diff --git a/extensions/ACCOUNT/xt_ACCOUNT.Kconfig b/extensions/ACCOUNT/xt_ACCOUNT.Kconfig deleted file mode 100644 index 6fb5b12..0000000 --- a/extensions/ACCOUNT/xt_ACCOUNT.Kconfig +++ /dev/null @@ -1,13 +0,0 @@ -config NETFILTER_XT_TARGET_ACCOUNT - tristate "ACCOUNT target support" - depends on NETFILTER_XTABLES - ---help--- - This module implements an ACCOUNT target - - The ACCOUNT target is a high performance accounting system for large - local networks. It allows per-IP accounting in whole prefixes of IPv4 - addresses with size of up to /8 without the need to add individual - accouting rule for each IP address. - - For more information go to: - http://www.intra2net.com/de/produkte/opensource/ipt_account/ diff --git a/extensions/pknock/xt_pknock.Kconfig b/extensions/pknock/xt_pknock.Kconfig deleted file mode 100644 index 7969c38..0000000 --- a/extensions/pknock/xt_pknock.Kconfig +++ /dev/null @@ -1,13 +0,0 @@ -config NETFILTER_XT_MATCH_PKNOCK - tristate "Port knocking match support" - depends on NETFILTER_XTABLES && CONNECTOR - ---help--- - pknock match implements so-called Port Knocking, a stealthy system - for network authentication: client sends packets to selected, closed - ports on target machine in a specific sequence. The target machine - (which has pknock match rule set up) then decides whether to - unblock or block (again) its protected port with listening - service. This can be, for instance, used to avoid brute force attacks - on ssh or ftp services. - - For more informations go to: http://portknocko.berlios.de/ diff --git a/extensions/xt_CHAOS.Kconfig b/extensions/xt_CHAOS.Kconfig deleted file mode 100644 index 2b07276..0000000 --- a/extensions/xt_CHAOS.Kconfig +++ /dev/null @@ -1,9 +0,0 @@ -config NETFILTER_XT_TARGET_CHAOS - tristate '"CHAOS" target support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - depends on NETFILTER_XT_TARGET_DELUDE || NETFILTER_XT_TARGET_TARPIT - depends on CONFIG_IP_NF_TARGET_REJECT - ---help--- - The CHAOS target is a module to report back false results to nmap - scans by randomly switching between DELUDE/TARPIT, REJECT and DROP - behavior. diff --git a/extensions/xt_DELUDE.Kconfig b/extensions/xt_DELUDE.Kconfig deleted file mode 100644 index 163dd48..0000000 --- a/extensions/xt_DELUDE.Kconfig +++ /dev/null @@ -1,6 +0,0 @@ -config NETFILTER_XT_TARGET_DELUDE - tristate '"DELUDE" target support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - ---help--- - The DELUDE target acknowledges connection initiations but forcibly - closes on any other packet, therefore making the port look open. diff --git a/extensions/xt_DHCPMAC.Kconfig b/extensions/xt_DHCPMAC.Kconfig deleted file mode 100644 index 59a14cc..0000000 --- a/extensions/xt_DHCPMAC.Kconfig +++ /dev/null @@ -1,8 +0,0 @@ -config NETFILTER_XT_DHCPMAC - tristate '"DHCPMAC" DHCP address matching and manipulation support' - depends on NETFILTER_XTABLES - depends on IP_NF_MANGLE || IP6_NF_MANGLE - ---help--- - The DHCPMAC extensions allows to match and change the MAC address in - a DHCP packet, so as to work around VMware's "inability" to use MAC - addresses from a vendor different than VMware at boot time. diff --git a/extensions/xt_ECHO.Kconfig b/extensions/xt_ECHO.Kconfig deleted file mode 100644 index 0c06757..0000000 --- a/extensions/xt_ECHO.Kconfig +++ /dev/null @@ -1,6 +0,0 @@ -config NETFILTER_XT_TARGET_ECHO - tristate '"ECHO" sample target' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - ---help--- - The ECHO target provides a demonstrational implementation of an - Xtables target implementing RFC 862 for UDP. diff --git a/extensions/xt_IPMARK.Kconfig b/extensions/xt_IPMARK.Kconfig deleted file mode 100644 index 021cde3..0000000 --- a/extensions/xt_IPMARK.Kconfig +++ /dev/null @@ -1,12 +0,0 @@ -config NETFILTER_XT_TARGET_IPMARK - tristate '"IPMARK" target support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - depends on IP_NF_MANGLE || IP6_NF_MANGLE - ---help--- - This option adds an "IPMARK" target, which allows you to create - rules in the "mangle" table which alter the netfilter mark field - basing on the source or destination ip address of the packet. - This is very useful for very fast massive shaping -- using only one - rule you can direct packets to houndreds different queues. You - will probably find it helpful only if your linux machine acts as a - shaper for many others computers. diff --git a/extensions/xt_LOGMARK.Kconfig b/extensions/xt_LOGMARK.Kconfig deleted file mode 100644 index 3743010..0000000 --- a/extensions/xt_LOGMARK.Kconfig +++ /dev/null @@ -1,6 +0,0 @@ -config NETFILTER_XT_TARGET_LOGMARK - tristate '"LOGMARK" target support' - depends on NETFILTER_XTABLES - ---help--- - This option adds a "LOGMARK" target which allows you to look at the - netfilter marks and secmark of the packet and connection. diff --git a/extensions/xt_RAWNAT.Kconfig b/extensions/xt_RAWNAT.Kconfig deleted file mode 100644 index 8324c40..0000000 --- a/extensions/xt_RAWNAT.Kconfig +++ /dev/null @@ -1,8 +0,0 @@ -config NETFILTER_XT_TARGET_RAWNAT - tristate '"RAWNAT" raw address translation w/o conntrack' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - depends on IP_NF_RAW || IP_NF6_RAW - ---help--- - This option adds the RAWSNAT and RAWDNAT targets which can do Network - Address Translation (no port translation) without requiring Netfilter - connection tracking. diff --git a/extensions/xt_SYSRQ.Kconfig b/extensions/xt_SYSRQ.Kconfig deleted file mode 100644 index c92fec6..0000000 --- a/extensions/xt_SYSRQ.Kconfig +++ /dev/null @@ -1,8 +0,0 @@ -config NETFILTER_XT_TARGET_SYSRQ - tristate '"SYSRQ" target support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - ---help--- - The SYSRQ target allows to remotely trigger sysrq on the - local machine over the network. This can be useful when vital - parts of the machine hang and sysrq cannot be triggered - through, for example, the shell. diff --git a/extensions/xt_TARPIT.Kconfig b/extensions/xt_TARPIT.Kconfig deleted file mode 100644 index 4884566..0000000 --- a/extensions/xt_TARPIT.Kconfig +++ /dev/null @@ -1,22 +0,0 @@ -config NETFILTER_XT_TARGET_TARPIT - tristate '"TARPIT" target support' - depends on NETFILTER_XTABLES - ---help--- - Adds a TARPIT target to iptables, which captures and holds incoming TCP - connections using no local per-connection resources. Connections are - accepted, but immediately switched to the persist state (0 byte - window), in which the remote side stops sending data and asks to - continue every 60-240 seconds. Attempts to close the connection are - ignored, forcing the remote side to time out the connection in 12-24 - minutes. - - This offers similar functionality to LaBrea - , but does not require dedicated - hardware or IPs. Any TCP port that you would normally DROP or REJECT - can instead become a tar pit or honeypot. All 3 modes may be used - in iptables rules interchangably and simultaneously. - - A honeypot option is available which will answer connections normally - and allow the remote to send data packets that may be captured in a - pcap for later analysis. A reset mode is also available that will only - send an inline reset (RST). diff --git a/extensions/xt_TEE.Kconfig b/extensions/xt_TEE.Kconfig deleted file mode 100644 index 894c019..0000000 --- a/extensions/xt_TEE.Kconfig +++ /dev/null @@ -1,9 +0,0 @@ -config NETFILTER_XT_TARGET_TEE - tristate '"TEE" target support' - depends on NETFILTER_XTABLES - depends on NETFILTER_ADVANCED - depends on IP_NF_MANGLE || IP6_NF_MANGLE - ---help--- - This option adds a "TEE" target, which enables you to duplicate - packets and route those duplicates to a different gateway. - The target has to be used inside the mangle table. diff --git a/extensions/xt_condition.Kconfig b/extensions/xt_condition.Kconfig deleted file mode 100644 index 896a2c9..0000000 --- a/extensions/xt_condition.Kconfig +++ /dev/null @@ -1,6 +0,0 @@ -config NETFILTER_XT_MATCH_CONDITION - tristate '"condition" match support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - ---help--- - This option allows you to match firewall rules against condition - variables stored in the /proc/net/nf_condition directory. diff --git a/extensions/xt_fuzzy.Kconfig b/extensions/xt_fuzzy.Kconfig deleted file mode 100644 index 7e1232e..0000000 --- a/extensions/xt_fuzzy.Kconfig +++ /dev/null @@ -1,6 +0,0 @@ -config NETFILTER_XT_MATCH_FUZZY - tristate '"fuzzy" match support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - ---help--- - This extension allows you to match on packets according to a fuzzy - logic based law. diff --git a/extensions/xt_geoip.Kconfig b/extensions/xt_geoip.Kconfig deleted file mode 100644 index 7dd0f8f..0000000 --- a/extensions/xt_geoip.Kconfig +++ /dev/null @@ -1,10 +0,0 @@ -config NETFILTER_XT_MATCH_GEOIP - tristate '"geoip" match support' - depends on NETFILTER_XTABLES - ---help--- - This option allows you to match a packet by its source or destination - country. Basically, you need a country's database containing all - subnets and associated countries. - - For the complete procedure and understanding, read: - http://people.netfilter.org/acidfu/geoip/howto/geoip-HOWTO.html diff --git a/extensions/xt_ipp2p.Kconfig b/extensions/xt_ipp2p.Kconfig deleted file mode 100644 index ef29447..0000000 --- a/extensions/xt_ipp2p.Kconfig +++ /dev/null @@ -1,6 +0,0 @@ -config NETFILTER_XT_MATCH_IPP2P - tristate '"ipp2p" match support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - ---help--- - This option makes possible to match some P2P packets - therefore helps controlling such traffic. diff --git a/extensions/xt_ipv4options.Kconfig b/extensions/xt_ipv4options.Kconfig deleted file mode 100644 index 9ef0f92..0000000 --- a/extensions/xt_ipv4options.Kconfig +++ /dev/null @@ -1,6 +0,0 @@ -config NETFILTER_XT_MATCH_IPV4OPTIONS - tristate '"ipv4options" IPv4 option match support' - depends on NETFILTER_XTABLES - ---help--- - The ipv4options match can be used to check on the presence or absence - of one or move IPv4 options. diff --git a/extensions/xt_length2.Kconfig b/extensions/xt_length2.Kconfig deleted file mode 100644 index 3e8b5b5..0000000 --- a/extensions/xt_length2.Kconfig +++ /dev/null @@ -1,7 +0,0 @@ -config NETFILTER_XT_MATCH_LENGTH2 - tristate '"length2" match support' - depends on NETFILTER_XTABLES - ---help--- - This option adds the "length2" match which is an advanced form of - xt_length that allows unambiguous layer-4/-5/-7 length matching. It is - useful to detect empty packets or for aiding in packet scheduling. diff --git a/extensions/xt_lscan.Kconfig b/extensions/xt_lscan.Kconfig deleted file mode 100644 index a6879c6..0000000 --- a/extensions/xt_lscan.Kconfig +++ /dev/null @@ -1,8 +0,0 @@ -config NETFILTER_XT_MATCH_LSCAN - tristate '"lscan" match support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - ---help--- - The LSCAN match allows to match on the basic types of nmap - scans: Stealth Scan, SYN scan and connect scan. It can also match - "grab-only" connections, i.e. where data flows in only one - direction. diff --git a/extensions/xt_psd.Kconfig b/extensions/xt_psd.Kconfig deleted file mode 100644 index d6254a5..0000000 --- a/extensions/xt_psd.Kconfig +++ /dev/null @@ -1,6 +0,0 @@ -config NETFILTER_XT_MATCH_PSD - tristate 'psd match support' - depends on NETFILTER_XTABLES && NETFILTER_ADVANCED - ---help--- - This option adds a `psd' match, which allows you to create rules in - any iptables table wich will detect TCP and UDP port scans. diff --git a/extensions/xt_quota2.Kconfig b/extensions/xt_quota2.Kconfig deleted file mode 100644 index e2a1b1c..0000000 --- a/extensions/xt_quota2.Kconfig +++ /dev/null @@ -1,9 +0,0 @@ -config NETFILTER_XT_MATCH_QUOTA2 - tristate '"quota2" match support' - depends on NETFILTER_XTABLES - ---help--- - This option adds the "quota2" match which is an advanced form of - xt_quota that also allows counting upwards, and where the counter can - be set through procfs. This allows for simple interfacing of - accounting information. It also allows for a test mode without changing - the quota value.