2006-01-21 00:34:19 +01:00
|
|
|
#
|
|
|
|
# Shorewall version 3.2 - Capabilities File
|
|
|
|
#
|
|
|
|
# /etc/shorewall/capabilities
|
|
|
|
#
|
|
|
|
# This file is used when compiling with the -e flag. It specifies
|
2006-01-21 00:50:45 +01:00
|
|
|
# the capabilities of the kernel/iptables on the target system.
|
2006-01-21 00:34:19 +01:00
|
|
|
# The capabilities are listed in the same order as they appear in
|
|
|
|
# the output of "shorewall show capabilities". If the capability
|
|
|
|
# is available, set the corresponding variable to "Yes". Otherwise
|
|
|
|
# leave it empty.
|
|
|
|
|
|
|
|
NAT_ENABLED=Yes # NAT
|
|
|
|
MANGLE_ENABLED=Yes # Packet Mangling
|
|
|
|
CONNTRACK_MATCH=Yes # Connection Tracking Match
|
|
|
|
USEPKTTYPE= # Packet Type Match
|
|
|
|
MULTIPORT=Yes # Multi-port Match
|
|
|
|
XMULTIPORT=Yes # Extended Multi-port Match
|
|
|
|
POLICY_MATCH=Yes # Policy Match
|
|
|
|
PHYSDEV_MATCH=Yes # Physdev Match
|
|
|
|
LENGTH_MATCH=Yes # Packet Length Match
|
|
|
|
IPRANGE_MATCH=Yes # IP range Match
|
|
|
|
RECENT_MATCH=Yes # Recent Match
|
|
|
|
OWNER_MATCH=Yes # Owner match
|
|
|
|
IPSET_MATCH= # Ipset Match
|
|
|
|
CONNMARK=Yes # CONNMARK Target
|
|
|
|
CONNMARK_MATCH=Yes # Connmark Match
|
|
|
|
RAW_TABLE=Yes # Raw Table
|
|
|
|
IPP2P_MATCH= # IPP2P Match
|
|
|
|
CLASSIFY_TARGET=Yes # CLASSIFY Target
|
|
|
|
ENHANCED_REJECT=Yes # Extended REJECT
|