xref: /linux/net/netfilter/ipset/Kconfig (revision 9a87ffc99ec8eb8d35eed7c4f816d75f5cc9662e)
1# SPDX-License-Identifier: GPL-2.0-only
2menuconfig IP_SET
3	tristate "IP set support"
4	depends on INET && NETFILTER
5	select NETFILTER_NETLINK
6	help
7	  This option adds IP set support to the kernel.
8	  In order to define and use the sets, you need the userspace utility
9	  ipset(8). You can use the sets in netfilter via the "set" match
10	  and "SET" target.
11
12	  To compile it as a module, choose M here.  If unsure, say N.
13
14if IP_SET
15
16config IP_SET_MAX
17	int "Maximum number of IP sets"
18	default 256
19	range 2 65534
20	depends on IP_SET
21	help
22	  You can define here default value of the maximum number
23	  of IP sets for the kernel.
24
25	  The value can be overridden by the 'max_sets' module
26	  parameter of the 'ip_set' module.
27
28config IP_SET_BITMAP_IP
29	tristate "bitmap:ip set support"
30	depends on IP_SET
31	help
32	  This option adds the bitmap:ip set type support, by which one
33	  can store IPv4 addresses (or network addresses) from a range.
34
35	  To compile it as a module, choose M here.  If unsure, say N.
36
37config IP_SET_BITMAP_IPMAC
38	tristate "bitmap:ip,mac set support"
39	depends on IP_SET
40	help
41	  This option adds the bitmap:ip,mac set type support, by which one
42	  can store IPv4 address and (source) MAC address pairs from a range.
43
44	  To compile it as a module, choose M here.  If unsure, say N.
45
46config IP_SET_BITMAP_PORT
47	tristate "bitmap:port set support"
48	depends on IP_SET
49	help
50	  This option adds the bitmap:port set type support, by which one
51	  can store TCP/UDP port numbers from a range.
52
53	  To compile it as a module, choose M here.  If unsure, say N.
54
55config IP_SET_HASH_IP
56	tristate "hash:ip set support"
57	depends on IP_SET
58	help
59	  This option adds the hash:ip set type support, by which one
60	  can store arbitrary IPv4 or IPv6 addresses (or network addresses)
61	  in a set.
62
63	  To compile it as a module, choose M here.  If unsure, say N.
64
65config IP_SET_HASH_IPMARK
66	tristate "hash:ip,mark set support"
67	depends on IP_SET
68	help
69	  This option adds the hash:ip,mark set type support, by which one
70	  can store IPv4/IPv6 address and mark pairs.
71
72	  To compile it as a module, choose M here.  If unsure, say N.
73
74config IP_SET_HASH_IPPORT
75	tristate "hash:ip,port set support"
76	depends on IP_SET
77	help
78	  This option adds the hash:ip,port set type support, by which one
79	  can store IPv4/IPv6 address and protocol/port pairs.
80
81	  To compile it as a module, choose M here.  If unsure, say N.
82
83config IP_SET_HASH_IPPORTIP
84	tristate "hash:ip,port,ip set support"
85	depends on IP_SET
86	help
87	  This option adds the hash:ip,port,ip set type support, by which
88	  one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6
89	  address triples in a set.
90
91	  To compile it as a module, choose M here.  If unsure, say N.
92
93config IP_SET_HASH_IPPORTNET
94	tristate "hash:ip,port,net set support"
95	depends on IP_SET
96	help
97	  This option adds the hash:ip,port,net set type support, by which
98	  one can store IPv4/IPv6 address, protocol/port, and IPv4/IPv6
99	  network address/prefix triples in a set.
100
101	  To compile it as a module, choose M here.  If unsure, say N.
102
103config IP_SET_HASH_IPMAC
104	tristate "hash:ip,mac set support"
105	depends on IP_SET
106	help
107	  This option adds the hash:ip,mac set type support, by which
108	  one can store IPv4/IPv6 address and MAC (ethernet address) pairs in a set.
109
110	  To compile it as a module, choose M here.  If unsure, say N.
111
112config IP_SET_HASH_MAC
113	tristate "hash:mac set support"
114	depends on IP_SET
115	help
116	  This option adds the hash:mac set type support, by which
117	  one can store MAC (ethernet address) elements in a set.
118
119	  To compile it as a module, choose M here.  If unsure, say N.
120
121config IP_SET_HASH_NETPORTNET
122	tristate "hash:net,port,net set support"
123	depends on IP_SET
124	help
125	  This option adds the hash:net,port,net set type support, by which
126	  one can store two IPv4/IPv6 subnets, and a protocol/port in a set.
127
128	  To compile it as a module, choose M here.  If unsure, say N.
129
130config IP_SET_HASH_NET
131	tristate "hash:net set support"
132	depends on IP_SET
133	help
134	  This option adds the hash:net set type support, by which
135	  one can store IPv4/IPv6 network address/prefix elements in a set.
136
137	  To compile it as a module, choose M here.  If unsure, say N.
138
139config IP_SET_HASH_NETNET
140	tristate "hash:net,net set support"
141	depends on IP_SET
142	help
143	  This option adds the hash:net,net  set type support, by which
144	  one can store IPv4/IPv6 network address/prefix pairs in a set.
145
146	  To compile it as a module, choose M here.  If unsure, say N.
147
148config IP_SET_HASH_NETPORT
149	tristate "hash:net,port set support"
150	depends on IP_SET
151	help
152	  This option adds the hash:net,port set type support, by which
153	  one can store IPv4/IPv6 network address/prefix and
154	  protocol/port pairs as elements in a set.
155
156	  To compile it as a module, choose M here.  If unsure, say N.
157
158config IP_SET_HASH_NETIFACE
159	tristate "hash:net,iface set support"
160	depends on IP_SET
161	help
162	  This option adds the hash:net,iface set type support, by which
163	  one can store IPv4/IPv6 network address/prefix and
164	  interface name pairs as elements in a set.
165
166	  To compile it as a module, choose M here.  If unsure, say N.
167
168config IP_SET_LIST_SET
169	tristate "list:set set support"
170	depends on IP_SET
171	help
172	  This option adds the list:set set type support. In this
173	  kind of set one can store the name of other sets and it forms
174	  an ordered union of the member sets.
175
176	  To compile it as a module, choose M here.  If unsure, say N.
177
178endif # IP_SET
179