--- zzzz-none-000/linux-4.4.271/net/bridge/Kconfig	2021-06-03 06:22:09.000000000 +0000
+++ maple-fsgw-759/linux-4.4.271/net/bridge/Kconfig	2023-12-20 10:37:40.000000000 +0000
@@ -33,6 +33,24 @@
 
 	  If unsure, say N.
 
+config AVM_BRIDGE_FLOOD_RATELIMITER
+	bool "Port flood rate limiting"
+	depends on AVM_ENHANCED
+	depends on BRIDGE
+	default y
+	---help---
+	  AVM extension
+
+	  This enables a simple, configurable bridge flood rate limiting mechanism, to
+	  help protect accidental or willful network loops. You can configure a
+	  maximum packet rate and a reserve. The reserve can be higher to allow for
+	  short bursts.
+
+	  The ratelimiter will only limit packets which are forwarded on all ports.
+	  Traffic (unicast and multicast) that is forwarded to specific ports is
+	  unaffected. Locally generated traffic is unaffected as well. It is
+	  disabled by default and must be configured through sysfs.
+
 config BRIDGE_IGMP_SNOOPING
 	bool "IGMP/MLD snooping"
 	depends on BRIDGE
@@ -60,3 +78,22 @@
 	  Say N to exclude this support and reduce the binary size.
 
 	  If unsure, say Y.
+
+config AVM_BRIDGE_ISOLATION
+	bool "Isolate bridge ports from each other"
+	depends on BRIDGE
+	depends on NETFILTER
+	depends on SYSFS
+	depends on AVM_ENHANCED
+	default y
+	---help---
+	  AVM extension
+
+	  This feature allows to create isolated bridge ports pairs, so that clients
+	  connected through an isolated port cannot communicate with clients
+	  behind other isolated ports. Traffic flowing from/to non-isolated ports
+	  is not affected.
+
+	  This is implemented in a bridge netfilter hook, therefore
+	  at least one of net.bridge.br-nf-call-* sysctl must be enabled.
+	  net.bridge.br-nf-call-custom is sufficient.