"socket" match support (EXPERIMENTAL)
modulename: xt_socket.ko
configname: CONFIG_NETFILTER_XT_MATCH_SOCKET
Linux Kernel Configuration
└─>Networking support
└─>Networking options
└─>Network packet filtering framework (Netfilter)
└─>Core Netfilter Configuration
└─>"socket" match support (EXPERIMENTAL)
In linux kernel since version 2.6.28 (release Date: 2008-12-24)
This option adds a `socket' match, which can be used to match
packets for which a TCP or UDP socket lookup finds a valid socket.
It can be used in combination with the MARK target and policy
routing to implement full featured non-locally bound sockets.
To compile it as a module, choose M here. If unsure, say N.
packets for which a TCP or UDP socket lookup finds a valid socket.
It can be used in combination with the MARK target and policy
routing to implement full featured non-locally bound sockets.
To compile it as a module, choose M here. If unsure, say N.
source code:
depends
CONFIG_EXPERIMENTALCONFIG_INET
CONFIG_NET
CONFIG_NETFILTER
CONFIG_NETFILTER_ADVANCED
CONFIG_NETFILTER_TPROXY
CONFIG_NETFILTER_XTABLES or CONFIG_IP6_NF_IPTABLES or CONFIG_IPV6 or CONFIG_NF_SOCKET_IPV4 or CONFIG_NF_SOCKET_IPV6