netfilter: add IPv6 SYNPROXY target

[karo-tx-linux.git] / net / ipv6 / netfilter / Kconfig

diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 4433ab40e7de05a2b518e20dacfa370d736bded3..a7f842b29b67b2ca5ff2c2cbe13588e3098ce44b 100644 (file)
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -153,6 +153,19 @@ config IP6_NF_TARGET_REJECT
 
          To compile it as a module, choose M here.  If unsure, say N.
 
+config IP6_NF_TARGET_SYNPROXY
+       tristate "SYNPROXY target support"
+       depends on NF_CONNTRACK && NETFILTER_ADVANCED
+       select NETFILTER_SYNPROXY
+       select SYN_COOKIES
+       help
+         The SYNPROXY target allows you to intercept TCP connections and
+         establish them using syncookies before they are passed on to the
+         server. This allows to avoid conntrack and server resource usage
+         during SYN-flood attacks.
+
+         To compile it as a module, choose M here. If unsure, say N.
+
 config IP6_NF_MANGLE
        tristate "Packet mangling"
        default m if NETFILTER_ADVANCED=n