-
n8v8R authored
closes https://gitlab.labs.nic.cz/turris/turris-build/issues/64 # CONFIG_NETFILTER_XT_TARGET_HMARK This option adds the "HMARK" target. The target allows you to create rules in the "raw" and "mangle" tables which set the skbuff mark by means of hash calculation within a given range. The nfmark can influence the routing method and can also be used by other subsystems to change their behaviour. # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP This option adds a "TCPOPTSTRIP" target, which allows you to strip TCP options from TCP packets. # CONFIG_NETFILTER_XT_MATCH_CGROUP Socket/process control group matching allows you to match locally generated packets based on which net_cls control group processes belong to. # CONFIG_NETFILTER_XT_MATCH_IPCOMP This match extension allows you to match a range of CPIs(16 bits) inside IPComp header of IPSec packets. # CONFIG_NETFILTER_XT_MATCH_L2TP This option adds an "L2TP" match, which allows you to match against L2TP protocol header fields. # CONFIG_NETFILTER_XT_MATCH_OSF This option selects the Passive OS Fingerprinting match module that allows to passively match the remote operating system by analyzing incoming TCP SYN packets. Rules and loading software can be downloaded from http://www.ioremap.net/projects/osf # CONFIG_NETFILTER_XT_MATCH_SCTP With this option enabled, you will be able to use the `sctp' match in order to match on SCTP source/destination ports and SCTP chunk types.
n8v8R authoredcloses https://gitlab.labs.nic.cz/turris/turris-build/issues/64 # CONFIG_NETFILTER_XT_TARGET_HMARK This option adds the "HMARK" target. The target allows you to create rules in the "raw" and "mangle" tables which set the skbuff mark by means of hash calculation within a given range. The nfmark can influence the routing method and can also be used by other subsystems to change their behaviour. # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP This option adds a "TCPOPTSTRIP" target, which allows you to strip TCP options from TCP packets. # CONFIG_NETFILTER_XT_MATCH_CGROUP Socket/process control group matching allows you to match locally generated packets based on which net_cls control group processes belong to. # CONFIG_NETFILTER_XT_MATCH_IPCOMP This match extension allows you to match a range of CPIs(16 bits) inside IPComp header of IPSec packets. # CONFIG_NETFILTER_XT_MATCH_L2TP This option adds an "L2TP" match, which allows you to match against L2TP protocol header fields. # CONFIG_NETFILTER_XT_MATCH_OSF This option selects the Passive OS Fingerprinting match module that allows to passively match the remote operating system by analyzing incoming TCP SYN packets. Rules and loading software can be downloaded from http://www.ioremap.net/projects/osf # CONFIG_NETFILTER_XT_MATCH_SCTP With this option enabled, you will be able to use the `sctp' match in order to match on SCTP source/destination ports and SCTP chunk types.
Loading