Reorganize netfilter kernel modules and package nftables kernel support
Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 42596
This commit is contained in:
parent
9a30ee9c2c
commit
e4e5c31f87
3 changed files with 221 additions and 62 deletions
|
@ -1,5 +1,5 @@
|
||||||
#
|
#
|
||||||
# Copyright (C) 2006-2012 OpenWrt.org
|
# Copyright (C) 2006-2014 OpenWrt.org
|
||||||
#
|
#
|
||||||
# This is free software, licensed under the GNU General Public License v2.
|
# This is free software, licensed under the GNU General Public License v2.
|
||||||
# See /LICENSE for more information.
|
# See /LICENSE for more information.
|
||||||
|
@ -30,8 +30,10 @@ endef
|
||||||
# core
|
# core
|
||||||
|
|
||||||
# kernel only
|
# kernel only
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XTABLES, $(P_XT)x_tables $(P_XT)xt_tcpudp),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT,CONFIG_IP_NF_IPTABLES, $(P_V4)ip_tables),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, $(P_V4)ip_tables),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT,CONFIG_NETFILTER_XTABLES, $(P_XT)x_tables),))
|
||||||
|
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XTABLES, $(P_XT)xt_tcpudp),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptable_filter),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptable_filter),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),))
|
||||||
|
|
||||||
|
@ -59,9 +61,9 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MARK, $(P_XT)
|
||||||
# conntrack
|
# conntrack
|
||||||
|
|
||||||
# kernel only
|
# kernel only
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CONNTRACK,CONFIG_NF_CONNTRACK, $(P_XT)nf_conntrack),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK, $(P_XT)nf_conntrack),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CONNTRACK,CONFIG_NF_DEFRAG_IPV4, $(P_V4)nf_defrag_ipv4),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV4, $(P_V4)nf_defrag_ipv4),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state))
|
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state))
|
||||||
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_IP_NF_RAW, $(P_V4)iptable_raw))
|
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_IP_NF_RAW, $(P_V4)iptable_raw))
|
||||||
|
@ -134,9 +136,11 @@ $(eval $(call nf_add,IPT_IPSEC,CONFIG_NETFILTER_XT_MATCH_POLICY, $(P_XT)xt_polic
|
||||||
# IPv6
|
# IPv6
|
||||||
|
|
||||||
# kernel only
|
# kernel only
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_DEFRAG_IPV6, $(P_V6)nf_defrag_ipv6),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT6,CONFIG_IP6_NF_IPTABLES, $(P_V6)ip6_tables),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_CONNTRACK_IPV6, $(P_V6)nf_conntrack_ipv6),))
|
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, $(P_V6)ip6_tables),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_DEFRAG_IPV6, $(P_V6)nf_defrag_ipv6),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_CONNTRACK_IPV6, $(P_V6)nf_conntrack_ipv6),))
|
||||||
|
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),))
|
||||||
|
@ -160,10 +164,14 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
|
||||||
# nat
|
# nat
|
||||||
|
|
||||||
# kernel only
|
# kernel only
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_V4)nf_nat $(P_V4)iptable_nat, lt 3.7.0),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat, ge 3.7.0),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat $(P_XT)xt_nat, ge 3.7.0),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4, ge 3.7.0),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4 $(P_V4)iptable_nat, ge 3.7.0),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6, ge 3.7.0),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6 $(P_V6)ip6table_nat, ge 3.7.0),))
|
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_XT)xt_nat, ge 3.7.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_V4)iptable_nat, lt 3.7.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)iptable_nat, ge 3.7.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)ip6table_nat, ge 3.7.0),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_MASQUERADE, $(P_V6)ip6t_MASQUERADE, ge 3.7.0),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_MASQUERADE, $(P_V6)ip6t_MASQUERADE, ge 3.7.0),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT, ge 3.7.0),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT, ge 3.7.0),))
|
||||||
|
|
||||||
|
@ -184,35 +192,35 @@ $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_V4)ipt_NETMAP
|
||||||
|
|
||||||
# nathelper
|
# nathelper
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_NAT_FTP, $(P_V4)ip_nat_ftp))
|
$(eval $(call nf_add,NF_NATHELPER,CONFIG_IP_NF_NAT_FTP, $(P_V4)ip_nat_ftp))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_FTP, $(P_XT)nf_conntrack_ftp))
|
$(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_CONNTRACK_FTP, $(P_XT)nf_conntrack_ftp))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_conntrack_irc))
|
$(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_conntrack_irc))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp, ge 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp, ge 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_IRC, $(P_XT)nf_nat_irc, ge 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_IRC, $(P_XT)nf_nat_irc, ge 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_FTP, $(P_V4)nf_nat_ftp, lt 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_V4)nf_nat_ftp, lt 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_IRC, $(P_V4)nf_nat_irc, lt 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_IRC, $(P_V4)nf_nat_irc, lt 3.7.0))
|
||||||
|
|
||||||
|
|
||||||
# nathelper-extra
|
# nathelper-extra
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda, ge 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda, ge 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_V4)nf_nat_amanda, lt 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_V4)nf_nat_amanda, lt 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE, $(P_XT)nf_conntrack_proto_gre))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE, $(P_XT)nf_conntrack_proto_gre))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE, $(P_V4)nf_nat_proto_gre))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE, $(P_V4)nf_nat_proto_gre))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_H323, $(P_V4)nf_nat_h323))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_H323, $(P_V4)nf_nat_h323))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_PPTP, $(P_XT)nf_conntrack_pptp))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_PPTP, $(P_XT)nf_conntrack_pptp))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_PPTP, $(P_V4)nf_nat_pptp))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PPTP, $(P_V4)nf_nat_pptp))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_SIP, $(P_XT)nf_conntrack_sip))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_SIP, $(P_XT)nf_conntrack_sip))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_SIP, $(P_XT)nf_nat_sip, ge 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_SIP, $(P_XT)nf_nat_sip, ge 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_SIP, $(P_V4)nf_nat_sip, lt 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_SIP, $(P_V4)nf_nat_sip, lt 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_SNMP, $(P_XT)nf_conntrack_snmp))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_SNMP, $(P_XT)nf_conntrack_snmp))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_SNMP_BASIC, $(P_V4)nf_nat_snmp_basic))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_SNMP_BASIC, $(P_V4)nf_nat_snmp_basic))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_TFTP, $(P_XT)nf_conntrack_tftp))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_TFTP, $(P_XT)nf_conntrack_tftp))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_TFTP, $(P_XT)nf_nat_tftp, ge 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_TFTP, $(P_XT)nf_nat_tftp, ge 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp, lt 3.7.0))
|
$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp, lt 3.7.0))
|
||||||
|
|
||||||
|
|
||||||
# queue
|
# queue
|
||||||
|
@ -304,9 +312,34 @@ $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog)
|
||||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
|
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
|
||||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue))
|
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue))
|
||||||
|
|
||||||
|
# nftables
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES, $(P_XT)nf_tables, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_INET, $(P_XT)nf_tables_inet, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_EXTHDR, $(P_XT)nft_exthdr, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_META, $(P_XT)nft_meta, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CT, $(P_XT)nft_ct, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_RBTREE, $(P_XT)nft_rbtree, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_HASH, $(P_XT)nft_hash, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_COUNTER, $(P_XT)nft_counter, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_LOG, $(P_XT)nft_log, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_LIMIT, $(P_XT)nft_limit, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT, $(P_XT)nft_reject $(P_V4)nft_reject_ipv4 $(P_V6)nft_reject_ipv6, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft_reject_inet, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_IPV4, $(P_V4)nf_tables_ipv4, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CHAIN_ROUTE_IPV4, $(P_V4)nft_chain_route_ipv4, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_IPV6, $(P_V6)nf_tables_ipv6, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CHAIN_ROUTE_IPV6, $(P_V6)nft_chain_route_ipv6, ge 3.14.0),))
|
||||||
|
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_CHAIN_NAT_IPV4, $(P_V4)nft_chain_nat_ipv4, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_IP_NF_IPTABLES, $(P_V4)ip_tables, ge 3.14.0),))
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_CHAIN_NAT_IPV6, $(P_V6)nft_chain_nat_ipv6, ge 3.14.0),))
|
||||||
|
|
||||||
# userland only
|
# userland only
|
||||||
|
IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)
|
||||||
IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
|
IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
|
||||||
|
IPT_BUILTIN += $(NF_CONNTRACK-y)
|
||||||
|
IPT_BUILTIN += $(NF_CONNTRACK6-y)
|
||||||
IPT_BUILTIN += $(IPT_CONNTRACK-y)
|
IPT_BUILTIN += $(IPT_CONNTRACK-y)
|
||||||
IPT_BUILTIN += $(IPT_CONNTRACK_EXTRA-y)
|
IPT_BUILTIN += $(IPT_CONNTRACK_EXTRA-y)
|
||||||
IPT_BUILTIN += $(IPT_EXTRA-y)
|
IPT_BUILTIN += $(IPT_EXTRA-y)
|
||||||
|
@ -315,11 +348,13 @@ IPT_BUILTIN += $(IPT_IPOPT-y)
|
||||||
IPT_BUILTIN += $(IPT_IPRANGE-y)
|
IPT_BUILTIN += $(IPT_IPRANGE-y)
|
||||||
IPT_BUILTIN += $(IPT_IPSEC-y)
|
IPT_BUILTIN += $(IPT_IPSEC-y)
|
||||||
IPT_BUILTIN += $(IPT_IPV6-y) $(IPT_IPV6-m)
|
IPT_BUILTIN += $(IPT_IPV6-y) $(IPT_IPV6-m)
|
||||||
|
IPT_BUILTIN += $(NF_NAT-y)
|
||||||
|
IPT_BUILTIN += $(NF_NAT6-y)
|
||||||
IPT_BUILTIN += $(IPT_NAT-y)
|
IPT_BUILTIN += $(IPT_NAT-y)
|
||||||
IPT_BUILTIN += $(IPT_NAT6-y)
|
IPT_BUILTIN += $(IPT_NAT6-y)
|
||||||
IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
|
IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
|
||||||
IPT_BUILTIN += $(IPT_NATHELPER-y)
|
IPT_BUILTIN += $(NF_NATHELPER-y)
|
||||||
IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)
|
IPT_BUILTIN += $(NF_NATHELPER_EXTRA-y)
|
||||||
IPT_BUILTIN += $(IPT_ULOG-y)
|
IPT_BUILTIN += $(IPT_ULOG-y)
|
||||||
IPT_BUILTIN += $(IPT_DEBUG-y)
|
IPT_BUILTIN += $(IPT_DEBUG-y)
|
||||||
IPT_BUILTIN += $(IPT_TPROXY-y)
|
IPT_BUILTIN += $(IPT_TPROXY-y)
|
||||||
|
|
|
@ -14,7 +14,7 @@ DEVICE_TYPE?=router
|
||||||
# Default packages - the really basic set
|
# Default packages - the really basic set
|
||||||
DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools
|
DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools
|
||||||
# For router targets
|
# For router targets
|
||||||
DEFAULT_PACKAGES.router:=dnsmasq iptables ip6tables ppp ppp-mod-pppoe kmod-ipt-nathelper firewall odhcpd odhcp6c
|
DEFAULT_PACKAGES.router:=dnsmasq iptables ip6tables ppp ppp-mod-pppoe kmod-nf-nathelper firewall odhcpd odhcp6c
|
||||||
DEFAULT_PACKAGES.bootloader:=
|
DEFAULT_PACKAGES.bootloader:=
|
||||||
|
|
||||||
ifneq ($(DUMP),)
|
ifneq ($(DUMP),)
|
||||||
|
|
|
@ -10,15 +10,41 @@ NF_MENU:=Netfilter Extensions
|
||||||
NF_KMOD:=1
|
NF_KMOD:=1
|
||||||
include $(INCLUDE_DIR)/netfilter.mk
|
include $(INCLUDE_DIR)/netfilter.mk
|
||||||
|
|
||||||
define KernelPackage/ipt-core
|
|
||||||
|
define KernelPackage/nf-ipt
|
||||||
SUBMENU:=$(NF_MENU)
|
SUBMENU:=$(NF_MENU)
|
||||||
TITLE:=Netfilter core
|
TITLE:=Iptables core
|
||||||
KCONFIG:= \
|
KCONFIG:= \
|
||||||
CONFIG_NETFILTER=y \
|
CONFIG_NETFILTER=y \
|
||||||
CONFIG_NETFILTER_ADVANCED=y \
|
CONFIG_NETFILTER_ADVANCED=y \
|
||||||
$(KCONFIG_IPT_CORE)
|
$(KCONFIG_NF_IPT)
|
||||||
|
FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nf-ipt))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/nf-ipt6
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Ip6tables core
|
||||||
|
KCONFIG:=$(KCONFIG_NF_IPT6)
|
||||||
|
FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
|
||||||
|
DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nf-ipt6))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/ipt-core
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Iptables core
|
||||||
|
KCONFIG:=$(KCONFIG_IPT_CORE)
|
||||||
FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
|
FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
|
||||||
|
DEPENDS:=+kmod-nf-ipt
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/ipt-core/description
|
define KernelPackage/ipt-core/description
|
||||||
|
@ -36,6 +62,56 @@ endef
|
||||||
$(eval $(call KernelPackage,ipt-core))
|
$(eval $(call KernelPackage,ipt-core))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/nf-conntrack
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Netfilter connection tracking
|
||||||
|
KCONFIG:= \
|
||||||
|
CONFIG_NETFILTER=y \
|
||||||
|
CONFIG_NETFILTER_ADVANCED=y \
|
||||||
|
$(KCONFIG_NF_CONNTRACK)
|
||||||
|
FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nf-conntrack))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/nf-conntrack6
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Netfilter IPv6 connection tracking
|
||||||
|
KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
|
||||||
|
DEPENDS:=+kmod-ipv6 +kmod-nf-conntrack
|
||||||
|
FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nf-conntrack6))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/nf-nat
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Netfilter NAT
|
||||||
|
KCONFIG:=$(KCONFIG_NF_NAT)
|
||||||
|
DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
|
||||||
|
FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nf-nat))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/nf-nat6
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Netfilter IPV6-NAT
|
||||||
|
KCONFIG:=$(KCONFIG_NF_NAT6)
|
||||||
|
DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
|
||||||
|
FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nf-nat6))
|
||||||
|
|
||||||
|
|
||||||
define AddDepends/ipt
|
define AddDepends/ipt
|
||||||
SUBMENU:=$(NF_MENU)
|
SUBMENU:=$(NF_MENU)
|
||||||
DEPENDS+= +kmod-ipt-core $(1)
|
DEPENDS+= +kmod-ipt-core $(1)
|
||||||
|
@ -47,7 +123,7 @@ define KernelPackage/ipt-conntrack
|
||||||
KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
|
KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
|
||||||
FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
|
FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
|
||||||
$(call AddDepends/ipt)
|
$(call AddDepends/ipt,+kmod-nf-conntrack)
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/ipt-conntrack/description
|
define KernelPackage/ipt-conntrack/description
|
||||||
|
@ -153,7 +229,7 @@ define KernelPackage/ipt-nat
|
||||||
KCONFIG:=$(KCONFIG_IPT_NAT)
|
KCONFIG:=$(KCONFIG_IPT_NAT)
|
||||||
FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
|
FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
|
||||||
$(call AddDepends/ipt,+kmod-ipt-conntrack)
|
$(call AddDepends/ipt,+kmod-nf-nat)
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/ipt-nat/description
|
define KernelPackage/ipt-nat/description
|
||||||
|
@ -200,15 +276,16 @@ endef
|
||||||
$(eval $(call KernelPackage,ipt-nat-extra))
|
$(eval $(call KernelPackage,ipt-nat-extra))
|
||||||
|
|
||||||
|
|
||||||
define KernelPackage/ipt-nathelper
|
define KernelPackage/nf-nathelper
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
TITLE:=Basic Conntrack and NAT helpers
|
TITLE:=Basic Conntrack and NAT helpers
|
||||||
KCONFIG:=$(KCONFIG_IPT_NATHELPER)
|
KCONFIG:=$(KCONFIG_NF_NATHELPER)
|
||||||
FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
|
FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NATHELPER-m)))
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
|
||||||
$(call AddDepends/ipt,+kmod-ipt-nat)
|
DEPENDS:=+kmod-nf-nat
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/ipt-nathelper/description
|
define KernelPackage/nf-nathelper/description
|
||||||
Default Netfilter (IPv4) Conntrack and NAT helpers
|
Default Netfilter (IPv4) Conntrack and NAT helpers
|
||||||
Includes:
|
Includes:
|
||||||
- ftp
|
- ftp
|
||||||
|
@ -216,18 +293,19 @@ define KernelPackage/ipt-nathelper/description
|
||||||
- tftp
|
- tftp
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call KernelPackage,ipt-nathelper))
|
$(eval $(call KernelPackage,nf-nathelper))
|
||||||
|
|
||||||
|
|
||||||
define KernelPackage/ipt-nathelper-extra
|
define KernelPackage/nf-nathelper-extra
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
TITLE:=Extra Conntrack and NAT helpers
|
TITLE:=Extra Conntrack and NAT helpers
|
||||||
KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
|
KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
|
||||||
FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
|
FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NATHELPER_EXTRA-m)))
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
|
||||||
$(call AddDepends/ipt,+kmod-ipt-nat +kmod-lib-textsearch)
|
DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/ipt-nathelper-extra/description
|
define KernelPackage/nf-nathelper-extra/description
|
||||||
Extra Netfilter (IPv4) Conntrack and NAT helpers
|
Extra Netfilter (IPv4) Conntrack and NAT helpers
|
||||||
Includes:
|
Includes:
|
||||||
- amanda
|
- amanda
|
||||||
|
@ -240,7 +318,7 @@ define KernelPackage/ipt-nathelper-extra/description
|
||||||
- broadcast
|
- broadcast
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call KernelPackage,ipt-nathelper-extra))
|
$(eval $(call KernelPackage,nf-nathelper-extra))
|
||||||
|
|
||||||
|
|
||||||
define KernelPackage/ipt-queue
|
define KernelPackage/ipt-queue
|
||||||
|
@ -442,7 +520,7 @@ $(eval $(call KernelPackage,ipt-extra))
|
||||||
define KernelPackage/ip6tables
|
define KernelPackage/ip6tables
|
||||||
SUBMENU:=$(NF_MENU)
|
SUBMENU:=$(NF_MENU)
|
||||||
TITLE:=IPv6 modules
|
TITLE:=IPv6 modules
|
||||||
DEPENDS:=+kmod-ipv6 +kmod-ipt-core +kmod-ipt-conntrack
|
DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
|
||||||
KCONFIG:=$(KCONFIG_IPT_IPV6)
|
KCONFIG:=$(KCONFIG_IPT_IPV6)
|
||||||
FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
|
FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
|
AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
|
||||||
|
@ -567,7 +645,6 @@ define KernelPackage/nfnetlink
|
||||||
FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
|
FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
KCONFIG:=$(KCONFIG_NFNETLINK)
|
KCONFIG:=$(KCONFIG_NFNETLINK)
|
||||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
|
||||||
$(call AddDepends/ipt)
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/nfnetlink/description
|
define KernelPackage/nfnetlink/description
|
||||||
|
@ -647,3 +724,50 @@ define KernelPackage/ipt-hashlimit/description
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call KernelPackage,ipt-hashlimit))
|
$(eval $(call KernelPackage,ipt-hashlimit))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/nft-core
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Netfilter nf_tables support
|
||||||
|
DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
|
||||||
|
FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
|
||||||
|
KCONFIG:= \
|
||||||
|
CONFIG_NETFILTER=y \
|
||||||
|
CONFIG_NETFILTER_ADVANCED=y \
|
||||||
|
CONFIG_NFT_COMPAT=n \
|
||||||
|
CONFIG_NF_TABLES_ARP=n \
|
||||||
|
CONFIG_NF_TABLES_BRIDGE=n \
|
||||||
|
$(KCONFIG_NFT_CORE)
|
||||||
|
endef
|
||||||
|
|
||||||
|
define KernelPackage/nft-core/description
|
||||||
|
Kernel module support for nftables
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nft-core))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/nft-nat
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Netfilter nf_tables NAT support
|
||||||
|
DEPENDS:=+kmod-nft-core +kmod-nf-nat
|
||||||
|
FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
|
||||||
|
KCONFIG:=$(KCONFIG_NFT_NAT)
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nft-nat))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/nft-nat6
|
||||||
|
SUBMENU:=$(NF_MENU)
|
||||||
|
TITLE:=Netfilter nf_tables IPv6-NAT support
|
||||||
|
DEPENDS:=+kmod-nft-core +kmod-nf-nat6
|
||||||
|
FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
|
||||||
|
KCONFIG:=$(KCONFIG_NFT_NAT6)
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,nft-nat6))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue