para>Here's my /etc/ppp/options file:</para>
    <programlisting>#
 # Identify this connection
@ -1239,7 +1269,7 @@ ipparam Compaq
 #
 lock
 #
-# We don&#39;t need the tunnel server to authenticate itself
+# We don't need the tunnel server to authenticate itself
 #
 noauth
@ -1250,7 +1280,7 @@ noauth
 multilink
 mrru 1614
 #
-# Turn off transmission protocols we know won&#39;t be used
+# Turn off transmission protocols we know won't be used
 #
 nobsdcomp
 nodeflate
@ -1295,19 +1325,19 @@ restart_pptp() {
    /sbin/service pptp stop
    sleep 10
    if /sbin/service pptp start; then
-        /usr/bin/logger &#34;PPTP Restarted&#34;
+        /usr/bin/logger "PPTP Restarted"
    fi
 }
-if [ -n &#34;`ps ax | grep /usr/sbin/pptp | grep -v grep`&#34; ]; then
+if [ -n "`ps ax | grep /usr/sbin/pptp | grep -v grep`" ]; then
    exit 0
 fi
-echo &#34;Attempting to restart PPTP&#34;
+echo "Attempting to restart PPTP"
-restart_pptp &#62; /dev/null 2&#62;&#38;1 &#38;</programlisting>
+restart_pptp &gt; /dev/null 2&gt;&amp;1 &amp;</programlisting>
-    <para><ulink url="ftp://ftp.shorewall.net/pub/shorewall/misc/Vonau">Here&#39;s
+    <para><ulink url="ftp://ftp.shorewall.net/pub/shorewall/misc/Vonau">Here's
    a scriptand corresponding ip-up.local</ulink> from Jerry Vonau
    <email>jvonau@home.com</email> that controls two PPTP connections.</para>
  </section>
@ -1323,7 +1353,8 @@ restart_pptp &#62; /dev/null 2&#62;&#38;1 &#38;</programlisting>
    PPTP (interface ppp0). If you have this type of setup, you need to modify
    the sample configuration that you downloaded as described in this section.
    <emphasis role="bold">These changes are in addition to those described in
-    the <ulink url="shorewall_quickstart_guide.htm">QuickStart Guides</ulink>.</emphasis></para>
+    the <ulink url="shorewall_quickstart_guide.htm">QuickStart
    Guides</ulink>.</emphasis></para>
    <para>Lets assume the following:</para>
--- a/Shorewall-docs2/images/netfilter2.6.png
+++ b/Shorewall-docs2/images/netfilter2.6.png
--- a/Shorewall-docs2/kernel.xml
+++ b/Shorewall-docs2/kernel.xml
@ -15,7 +15,7 @@
      </author>
    </authorgroup>
-    <pubdate>2004-05-19</pubdate>
+    <pubdate>2004-11-01</pubdate>
    <copyright>
      <year>2001-2004</year>
@ -29,25 +29,27 @@
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
-      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
+      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
      License</ulink></quote>.</para>
    </legalnotice>
  </articleinfo>
  <note>
    <para>For information regarding configuring and building GNU/Linux
-    kernels, see <ulink url="http://www.kernelnewbies.org">http://www.kernelnewbies.org</ulink>.</para>
+    kernels, see <ulink
    url="http://www.kernelnewbies.org">http://www.kernelnewbies.org</ulink>.</para>
  </note>
  <section>
    <title>Network Options Configuration</title>
-    <para>Here&#39;s a screen shot of my Network Options Configuration:<graphic
+    <para>Here's a screen shot of my Network Options Configuration:<graphic
    align="center" fileref="images/netopts.jpg" /></para>
-    <para>While not all of the options that I&#39;ve selected are required,
+    <para>While not all of the options that I've selected are required, they
-    they should be sufficient for most applications. Here&#39;s an excerpt
+    should be sufficient for most applications. Here's an excerpt from the
-    from the corresponding .config file (Note: If you are running a kernel
+    corresponding .config file (Note: If you are running a kernel older than
-    older than 2.4.17, be sure to select CONFIG_NETLINK and CONFIG_RTNETLINK):</para>
+    2.4.17, be sure to select CONFIG_NETLINK and CONFIG_RTNETLINK):</para>
    <blockquote>
      <programlisting>#
@ -84,19 +86,19 @@
  <section>
    <title>Netfilter Configuration</title>
-    <para>Here&#39;s a screen shot of my Netfilter configuration:<graphic
+    <para>Here's a screen shot of my Netfilter configuration:<graphic
    align="center" fileref="images/menuconfig1.jpg" /></para>
    <para>Note that I have built everything I need as modules. You can also
    build everything into your kernel but if you want to be able to deal with
-    FTP running on a non-standard port then you <emphasis role="bold">must</emphasis>
+    FTP running on a non-standard port then you <emphasis
-    modularize FTP Protocol support.</para>
+    role="bold">must</emphasis> modularize FTP Protocol support.</para>
-    <para>Here&#39;s the corresponding part of my .config file:</para>
+    <para>Here's the corresponding part of my .config file:</para>
    <blockquote>
      <programlisting>#
-#&#x00A0;&#x00A0; IP: Netfilter Configuration
+#&nbsp;&nbsp; IP: Netfilter Configuration
 #
 CONFIG_IP_NF_CONNTRACK=m
 CONFIG_IP_NF_FTP=m
@ -148,4 +150,97 @@ CONFIG_IP_NF_ARPFILTER=m
 # CONFIG_IP_NF_COMPAT_IPFWADM is not set</programlisting>
    </blockquote>
  </section>
  <section>
    <title>Kernel 2.6 Netfilter Options</title>
    <para>Here's a screenshot of my modularized 2.6 Kernel config (Navigation:
    Device Drivers → Networking Support → Networking Options → Network Packet
    Filtering (replaces ipchains) → IP: Netfilter configuration):</para>
    <graphic align="center" fileref="images/netfilter2.6.png" valign="middle" />
    <para>Here is the corresponding part of the .config file:</para>
    <blockquote>
      <programlisting>CONFIG_IP_NF_CONNTRACK=m
 CONFIG_IP_NF_FTP=m
 CONFIG_IP_NF_IRC=m
 CONFIG_IP_NF_TFTP=m
 CONFIG_IP_NF_AMANDA=m
 CONFIG_IP_NF_QUEUE=m
 CONFIG_IP_NF_IPTABLES=m
 CONFIG_IP_NF_MATCH_LIMIT=m
 CONFIG_IP_NF_MATCH_IPRANGE=m
 CONFIG_IP_NF_MATCH_MAC=m
 CONFIG_IP_NF_MATCH_PKTTYPE=m
 CONFIG_IP_NF_MATCH_MARK=m
 CONFIG_IP_NF_MATCH_MULTIPORT=m
 CONFIG_IP_NF_MATCH_TOS=m
 CONFIG_IP_NF_MATCH_RECENT=m
 CONFIG_IP_NF_MATCH_ECN=m
 CONFIG_IP_NF_MATCH_DSCP=m
 CONFIG_IP_NF_MATCH_AH_ESP=m
 CONFIG_IP_NF_MATCH_LENGTH=m
 CONFIG_IP_NF_MATCH_TTL=m
 CONFIG_IP_NF_MATCH_TCPMSS=m
 CONFIG_IP_NF_MATCH_HELPER=m
 CONFIG_IP_NF_MATCH_STATE=m
 CONFIG_IP_NF_MATCH_CONNTRACK=m
 CONFIG_IP_NF_MATCH_OWNER=m
 CONFIG_IP_NF_MATCH_PHYSDEV=m
 CONFIG_IP_NF_FILTER=m
 CONFIG_IP_NF_TARGET_REJECT=m
 CONFIG_IP_NF_NAT=m
 CONFIG_IP_NF_NAT_NEEDED=y
 CONFIG_IP_NF_TARGET_MASQUERADE=m
 CONFIG_IP_NF_TARGET_REDIRECT=m
 CONFIG_IP_NF_TARGET_NETMAP=m
 CONFIG_IP_NF_TARGET_SAME=m
 CONFIG_IP_NF_NAT_LOCAL=y
 CONFIG_IP_NF_NAT_SNMP_BASIC=m
 CONFIG_IP_NF_NAT_IRC=m
 CONFIG_IP_NF_NAT_FTP=m
 CONFIG_IP_NF_NAT_TFTP=m
 CONFIG_IP_NF_NAT_AMANDA=m
 CONFIG_IP_NF_MANGLE=m
 CONFIG_IP_NF_TARGET_TOS=m
 CONFIG_IP_NF_TARGET_ECN=m
 CONFIG_IP_NF_TARGET_DSCP=m
 CONFIG_IP_NF_TARGET_MARK=m
 CONFIG_IP_NF_TARGET_CLASSIFY=m
 CONFIG_IP_NF_TARGET_LOG=m
 CONFIG_IP_NF_TARGET_ULOG=m
 CONFIG_IP_NF_TARGET_TCPMSS=m
 # CONFIG_IP_NF_ARPTABLES is not set
 # CONFIG_IP_NF_COMPAT_IPCHAINS is not set
 # CONFIG_IP_NF_COMPAT_IPFWADM is not set
 # CONFIG_IP_NF_RAW is not set
 CONFIG_IP_NF_MATCH_ADDRTYPE=m
 # CONFIG_IP_NF_MATCH_REALM is not set
 CONFIG_IP6_NF_QUEUE=m
 CONFIG_IP6_NF_IPTABLES=m
 CONFIG_IP6_NF_MATCH_LIMIT=m
 CONFIG_IP6_NF_MATCH_MAC=m
 CONFIG_IP6_NF_MATCH_RT=m
 CONFIG_IP6_NF_MATCH_OPTS=m
 CONFIG_IP6_NF_MATCH_FRAG=m
 CONFIG_IP6_NF_MATCH_HL=m
 CONFIG_IP6_NF_MATCH_MULTIPORT=m
 CONFIG_IP6_NF_MATCH_OWNER=m
 CONFIG_IP6_NF_MATCH_MARK=m
 CONFIG_IP6_NF_MATCH_IPV6HEADER=m
 CONFIG_IP6_NF_MATCH_AHESP=m
 CONFIG_IP6_NF_MATCH_LENGTH=m
 CONFIG_IP6_NF_MATCH_EUI64=m
 CONFIG_IP6_NF_FILTER=m
 CONFIG_IP6_NF_TARGET_LOG=m
 CONFIG_IP6_NF_MANGLE=m
 CONFIG_IP6_NF_TARGET_MARK=m
 # CONFIG_IP6_NF_RAW is not set
 CONFIG_DECNET_NF_GRABULATOR=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 </programlisting>
    </blockquote>
  </section>
 </article>