2 # Copyright (C) 2006-2014 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 ifneq ($(__inc_netfilter
),1)
15 P_EBT
:=bridge
/netfilter
/
21 # 4: version dependency
23 $(if
$(4),ifeq ($$(strip $$(call CompareKernelPatchVer
,$$(KERNEL_PATCHVER
),$(firstword $(4)),$(lastword
$(4)))),1))
26 KCONFIG_
$(1) = $(filter-out $(2),$(KCONFIG_
$(1))) $(2)
33 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_REJECT
,CONFIG_NF_REJECT_IPV4
, $(P_V4
)nf_reject_ipv4
),))
35 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_IPT
,CONFIG_IP_NF_IPTABLES
, $(P_V4
)ip_tables
),))
36 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_IPT
,CONFIG_NETFILTER_XTABLES
, $(P_XT
)x_tables
),))
38 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XTABLES
, $(P_XT
)xt_tcpudp
),))
39 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_CORE
,CONFIG_IP_NF_FILTER
, $(P_V4
)iptable_filter
),))
40 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_CORE
,CONFIG_IP_NF_MANGLE
, $(P_V4
)iptable_mangle
),))
43 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_CORE
,CONFIG_IP_NF_IPTABLES
, xt_standard ipt_icmp xt_tcp xt_udp xt_comment xt_set xt_SET
)))
45 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_MATCH_LIMIT
, $(P_XT
)xt_limit
))
46 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_MATCH_MAC
, $(P_XT
)xt_mac
))
47 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_MATCH_MULTIPORT
, $(P_XT
)xt_multiport
))
48 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_MATCH_COMMENT
, $(P_XT
)xt_comment
))
51 $(eval
$(call nf_add
,IPT_CLUSTER
,CONFIG_NETFILTER_XT_MATCH_CLUSTER
, $(P_XT
)xt_cluster
))
53 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_TARGET_LOG
, $(P_XT
)xt_LOG
))
54 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_TARGET_LOG
, $(P_XT
)nf_log_common
))
55 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_TARGET_LOG
, $(P_V4
)nf_log_ipv4
))
56 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_TARGET_TCPMSS
, $(P_XT
)xt_TCPMSS
))
57 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_IP_NF_TARGET_REJECT
, $(P_V4
)ipt_REJECT
))
58 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_MATCH_TIME
, $(P_XT
)xt_time
))
59 $(eval
$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_MARK
, $(P_XT
)xt_mark
))
61 # kernel has xt_MARK.ko merged into xt_mark.ko, userspace is still separate
62 # userland: xt_MARK.so
63 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_CORE
,CONFIG_NETFILTER_XT_MARK
, $(P_XT
)xt_MARK
)))
69 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_CONNTRACK
,CONFIG_NF_CONNTRACK
, $(P_XT
)nf_conntrack
),))
70 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_CONNTRACK
,CONFIG_NF_CONNTRACK_RTCACHE
, $(P_XT
)nf_conntrack_rtcache
),))
71 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_CONNTRACK
,CONFIG_NF_DEFRAG_IPV4
, $(P_V4
)nf_defrag_ipv4
),))
72 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_CONNTRACK
,CONFIG_NF_CONNTRACK_IPV4
, $(P_V4
)nf_conntrack_ipv4
),))
74 $(eval
$(call nf_add
,IPT_CONNTRACK
,CONFIG_NETFILTER_XT_MATCH_STATE
, $(P_XT
)xt_state
))
75 $(eval
$(call nf_add
,IPT_CONNTRACK
,CONFIG_NETFILTER_XT_TARGET_CT
, $(P_XT
)xt_CT
))
76 $(eval
$(call nf_add
,IPT_CONNTRACK
,CONFIG_NETFILTER_XT_MATCH_CONNTRACK
, $(P_XT
)xt_conntrack
))
81 $(eval
$(call nf_add
,IPT_CONNTRACK_EXTRA
,CONFIG_NETFILTER_XT_MATCH_CONNBYTES
, $(P_XT
)xt_connbytes
))
82 $(eval
$(call nf_add
,IPT_CONNTRACK_EXTRA
,CONFIG_NETFILTER_XT_MATCH_CONNLIMIT
, $(P_XT
)xt_connlimit
))
83 $(eval
$(call nf_add
,IPT_CONNTRACK_EXTRA
,CONFIG_NETFILTER_CONNCOUNT
, $(P_XT
)nf_conncount
))
84 $(eval
$(call nf_add
,IPT_CONNTRACK_EXTRA
,CONFIG_NETFILTER_XT_CONNMARK
, $(P_XT
)xt_connmark
))
85 $(eval
$(call nf_add
,IPT_CONNTRACK_EXTRA
,CONFIG_NETFILTER_XT_MATCH_HELPER
, $(P_XT
)xt_helper
))
86 $(eval
$(call nf_add
,IPT_CONNTRACK_EXTRA
,CONFIG_NETFILTER_XT_MATCH_RECENT
, $(P_XT
)xt_recent
))
88 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_CONNTRACK_EXTRA
,CONFIG_NETFILTER_XT_CONNMARK
, $(P_XT
)xt_CONNMARK
)))
92 $(eval
$(call nf_add
,IPT_CONNTRACK_LABEL
,CONFIG_NETFILTER_XT_MATCH_CONNLABEL
, $(P_XT
)xt_connlabel
))
96 $(eval
$(call nf_add
,IPT_EXTRA
,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE
, $(if
$(NF_KMOD
),$(P_XT
)xt_addrtype
,$(P_XT
)ipt_addrtype
)))
97 $(eval
$(call nf_add
,IPT_EXTRA
,CONFIG_NETFILTER_XT_MATCH_OWNER
, $(P_XT
)xt_owner
))
98 $(eval
$(call nf_add
,IPT_EXTRA
,CONFIG_NETFILTER_XT_MATCH_PKTTYPE
, $(P_XT
)xt_pkttype
))
99 $(eval
$(call nf_add
,IPT_EXTRA
,CONFIG_NETFILTER_XT_MATCH_QUOTA
, $(P_XT
)xt_quota
))
101 #$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE))
105 $(eval
$(call nf_add
,IPT_PHYSDEV
,CONFIG_NETFILTER_XT_MATCH_PHYSDEV
, $(P_XT
)xt_physdev
))
109 $(eval
$(call nf_add
,IPT_FILTER
,CONFIG_NETFILTER_XT_MATCH_STRING
, $(P_XT
)xt_string
))
110 $(eval
$(call nf_add
,IPT_FILTER
,CONFIG_NETFILTER_XT_MATCH_BPF
, $(P_XT
)xt_bpf
))
115 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_MATCH_DSCP
, $(P_XT
)xt_dscp
))
116 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_TARGET_DSCP
, $(P_XT
)xt_DSCP
))
117 $(eval
$(call nf_add
,IPT_HASHLIMIT
,CONFIG_NETFILTER_XT_MATCH_HASHLIMIT
, $(P_XT
)xt_hashlimit
))
118 $(eval
$(call nf_add
,IPT_RPFILTER
,CONFIG_IP_NF_MATCH_RPFILTER
, $(P_V4
)ipt_rpfilter
))
119 $(eval
$(call nf_add
,IPT_RPFILTER
,CONFIG_IP6_NF_MATCH_RPFILTER
, $(P_V6
)ip6t_rpfilter
))
120 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_MATCH_LENGTH
, $(P_XT
)xt_length
))
121 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_MATCH_STATISTIC
, $(P_XT
)xt_statistic
))
122 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_MATCH_TCPMSS
, $(P_XT
)xt_tcpmss
))
124 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_TARGET_CLASSIFY
, $(P_XT
)xt_CLASSIFY
))
125 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_IP_NF_MATCH_DSCP
, $(P_V4
)ipt_dscp
))
126 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_IP_NF_TARGET_ECN
, $(P_V4
)ipt_ECN
))
128 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_MATCH_ECN
, $(P_XT
)xt_ecn
))
131 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_MATCH_DSCP
, xt_tos
)))
132 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_TARGET_DSCP
, xt_TOS
)))
133 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_MATCH_HL
, ipt_ttl
)))
134 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_TARGET_HL
, ipt_TTL
)))
136 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_MATCH_HL
, $(P_XT
)xt_hl
))
137 $(eval
$(call nf_add
,IPT_IPOPT
,CONFIG_NETFILTER_XT_TARGET_HL
, $(P_XT
)xt_HL
))
140 $(eval
$(call nf_add
,IPT_IPRANGE
,CONFIG_NETFILTER_XT_MATCH_IPRANGE
, $(P_XT
)xt_iprange
))
143 $(eval
$(call nf_add
,IPT_CLUSTERIP
,CONFIG_IP_NF_TARGET_CLUSTERIP
, $(P_V4
)ipt_CLUSTERIP
))
146 $(eval
$(call nf_add
,IPT_IPSEC
,CONFIG_IP_NF_MATCH_AH
, $(P_V4
)ipt_ah
))
147 $(eval
$(call nf_add
,IPT_IPSEC
,CONFIG_NETFILTER_XT_MATCH_ESP
, $(P_XT
)xt_esp
))
148 $(eval
$(call nf_add
,IPT_IPSEC
,CONFIG_NETFILTER_XT_MATCH_POLICY
, $(P_XT
)xt_policy
))
150 # flow offload support
151 $(eval
$(call nf_add
,IPT_FLOW
,CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
, $(P_XT
)xt_FLOWOFFLOAD
))
156 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_REJECT6
,CONFIG_NF_REJECT_IPV6
, $(P_V6
)nf_reject_ipv6
),))
158 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_IPT6
,CONFIG_IP6_NF_IPTABLES
, $(P_V6
)ip6_tables
),))
160 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_CONNTRACK
,CONFIG_NF_DEFRAG_IPV6
, $(P_V6
)nf_defrag_ipv6
, ge
4.19),))
161 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_CONNTRACK6
,CONFIG_NF_DEFRAG_IPV6
, $(P_V6
)nf_defrag_ipv6
, lt
4.19),))
162 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_CONNTRACK6
,CONFIG_NF_CONNTRACK_IPV6
, $(P_V6
)nf_conntrack_ipv6
),))
164 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_IPV6
,CONFIG_IP6_NF_FILTER
, $(P_V6
)ip6table_filter
),))
165 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_IPV6
,CONFIG_IP6_NF_MANGLE
, $(P_V6
)ip6table_mangle
),))
166 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_IPV6
,CONFIG_IP6_NF_QUEUE
, $(P_V6
)ip6_queue
),))
167 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_IPV6
,CONFIG_NF_LOG_IPV6
, $(P_V6
)nf_log_ipv6
),))
169 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_IPV6
,CONFIG_IP6_NF_IPTABLES
, ip6t_icmp6
)))
172 $(eval
$(call nf_add
,IPT_IPV6
,CONFIG_IP6_NF_TARGET_LOG
, $(P_V6
)ip6t_LOG
))
173 $(eval
$(call nf_add
,IPT_IPV6
,CONFIG_IP6_NF_TARGET_REJECT
, $(P_V6
)ip6t_REJECT
))
176 $(eval
$(call nf_add
,IPT_IPV6_EXTRA
,CONFIG_IP6_NF_MATCH_IPV6HEADER
, $(P_V6
)ip6t_ipv6header
))
177 $(eval
$(call nf_add
,IPT_IPV6_EXTRA
,CONFIG_IP6_NF_MATCH_AH
, $(P_V6
)ip6t_ah
))
178 $(eval
$(call nf_add
,IPT_IPV6_EXTRA
,CONFIG_IP6_NF_MATCH_MH
, $(P_V6
)ip6t_mh
))
179 $(eval
$(call nf_add
,IPT_IPV6_EXTRA
,CONFIG_IP6_NF_MATCH_EUI64
, $(P_V6
)ip6t_eui64
))
180 $(eval
$(call nf_add
,IPT_IPV6_EXTRA
,CONFIG_IP6_NF_MATCH_OPTS
, $(P_V6
)ip6t_hbh
))
181 $(eval
$(call nf_add
,IPT_IPV6_EXTRA
,CONFIG_IP6_NF_MATCH_FRAG
, $(P_V6
)ip6t_frag
))
182 $(eval
$(call nf_add
,IPT_IPV6_EXTRA
,CONFIG_IP6_NF_MATCH_RT
, $(P_V6
)ip6t_rt
))
187 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_NAT
,CONFIG_NF_NAT
, $(P_XT
)nf_nat
),))
188 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_NAT
,CONFIG_NF_NAT_REDIRECT
, $(P_XT
)nf_nat_redirect
, ge
3.19.0),))
189 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_NAT
,CONFIG_NF_NAT_IPV4
, $(P_V4
)nf_nat_ipv4
),))
190 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_NAT
,CONFIG_NF_NAT_MASQUERADE_IPV4
, $(P_V4
)nf_nat_masquerade_ipv4
, lt
4.18),))
192 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_NAT6
,CONFIG_NF_NAT_IPV6
, $(P_V6
)nf_nat_ipv6
),))
193 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NF_NAT6
,CONFIG_NF_NAT_MASQUERADE_IPV6
, $(P_V6
)nf_nat_masquerade_ipv6
, lt
4.18),))
195 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_NAT
,CONFIG_NETFILTER_XT_NAT
, $(P_XT
)xt_nat
),))
196 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_NAT
,CONFIG_IP_NF_NAT
, $(P_V4
)iptable_nat
),))
197 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_NAT6
,CONFIG_IP6_NF_NAT
, $(P_V6
)ip6table_nat
),))
198 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_NAT6
,CONFIG_IP6_NF_TARGET_MASQUERADE
, $(P_V6
)ip6t_MASQUERADE
),))
199 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_NAT6
,CONFIG_IP6_NF_TARGET_NPT
, $(P_V6
)ip6t_NPT
),))
202 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_NAT
,CONFIG_NF_NAT
, ipt_SNAT ipt_DNAT
)))
203 $(eval
$(if
$(NF_KMOD
),,$(call nf_add
,IPT_NAT6
,CONFIG_IP6_NF_TARGET_NPT
, ip6t_DNPT ip6t_SNPT
)))
205 $(eval
$(call nf_add
,IPT_NAT
,CONFIG_IP_NF_TARGET_MASQUERADE
, $(P_V4
)ipt_MASQUERADE
, lt
5.2))
206 $(eval
$(call nf_add
,IPT_NAT
,CONFIG_IP_NF_TARGET_MASQUERADE
, $(P_XT
)xt_MASQUERADE
, ge
5.2))
207 $(eval
$(call nf_add
,IPT_NAT
,CONFIG_IP_NF_TARGET_REDIRECT
, $(P_XT
)xt_REDIRECT
))
212 $(eval
$(call nf_add
,IPT_NAT_EXTRA
,CONFIG_IP_NF_TARGET_NETMAP
, $(P_XT
)xt_NETMAP
))
217 $(eval
$(call nf_add
,NF_NATHELPER
,CONFIG_NF_CONNTRACK_FTP
, $(P_XT
)nf_conntrack_ftp
))
218 $(eval
$(call nf_add
,NF_NATHELPER
,CONFIG_NF_NAT_FTP
, $(P_XT
)nf_nat_ftp
))
223 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CONNTRACK_BROADCAST
, $(P_XT
)nf_conntrack_broadcast
))
224 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CONNTRACK_AMANDA
, $(P_XT
)nf_conntrack_amanda
))
225 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_NAT_AMANDA
, $(P_XT
)nf_nat_amanda
))
226 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CT_PROTO_GRE
, $(P_XT
)nf_conntrack_proto_gre
))
227 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_NAT_PROTO_GRE
, $(P_V4
)nf_nat_proto_gre
))
228 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CONNTRACK_H323
, $(P_XT
)nf_conntrack_h323
))
229 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_NAT_H323
, $(P_V4
)nf_nat_h323
))
230 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CONNTRACK_PPTP
, $(P_XT
)nf_conntrack_pptp
))
231 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_NAT_PPTP
, $(P_V4
)nf_nat_pptp
))
232 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CONNTRACK_SIP
, $(P_XT
)nf_conntrack_sip
))
233 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_NAT_SIP
, $(P_XT
)nf_nat_sip
))
234 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CONNTRACK_SNMP
, $(P_XT
)nf_conntrack_snmp
))
235 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_NAT_SNMP_BASIC
, $(P_V4
)nf_nat_snmp_basic
))
236 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CONNTRACK_TFTP
, $(P_XT
)nf_conntrack_tftp
))
237 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_NAT_TFTP
, $(P_XT
)nf_nat_tftp
))
238 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_CONNTRACK_IRC
, $(P_XT
)nf_conntrack_irc
))
239 $(eval
$(call nf_add
,NF_NATHELPER_EXTRA
,CONFIG_NF_NAT_IRC
, $(P_XT
)nf_nat_irc
))
244 $(eval
$(call nf_add
,IPT_ULOG
,CONFIG_IP_NF_TARGET_ULOG
, $(P_V4
)ipt_ULOG
))
249 $(eval
$(call nf_add
,IPT_NFLOG
,CONFIG_NETFILTER_XT_TARGET_NFLOG
, $(P_XT
)xt_NFLOG
))
254 $(eval
$(call nf_add
,IPT_NFQUEUE
,CONFIG_NETFILTER_XT_TARGET_NFQUEUE
, $(P_XT
)xt_NFQUEUE
))
259 $(eval
$(call nf_add
,IPT_DEBUG
,CONFIG_NETFILTER_XT_TARGET_TRACE
, $(P_XT
)xt_TRACE
))
263 $(eval
$(call nf_add
,IPT_TPROXY
,CONFIG_NETFILTER_XT_MATCH_SOCKET
, $(P_XT
)xt_socket
))
264 $(eval
$(call nf_add
,IPT_TPROXY
,CONFIG_NF_SOCKET_IPV4
, $(P_V4
)nf_socket_ipv4
, ge
4.10))
265 $(eval
$(call nf_add
,IPT_TPROXY
,CONFIG_NF_SOCKET_IPV6
, $(P_V6
)nf_socket_ipv6
, ge
4.10))
266 $(eval
$(call nf_add
,IPT_TPROXY
,CONFIG_NETFILTER_XT_TARGET_TPROXY
, $(P_XT
)xt_TPROXY
))
267 $(eval
$(call nf_add
,IPT_TPROXY
,CONFIG_NF_TPROXY_IPV4
, $(P_V4
)nf_tproxy_ipv4
, ge
4.18))
268 $(eval
$(call nf_add
,IPT_TPROXY
,CONFIG_NF_TPROXY_IPV6
, $(P_V6
)nf_tproxy_ipv6
, ge
4.18))
271 $(eval
$(call nf_add
,IPT_LED
,CONFIG_NETFILTER_XT_TARGET_LED
, $(P_XT
)xt_LED
))
275 $(eval
$(call nf_add
,IPT_TEE
,CONFIG_NETFILTER_XT_TARGET_TEE
, $(P_XT
)xt_TEE
))
276 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_TEE
,CONFIG_NF_DUP_IPV4
, $(P_V4
)nf_dup_ipv4
, ge
4.3),))
277 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,IPT_TEE
,CONFIG_NF_DUP_IPV6
, $(P_V6
)nf_dup_ipv6
, ge
4.3),))
281 $(eval
$(call nf_add
,IPT_U32
,CONFIG_NETFILTER_XT_MATCH_U32
, $(P_XT
)xt_u32
))
285 $(eval
$(call nf_add
,IPT_CHECKSUM
,CONFIG_NETFILTER_XT_TARGET_CHECKSUM
, $(P_XT
)xt_CHECKSUM
))
290 $(eval
$(call nf_add
,NFNETLINK
,CONFIG_NETFILTER_NETLINK
, $(P_XT
)nfnetlink
))
294 $(eval
$(call nf_add
,NFNETLINK_LOG
,CONFIG_NETFILTER_NETLINK_LOG
, $(P_XT
)nfnetlink_log
))
298 $(eval
$(call nf_add
,NFNETLINK_QUEUE
,CONFIG_NETFILTER_NETLINK_QUEUE
, $(P_XT
)nfnetlink_queue
))
304 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_NF_EBTABLES
, $(P_EBT
)ebtables
),))
307 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_BROUTE
, $(P_EBT
)ebtable_broute
))
308 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_T_FILTER
, $(P_EBT
)ebtable_filter
))
309 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_T_NAT
, $(P_EBT
)ebtable_nat
))
312 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_802_3
, $(P_EBT
)ebt_802_3
))
313 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_AMONG
, $(P_EBT
)ebt_among
))
314 $(eval
$(call nf_add
,EBTABLES_IP4
,CONFIG_BRIDGE_EBT_ARP
, $(P_EBT
)ebt_arp
))
315 $(eval
$(call nf_add
,EBTABLES_IP4
,CONFIG_BRIDGE_EBT_IP
, $(P_EBT
)ebt_ip
))
316 $(eval
$(call nf_add
,EBTABLES_IP6
,CONFIG_BRIDGE_EBT_IP6
, $(P_EBT
)ebt_ip6
))
317 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_LIMIT
, $(P_EBT
)ebt_limit
))
318 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_MARK
, $(P_EBT
)ebt_mark_m
))
319 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_PKTTYPE
, $(P_EBT
)ebt_pkttype
))
320 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_STP
, $(P_EBT
)ebt_stp
))
321 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_VLAN
, $(P_EBT
)ebt_vlan
))
324 $(eval
$(call nf_add
,EBTABLES_IP4
,CONFIG_BRIDGE_EBT_ARPREPLY
, $(P_EBT
)ebt_arpreply
))
325 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_MARK_T
, $(P_EBT
)ebt_mark
))
326 $(eval
$(call nf_add
,EBTABLES_IP4
,CONFIG_BRIDGE_EBT_DNAT
, $(P_EBT
)ebt_dnat
))
327 $(eval
$(call nf_add
,EBTABLES
,CONFIG_BRIDGE_EBT_REDIRECT
, $(P_EBT
)ebt_redirect
))
328 $(eval
$(call nf_add
,EBTABLES_IP4
,CONFIG_BRIDGE_EBT_SNAT
, $(P_EBT
)ebt_snat
))
331 $(eval
$(call nf_add
,EBTABLES_WATCHERS
,CONFIG_BRIDGE_EBT_LOG
, $(P_EBT
)ebt_log
))
332 $(eval
$(call nf_add
,EBTABLES_WATCHERS
,CONFIG_BRIDGE_EBT_ULOG
, $(P_EBT
)ebt_ulog
))
333 $(eval
$(call nf_add
,EBTABLES_WATCHERS
,CONFIG_BRIDGE_EBT_NFLOG
, $(P_EBT
)ebt_nflog
))
334 $(eval
$(call nf_add
,EBTABLES_WATCHERS
,CONFIG_BRIDGE_EBT_NFQUEUE
, $(P_EBT
)ebt_nfqueue
))
337 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NF_TABLES
, $(P_XT
)nf_tables
),))
338 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NF_TABLES_INET
, $(P_XT
)nf_tables_inet
, lt
4.17),))
339 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_EXTHDR
, $(P_XT
)nft_exthdr
),))
340 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_META
, $(P_XT
)nft_meta
),))
341 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_NUMGEN
, $(P_XT
)nft_numgen
, ge
4.9.0),))
342 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_CT
, $(P_XT
)nft_ct
),))
343 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_SET_RBTREE
, $(P_XT
)nft_set_rbtree
, ge
4.9.0),))
344 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_RBTREE
, $(P_XT
)nft_rbtree
, lt
4.9.0),))
345 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_SET_HASH
, $(P_XT
)nft_set_hash
, ge
4.9.0),))
346 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_HASH
, $(P_XT
)nft_hash
, lt
4.9.0),))
347 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_COUNTER
, $(P_XT
)nft_counter
),))
348 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_LOG
, $(P_XT
)nft_log
),))
349 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_LIMIT
, $(P_XT
)nft_limit
),))
350 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_REJECT
, $(P_XT
)nft_reject
$(P_V4
)nft_reject_ipv4
$(P_V6
)nft_reject_ipv6
),))
351 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_REJECT_INET
, $(P_XT
)nft_reject_inet
),))
352 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NF_TABLES_IPV4
, $(P_V4
)nf_tables_ipv4
, lt
4.17),))
353 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_CHAIN_ROUTE_IPV4
, $(P_V4
)nft_chain_route_ipv4
),))
354 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NF_TABLES_IPV6
, $(P_V6
)nf_tables_ipv6
, lt
4.17),))
355 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_CHAIN_ROUTE_IPV6
, $(P_V6
)nft_chain_route_ipv6
),))
356 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_REDIR
, $(P_XT
)nft_redir
, ge
3.19.0),))
357 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_CORE
,CONFIG_NFT_QUOTA
, $(P_XT
)nft_quota
, ge
4.9.0),))
359 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_ARP
,CONFIG_NF_TABLES_ARP
, $(P_V4
)nf_tables_arp
, lt
4.17),))
361 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_BRIDGE
,CONFIG_NF_TABLES_BRIDGE
, $(P_EBT
)nf_tables_bridge
, lt
4.17),))
362 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_BRIDGE
,CONFIG_NFT_BRIDGE_META
, $(P_EBT
)nft_meta_bridge
),))
363 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_BRIDGE
,CONFIG_NFT_BRIDGE_REJECT
, $(P_EBT
)nft_reject_bridge
),))
365 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_NAT
,CONFIG_NFT_NAT
, $(P_XT
)nft_nat
),))
366 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_NAT
,CONFIG_NFT_CHAIN_NAT_IPV4
, $(P_V4
)nft_chain_nat_ipv4
),))
367 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_NAT
,CONFIG_NFT_REDIR_IPV4
, $(P_V4
)nft_redir_ipv4
, ge
3.19.0),))
368 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_NAT
,CONFIG_NFT_MASQ
, $(P_XT
)nft_masq
),))
369 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_NAT
,CONFIG_NFT_MASQ_IPV4
, $(P_V4
)nft_masq_ipv4
),))
371 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_NAT6
,CONFIG_NFT_REDIR_IPV6
, $(P_V6
)nft_redir_ipv6
, ge
3.19.0),))
372 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_NAT6
,CONFIG_NFT_CHAIN_NAT_IPV6
, $(P_V6
)nft_chain_nat_ipv6
),))
373 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_NAT6
,CONFIG_NFT_MASQ_IPV6
, $(P_V6
)nft_masq_ipv6
),))
375 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_FIB
,CONFIG_NFT_FIB
, $(P_XT
)nft_fib
),))
376 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_FIB
,CONFIG_NFT_FIB_INET
, $(P_XT
)nft_fib_inet
),))
377 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_FIB
,CONFIG_NFT_FIB_IPV4
, $(P_V4
)nft_fib_ipv4
),))
378 $(eval
$(if
$(NF_KMOD
),$(call nf_add
,NFT_FIB
,CONFIG_NFT_FIB_IPV6
, $(P_V6
)nft_fib_ipv6
),))
382 IPT_BUILTIN
+= $(NF_IPT-y
) $(NF_IPT-m
)
383 IPT_BUILTIN
+= $(IPT_CORE-y
) $(IPT_CORE-m
)
384 IPT_BUILTIN
+= $(NF_CONNTRACK-y
)
385 IPT_BUILTIN
+= $(NF_CONNTRACK6-y
)
386 IPT_BUILTIN
+= $(IPT_CONNTRACK-y
)
387 IPT_BUILTIN
+= $(IPT_CONNTRACK_EXTRA-y
)
388 IPT_BUILTIN
+= $(IPT_EXTRA-y
)
389 IPT_BUILTIN
+= $(IPT_PHYSDEV-y
)
390 IPT_BUILTIN
+= $(IPT_FILTER-y
)
391 IPT_BUILTIN
+= $(IPT_FLOW-y
) $(IPT_FLOW-m
)
392 IPT_BUILTIN
+= $(IPT_IPOPT-y
)
393 IPT_BUILTIN
+= $(IPT_IPRANGE-y
)
394 IPT_BUILTIN
+= $(IPT_CLUSTER-y
)
395 IPT_BUILTIN
+= $(IPT_CLUSTERIP-y
)
396 IPT_BUILTIN
+= $(IPT_IPSEC-y
)
397 IPT_BUILTIN
+= $(IPT_IPV6-y
) $(IPT_IPV6-m
)
398 IPT_BUILTIN
+= $(NF_NAT-y
)
399 IPT_BUILTIN
+= $(NF_NAT6-y
)
400 IPT_BUILTIN
+= $(IPT_NAT-y
)
401 IPT_BUILTIN
+= $(IPT_NAT6-y
)
402 IPT_BUILTIN
+= $(IPT_NAT_EXTRA-y
)
403 IPT_BUILTIN
+= $(NF_NATHELPER-y
)
404 IPT_BUILTIN
+= $(NF_NATHELPER_EXTRA-y
)
405 IPT_BUILTIN
+= $(IPT_ULOG-y
)
406 IPT_BUILTIN
+= $(IPT_TPROXY-y
)
407 IPT_BUILTIN
+= $(NFNETLINK-y
)
408 IPT_BUILTIN
+= $(NFNETLINK_LOG-y
)
409 IPT_BUILTIN
+= $(NFNETLINK_QUEUE-y
)
410 IPT_BUILTIN
+= $(EBTABLES-y
)
411 IPT_BUILTIN
+= $(EBTABLES_IP4-y
)
412 IPT_BUILTIN
+= $(EBTABLES_IP6-y
)
413 IPT_BUILTIN
+= $(EBTABLES_WATCHERS-y
)
415 endif # __inc_netfilter