Lines Matching refs:a
88 Connection tracking keeps a record of what packets have passed
96 To compile it as a module, choose M here. If unsure, say N.
105 This is a simpler but less flexible logging method compared to
141 Normally, each connection needs to have a unique system wide
162 provide a notifier chain that can be used by other kernel code
236 To compile it as a module, choose M here. If unsure, say N.
248 To compile it as a module, choose M here. If unsure, say N.
255 H.323 is a VoIP signalling protocol from ITU-T. As one of the most
260 With this module you can support H.323 on a connection tracking/NAT
268 To compile it as a module, choose M here. If unsure, say N.
274 There is a commonly-used extension to IRC called
277 of a server. DCC Sending is used anywhere you send files over IRC,
283 To compile it as a module, choose M here. If unsure, say N.
305 To compile it as a module, choose M here. If unsure, say N.
320 To compile it as a module, choose M here. If unsure, say N.
330 If you are running PPTP sessions over a stateful firewall or NAT
336 in PNS->PAC direction. This is a violation of RFC2637.
337 - Only supports a single call within each session
339 To compile it as a module, choose M here. If unsure, say N.
345 SANE is a protocol for remote access to scanners as implemented
349 With this module you can support SANE on a connection tracking
352 To compile it as a module, choose M here. If unsure, say N.
361 the nf_nat_sip modules you can support the protocol on a connection
364 To compile it as a module, choose M here. If unsure, say N.
372 If you are using a tftp client behind -j SNAT or -j MASQUERADING
375 To compile it as a module, choose M here. If unsure, say N.
382 This option enables support for a netlink-based userspace interface
473 provides a pseudo-state machine with an extensible instruction-set
480 To compile it as a module, choose M here.
489 This option enables support for a mixed IPv4/IPv6 "inet" table.
500 incremental counting and random numbers bound to a upper limit.
615 a hash operation on registers.
635 of a packets security association.
643 This option allows matching for the presence or absence of a
723 To compile it as a module, choose M here.
733 To compile it as a module, choose M here.
756 This option provides a translation layer to run 32bit arp,ip(6),ebtables
795 Netfilter allows you to store a mark value per connection (a.k.a.
809 To compile it as a module, choose M here. If unsure, say N.
820 This option adds a 'AUDIT' target, which can be used to create
823 To compileit as a module, choose M here. If unsure, say N.
830 This option adds a `CHECKSUM' target, which can be used in the iptables mangle
837 when such packets are sent via a virtual network device.
839 To compile it as a module, choose M here. If unsure, say N.
845 This option adds a `CLASSIFY' target, which enables the user to set
846 the priority of a packet. Some qdiscs can use this value for
851 To compile it as a module, choose M here. If unsure, say N.
859 This is a backwards-compat option for the user's convenience
873 To compile it as a module, choose M here. If unsure, say N.
881 This options adds a `CT' target, which allows to specify initial
885 To compile it as a module, choose M here. If unsure, say N.
892 This option adds a `DSCP' target, which allows you to manipulate
901 To compile it as a module, choose M here. If unsure, say N.
926 which set the skbuff mark by means of hash calculation within a given
930 To compile it as a module, choose M here. If unsure, say N.
939 added. When the timer expires, it triggers a sysfs notification.
942 To compile it as a module, choose M here. If unsure, say N.
949 This option adds a `LED' target, which allows you to blink LEDs in
952 This can be used to turn a spare LED into a network activity LED,
954 you could have an LED which lights up for a minute or two every time
974 This option adds a `LOG' target, which allows you to create rules in
977 To compile it as a module, choose M here. If unsure, say N.
984 This is a backwards-compat option for the user's convenience
994 To compile it as a module, choose M here. If unsure, say N.
1004 To compile it as a module, choose M here. If unsure, say N.
1014 To compile it as a module, choose M here. If unsure, say N.
1026 To compile it as a module, choose M here. If unsure, say N.
1039 This option adds a `RATEEST' target, which allows to measure
1043 To compile it as a module, choose M here. If unsure, say N.
1050 REDIRECT is a special case of NAT: all incoming connections are
1055 To compile it as a module, choose M here. If unsure, say N.
1063 Masquerading is a special case of NAT: all outgoing connections are
1064 changed to seem to come from a particular interface's address, and
1069 To compile it as a module, choose M here. If unsure, say N.
1080 This option adds a "TEE" target with which a packet can be cloned and
1095 This option adds a `TPROXY' target, which is somewhat similar to
1097 to redirect traffic to a transparent proxy. It does _not_ depend
1103 To compile it as a module, choose M here. If unsure, say N.
1114 If you want to compile it as a module, say M here and read
1125 To compile it as a module, choose M here. If unsure, say N.
1132 This option adds a `TCPMSS' target, which allows you to alter the
1146 Workaround: activate this option and add a rule to your firewall
1152 To compile it as a module, choose M here. If unsure, say N.
1159 This option adds a "TCPOPTSTRIP" target, which allows you to strip
1173 If you want to compile it as a module, say M here and read
1180 BPF matching applies a linux socket filter to each packet and
1183 To compile it as a module, choose M here. If unsure, say N.
1201 network servers/stateful firewalls without having a dedicated
1215 This option adds a `comment' dummy-match, which allows you to put
1218 If you want to compile it as a module, say M here and read
1226 This option adds a `connbytes' match, which allows you to match the
1227 number of bytes and/or packets for each direction within a connection.
1229 If you want to compile it as a module, say M here and read
1239 to a connection. The kernel only stores bit values - mapping
1242 Unlike connmark, more than 32 flag bits may be assigned to a
1252 connections to a server per client IP address (or address block).
1260 This is a backwards-compat option for the user's convenience
1269 This is a general conntrack match module, a superset of the state match.
1275 To compile it as a module, choose M here. If unsure, say N.
1284 To compile it as a module, choose M here. If unsure, say N.
1295 If you want to compile it as a module, say M here and read
1302 This options adds a `devgroup' match, which allows to match on the
1303 device group a network device is assigned to.
1305 To compile it as a module, choose M here. If unsure, say N.
1311 This option adds a `DSCP' match, which allows you to match against
1316 It will also add a "tos" match, which allows you to match packets
1320 To compile it as a module, choose M here. If unsure, say N.
1329 To compile it as a module, choose M here. If unsure, say N.
1335 This match extension allows you to match a range of SPIs
1338 To compile it as a module, choose M here. If unsure, say N.
1345 This option adds a `hashlimit' match.
1347 As opposed to `limit', this match dynamically creates a hash table
1353 with a single rule.
1361 tracked by a conntrack-helper, ie. nf_conntrack_ftp
1363 To compile it as a module, choose M here. If unsure, say Y.
1377 This match extension allows you to match a range of CPIs(16 bits)
1380 To compile it as a module, choose M here. If unsure, say N.
1386 This option adds a "iprange" match, which allows you to match based on
1398 This option allows you to match against IPVS properties of a packet.
1410 To compile it as a module, choose M here. If unsure, say N.
1416 This option allows you to match the length of a packet against a
1419 To compile it as a module, choose M here. If unsure, say N.
1425 limit matching allows you to control the rate at which a rule can be
1429 To compile it as a module, choose M here. If unsure, say N.
1438 To compile it as a module, choose M here. If unsure, say N.
1445 This is a backwards-compat option for the user's convenience
1454 a series of source or destination ports: normally a rule can only
1455 match a single range of ports.
1457 To compile it as a module, choose M here. If unsure, say N.
1467 To compile it as a module, choose M here. If unsure, say N.
1481 To compile it as a module, choose M here. If unsure, say N.
1489 possible to check whether a socket actually exists.
1500 To compile it as a module, choose M here. If unsure, say N.
1510 To compile it as a module, choose M here. If unsure, say N.
1516 Packet type matching allows you to match a packet by
1522 To compile it as a module, choose M here. If unsure, say N.
1528 This option adds a `quota' match, which allows to match on a
1531 If you want to compile it as a module, say M here and read
1539 This option adds a `rateest' match, which allows to match on the
1542 To compile it as a module, choose M here. If unsure, say N.
1549 This option adds a `realm' match, which allows you to use the realm
1555 If you want to compile it as a module, say M here and read
1577 If you want to compile it as a module, say M here and read
1591 This option adds a `socket' match, which can be used to match
1592 packets for which a TCP or UDP socket lookup finds a valid socket.
1596 To compile it as a module, choose M here. If unsure, say N.
1604 relationship to a tracked connection (ie. previous packets). This
1605 is a powerful tool for packet classification.
1607 To compile it as a module, choose M here. If unsure, say N.
1613 This option adds a `statistic' match, which allows you to match
1614 on packets periodically or randomly with a given percentage.
1616 To compile it as a module, choose M here. If unsure, say N.
1626 This option adds a `string' match, which allows you to look for
1629 To compile it as a module, choose M here. If unsure, say N.
1635 This option adds a `tcpmss' match, which allows you to examine the
1639 To compile it as a module, choose M here. If unsure, say N.
1645 This option adds a "time" match, which allows you to match based on
1652 If you want to compile it as a module, say M here.
1659 u32 allows you to extract quantities of up to 4 bytes from a packet,
1661 test whether the results are in any of a set of specified ranges.