--- zzzz-none-000/linux-2.6.19.2/net/ipv4/netfilter/Kconfig	2007-01-10 19:10:37.000000000 +0000
+++ davinci-8020-5505/linux-2.6.19.2/net/ipv4/netfilter/Kconfig	2007-01-19 14:42:56.000000000 +0000
@@ -329,6 +329,21 @@
 	  destination IP' or `500pps from any given source IP'  with a single
 	  IPtables rule.
 
+config IP_NF_MATCH_STEALTH
+	tristate "stealth match support"
+	depends on IP_NF_IPTABLES
+	help
+	  Enabling this option will drop all syn packets coming to unserved tcp
+	  ports as well as all packets coming to unserved udp ports.  If you
+	  are using your system to route any type of packets (ie. via NAT)
+	  you should put this module at the end of your ruleset, since it will
+	  drop packets that aren't going to ports that are listening on your
+	  machine itself, it doesn't take into account that the packet might be
+	  destined for someone on your internal network if you're using NAT for
+	  instance.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
 # `filter', generic and specific targets
 config IP_NF_FILTER
 	tristate "Packet filtering"
@@ -463,6 +478,16 @@
 
 	  To compile it as a module, choose M here.  If unsure, say N.
 
+config IP_NF_TARGET_IDLETIMER
+	tristate  "IDLETIMER target support"
+	depends on IP_NF_IPTABLES
+	help
+	  This option adds a `IDLETIMER' target. Each matching packet resets
+	  the timer associated with input and/or output interfaces. Timer
+	  expiry causes kobject uevent. Idle timer can be read via sysfs.
+
+	  To compile it as a module, choose M here.  If unsure, say N.
+
 config IP_NF_NAT_SNMP_BASIC
 	tristate "Basic SNMP-ALG support (EXPERIMENTAL)"
 	depends on EXPERIMENTAL && IP_NF_NAT
@@ -624,4 +649,3 @@
 	  hardware and network addresses.
 
 endmenu
-