[redhat] New configs in net/netfilter
Fixes: RHEL-106884
Fixes: RHEL-106885
Hi,
As part of the ongoing rebase effort, the following configuration options need to be reviewed.
As a reminder, the ARK configuration flow involves moving unreviewed configuration options from the pending directory to the ark directory. In the diff below, options are removed from the pending directory and added to the ark hierarchy. The final options that need to be ACKed are the files that are being added to the ark hierarchy.
If the value for a file that is added should be changed, please reply with a better option.
Symbol: NETFILTER_XTABLES_LEGACY [=n]
Type : bool
Defined at net/netfilter/Kconfig:761
Prompt: Netfilter legacy tables support
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=y] && !PREEMPT_RT [=n]
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> Core Netfilter Configuration
-> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])
-> Netfilter legacy tables support (NETFILTER_XTABLES_LEGACY [=n])
Commit: 9fce6658 (netfilter: Exclude LEGACY TABLES on PREEMPT_RT.)
Symbol: NETFILTER_XT_NAT [=n]
Type : tristate
Defined at net/netfilter/Kconfig:988
Prompt: "SNAT and DNAT" targets support
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=y] && NF_NAT [=m]
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> Core Netfilter Configuration
-> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])
-> "SNAT and DNAT" targets support (NETFILTER_XT_NAT [=n])
Selected by [n]:
- IP_NF_NAT [=n] && NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && NF_CONNTRACK [=m] && IP_NF_IPTABLES_LEGACY [=n]
- IP6_NF_NAT [=n] && NET [=y] && INET [=y] && IPV6 [=y] && NETFILTER [=y] && IP6_NF_IPTABLES [=m] && NF_CONNTRACK [=m] && NETFILTER_ADVANCED [=y] && IP6_NF_IPTABLES_LEGACY [=n]
Commit: 84a59ca5 (netfilter: add explicit Kconfig for NETFILTER_XT_NAT)
Symbol: NETFILTER_XT_TARGET_HL [=n]
Type : tristate
Defined at net/netfilter/Kconfig:903
Prompt: "HL" hoplimit target support
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=y] && (IP_NF_MANGLE [=n] || IP6_NF_MANGLE [=n] || NFT_COMPAT [=m]) && NETFILTER_ADVANCED [=y]
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> Core Netfilter Configuration
-> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])
-> "HL" hoplimit target support (NETFILTER_XT_TARGET_HL [=n])
Selected by [n]:
- IP_NF_TARGET_TTL [=n] && NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && NETFILTER_ADVANCED [=y] && IP_NF_MANGLE [=n]
- IP6_NF_TARGET_HL [=n] && NET [=y] && INET [=y] && IPV6 [=y] && NETFILTER [=y] && IP6_NF_IPTABLES [=m] && NETFILTER_ADVANCED [=y] && IP6_NF_MANGLE [=n]
Commit: 563d36eb (netfilter: Combine ipt_TTL and ip6t_HL source)
Symbol: NETFILTER_XT_TARGET_MASQUERADE [=n]
Type : tristate
Defined at net/netfilter/Kconfig:1057
Prompt: MASQUERADE target support
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=y] && NF_NAT [=m]
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> Core Netfilter Configuration
-> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])
-> MASQUERADE target support (NETFILTER_XT_TARGET_MASQUERADE [=n])
Selects: NF_NAT_MASQUERADE [=y]
Selected by [n]:
- IP_NF_TARGET_MASQUERADE [=n] && NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && IP_NF_NAT [=n]
- IP6_NF_TARGET_MASQUERADE [=n] && NET [=y] && INET [=y] && IPV6 [=y] && NETFILTER [=y] && IP6_NF_IPTABLES [=m] && IP6_NF_NAT [=n]
Commit: adf82acc (netfilter: x_tables: merge ip and ipv6 masquerade modules)
Symbol: NETFILTER_XT_TARGET_NETMAP [=n]
Type : tristate
Defined at net/netfilter/Kconfig:996
Prompt: "NETMAP" target support
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=y] && NF_NAT [=m]
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> Core Netfilter Configuration
-> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])
-> "NETMAP" target support (NETFILTER_XT_TARGET_NETMAP [=n])
Selected by [n]:
- IP_NF_TARGET_NETMAP [=n] && NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && IP_NF_NAT [=n] && NETFILTER_ADVANCED [=y]
Commit: b3d54b3e (netfilter: combine ipt_NETMAP and ip6t_NETMAP)
Symbol: NETFILTER_XT_TARGET_REDIRECT [=n]
Type : tristate
Defined at net/netfilter/Kconfig:1045
Prompt: REDIRECT target support
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=y] && NF_NAT [=m]
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> Core Netfilter Configuration
-> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=y])
-> REDIRECT target support (NETFILTER_XT_TARGET_REDIRECT [=n])
Selects: NF_NAT_REDIRECT [=y]
Selected by [n]:
- IP_NF_TARGET_REDIRECT [=n] && NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=m] && IP_NF_NAT [=n] && NETFILTER_ADVANCED [=y]
Commit: 2cbc78a2 (netfilter: combine ipt_REDIRECT and ip6t_REDIRECT)
Symbol: NFT_EXTHDR_DCCP [=n]
Type : bool
Defined at net/netfilter/Kconfig:509
Prompt: Netfilter nf_tables exthdr DCCP support (DEPRECATED)
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NF_TABLES [=m]
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> Core Netfilter Configuration
-> Netfilter nf_tables support (NF_TABLES [=m])
-> Netfilter nf_tables exthdr DCCP support (DEPRECATED) (NFT_EXTHDR_DCCP [=n])
Commit: fd72f265 (netfilter: conntrack: remove DCCP protocol support)
Signed-off-by: Fedora Kernel Team kernel-team@fedoraproject.org
Edited by CKI KWF Bot