changed to seem to come from a particular interface's address, and	  if the interface goes down, those connections are lost.  This is	  only useful for dialup accounts with dynamic IP address (ie. your IP	  address will be different on next dialup).	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_REDIRECT	tristate "REDIRECT target support"	depends on IP_NF_NAT	help	  REDIRECT is a special case of NAT: all incoming connections are	  mapped onto the incoming interface's address, causing the packets to	  come to the local machine instead of passing through.  This is	  useful for transparent proxies.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_NETMAP	tristate "NETMAP target support"	depends on IP_NF_NAT	help	  NETMAP is an implementation of static 1:1 NAT mapping of network	  addresses. It maps the network address part, while keeping the host	  address part intact. It is similar to Fast NAT, except that	  Netfilter's connection tracking doesn't work well with Fast NAT.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_SAME	tristate "SAME target support"	depends on IP_NF_NAT	help	  This option adds a `SAME' target, which works like the standard SNAT	  target, but attempts to give clients the same IP for all connections.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_NAT_LOCAL	bool "NAT of local connections (READ HELP)"	depends on IP_NF_NAT	help	  This option enables support for NAT of locally originated connections. 	  Enable this if you need to use destination NAT on connections	  originating from local processes on the nat box itself.	  Please note that you will need a recent version (>= 1.2.6a)	  of the iptables userspace program in order to use this feature.	  See <http://www.iptables.org/> for download instructions.	  If unsure, say 'N'.config IP_NF_NAT_SNMP_BASIC	tristate "Basic SNMP-ALG support (EXPERIMENTAL)"	depends on EXPERIMENTAL && IP_NF_NAT	---help---	  This module implements an Application Layer Gateway (ALG) for	  SNMP payloads.  In conjunction with NAT, it allows a network	  management system to access multiple private networks with	  conflicting addresses.  It works by modifying IP addresses	  inside SNMP payloads to match IP-layer NAT mapping.	  This is the "basic" form of SNMP-ALG, as described in RFC 2962	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_NAT_IRC	tristate	depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n	default IP_NF_NAT if IP_NF_IRC=y	default m if IP_NF_IRC=m# If they want FTP, set to $CONFIG_IP_NF_NAT (m or y), # or $CONFIG_IP_NF_FTP (m or y), whichever is weaker.  Argh.config IP_NF_NAT_FTP	tristate	depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n	default IP_NF_NAT if IP_NF_FTP=y	default m if IP_NF_FTP=mconfig IP_NF_NAT_TFTP	tristate	depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n	default IP_NF_NAT if IP_NF_TFTP=y	default m if IP_NF_TFTP=mconfig IP_NF_NAT_AMANDA	tristate	depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n	default IP_NF_NAT if IP_NF_AMANDA=y	default m if IP_NF_AMANDA=mconfig IP_NF_MANGLE	tristate "Packet mangling"	depends on IP_NF_IPTABLES	help	  This option adds a `mangle' table to iptables: see the man page for	  iptables(8).  This table is used for various packet alterations	  which can effect how the packet is routed.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_TOS	tristate "TOS target support"	depends on IP_NF_MANGLE	help	  This option adds a `TOS' target, which allows you to create rules in	  the `mangle' table which alter the Type Of Service field of an IP	  packet prior to routing.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_ECN	tristate "ECN target support"	depends on IP_NF_MANGLE	---help---	  This option adds a `ECN' target, which can be used in the iptables mangle	  table.  	  You can use this target to remove the ECN bits from the IPv4 header of	  an IP packet.  This is particularly useful, if you need to work around	  existing ECN blackholes on the internet, but don't want to disable	  ECN support in general.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_DSCP	tristate "DSCP target support"	depends on IP_NF_MANGLE	help	  This option adds a `DSCP' match, which allows you to match against	  the IPv4 header DSCP field (DSCP codepoint).	  The DSCP codepoint can have any value between 0x0 and 0x4f.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_MARK	tristate "MARK target support"	depends on IP_NF_MANGLE	help	  This option adds a `MARK' target, which allows you to create rules	  in the `mangle' table which alter the netfilter mark (nfmark) field	  associated with the packet prior to routing. This can change	  the routing method (see `Use netfilter MARK value as routing	  key') and can also be used by other subsystems to change their	  behavior.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_CLASSIFY	tristate "CLASSIFY target support"	depends on IP_NF_MANGLE	help	  This option adds a `CLASSIFY' target, which enables the user to set	  the priority of a packet. Some qdiscs can use this value for	  classification, among these are:  	  atm, cbq, dsmark, pfifo_fast, htb, prio	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_LOG	tristate "LOG target support"	depends on IP_NF_IPTABLES	help	  This option adds a `LOG' target, which allows you to create rules in	  any iptables table which records the packet header to the syslog.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_ULOG	tristate "ULOG target support"	depends on IP_NF_IPTABLES	---help---	  This option adds a `ULOG' target, which allows you to create rules in	  any iptables table. The packet is passed to a userspace logging	  daemon using netlink multicast sockets; unlike the LOG target	  which can only be viewed through syslog.	  The apropriate userspace logging daemon (ulogd) may be obtained from	  <http://www.gnumonks.org/projects/ulogd/>	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_TCPMSS	tristate "TCPMSS target support"	depends on IP_NF_IPTABLES	---help---	  This option adds a `TCPMSS' target, which allows you to alter the	  MSS value of TCP SYN packets, to control the maximum size for that	  connection (usually limiting it to your outgoing interface's MTU	  minus 40).	  This is used to overcome criminally braindead ISPs or servers which	  block ICMP Fragmentation Needed packets.  The symptoms of this	  problem are that everything works fine from your Linux	  firewall/router, but machines behind it can never exchange large	  packets:	  	1) Web browsers connect, then hang with no data received.	  	2) Small mail works fine, but large emails hang.	  	3) ssh works fine, but scp hangs after initial handshaking.	  Workaround: activate this option and add a rule to your firewall	  configuration like:	  iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \	  		 -j TCPMSS --clamp-mss-to-pmtu	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_ARPTABLES	tristate "ARP tables support"	help	  arptables is a general, extensible packet identification framework.	  The ARP packet filtering and mangling (manipulation)subsystems	  use this: say Y or M here if you want to use either of those.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_ARPFILTER	tristate "ARP packet filtering"	depends on IP_NF_ARPTABLES	help	  ARP packet filtering defines a table `filter', which has a series of	  rules for simple ARP packet filtering at local input and	  local output.  On a bridge, you can also specify filtering rules	  for forwarded ARP packets. See the man page for arptables(8).	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_ARP_MANGLE	tristate "ARP payload mangling"	depends on IP_NF_ARPTABLES	help	  Allows altering the ARP packet payload: source and destination	  hardware and network addresses.# Backwards compatibility modules: only if you don't build in the others.config IP_NF_COMPAT_IPCHAINS	tristate "ipchains (2.2-style) support"	depends on IP_NF_CONNTRACK!=y && IP_NF_IPTABLES!=y	help	  This option places ipchains (with masquerading and redirection	  support) back into the kernel, using the new netfilter	  infrastructure.  It is not recommended for new installations (see	  `Packet filtering').  With this enabled, you should be able to use	  the ipchains tool exactly as in 2.2 kernels.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_COMPAT_IPFWADM	tristate "ipfwadm (2.0-style) support"	depends on IP_NF_CONNTRACK!=y && IP_NF_IPTABLES!=y && IP_NF_COMPAT_IPCHAINS!=y	help	  This option places ipfwadm (with masquerading and redirection	  support) back into the kernel, using the new netfilter	  infrastructure.  It is not recommended for new installations (see	  `Packet filtering').  With this enabled, you should be able to use	  the ipfwadm tool exactly as in 2.0 kernels.	  To compile it as a module, choose M here.  If unsure, say N.config IP_NF_TARGET_NOTRACK	tristate  'NOTRACK target support'	depends on IP_NF_RAW	depends on IP_NF_CONNTRACK	help	  The NOTRACK target allows a select rule to specify	  which packets *not* to enter the conntrack/NAT	  subsystem with all the consequences (no ICMP error tracking,	  no protocol helpers for the selected packets).		  If you want to compile it as a module, say M here and read	  <file:Documentation/modules.txt>.  If unsure, say `N'.config IP_NF_RAW	tristate  'raw table support (required for NOTRACK/TRACE)'	depends on IP_NF_IPTABLES	help	  This option adds a `raw' table to iptables. This table is the very	  first in the netfilter framework and hooks in at the PREROUTING	  and OUTPUT chains.		  If you want to compile it as a module, say M here and read	  <file:Documentation/modules.txt>.  If unsure, say `N'.	  helpconfig IP_NF_MATCH_ADDRTYPE	tristate  'address type match support'	depends on IP_NF_IPTABLES	help	  This option allows you to match what routing thinks of an address,	  eg. UNICAST, LOCAL, BROADCAST, ...		  If you want to compile it as a module, say M here and read	  Documentation/modules.txt.  If unsure, say `N'.config IP_NF_MATCH_REALM	tristate  'realm match support'	depends on IP_NF_IPTABLES	select NET_CLS_ROUTE	help	  This option adds a `realm' match, which allows you to use the realm	  key from the routing subsytem inside iptables.		  This match pretty much resembles the CONFIG_NET_CLS_ROUTE4 option 	  in tc world.		  If you want to compile it as a module, say M here and read	  Documentation/modules.txt.  If unsure, say `N'.endmenu