3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-ipt
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
25 $(eval
$(call KernelPackage
,nf-ipt
))
28 define KernelPackage
/nf-ipt6
31 KCONFIG
:=$(KCONFIG_NF_IPT6
)
32 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
33 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
34 DEPENDS
:=+kmod-nf-ipt
+kmod-nf-conntrack6
37 $(eval
$(call KernelPackage
,nf-ipt6
))
41 define KernelPackage
/ipt-core
44 KCONFIG
:=$(KCONFIG_IPT_CORE
)
45 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
46 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
50 define KernelPackage
/ipt-core
/description
51 Netfilter core kernel modules
62 $(eval
$(call KernelPackage
,ipt-core
))
65 define KernelPackage
/nf-conntrack
67 TITLE
:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED
=y \
71 CONFIG_NF_CONNTRACK_ZONES
=y \
72 $(KCONFIG_NF_CONNTRACK
)
73 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
74 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
77 $(eval
$(call KernelPackage
,nf-conntrack
))
80 define KernelPackage
/nf-conntrack6
82 TITLE
:=Netfilter IPv6 connection tracking
83 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
84 DEPENDS
:=@IPV6
+kmod-nf-conntrack
85 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
86 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
89 $(eval
$(call KernelPackage
,nf-conntrack6
))
92 define KernelPackage
/nf-nat
95 KCONFIG
:=$(KCONFIG_NF_NAT
)
96 DEPENDS
:=+kmod-nf-conntrack
+kmod-nf-ipt
97 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
98 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
101 $(eval
$(call KernelPackage
,nf-nat
))
104 define KernelPackage
/nf-nat6
106 TITLE
:=Netfilter IPV6-NAT
107 KCONFIG
:=$(KCONFIG_NF_NAT6
)
108 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-ipt6
+kmod-nf-nat
109 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
110 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
113 $(eval
$(call KernelPackage
,nf-nat6
))
116 define AddDepends
/ipt
118 DEPENDS
+= +kmod-ipt-core
$(1)
122 define KernelPackage
/ipt-conntrack
123 TITLE
:=Basic connection tracking modules
124 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
125 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
126 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
127 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
130 define KernelPackage
/ipt-conntrack
/description
131 Netfilter
(IPv4
) kernel modules for connection tracking
140 $(eval
$(call KernelPackage
,ipt-conntrack
))
143 define KernelPackage
/ipt-conntrack-extra
144 TITLE
:=Extra connection tracking modules
145 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
146 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
147 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
148 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
151 define KernelPackage
/ipt-conntrack-extra
/description
152 Netfilter
(IPv4
) extra kernel modules for connection tracking
161 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
164 define KernelPackage
/ipt-filter
165 TITLE
:=Modules for packet content inspection
166 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
167 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
168 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
169 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
172 define KernelPackage
/ipt-filter
/description
173 Netfilter
(IPv4
) kernel modules for packet content inspection
178 $(eval
$(call KernelPackage
,ipt-filter
))
181 define KernelPackage
/ipt-ipopt
182 TITLE
:=Modules for matching
/changing IP packet options
183 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
184 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
185 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
186 $(call AddDepends
/ipt
)
189 define KernelPackage
/ipt-ipopt
/description
190 Netfilter
(IPv4
) modules for matching
/changing IP packet options
205 $(eval
$(call KernelPackage
,ipt-ipopt
))
208 define KernelPackage
/ipt-ipsec
209 TITLE
:=Modules for matching IPSec packets
210 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
211 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
212 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
213 $(call AddDepends
/ipt
)
216 define KernelPackage
/ipt-ipsec
/description
217 Netfilter
(IPv4
) modules for matching IPSec packets
224 $(eval
$(call KernelPackage
,ipt-ipsec
))
228 ipset
/ip_set_bitmap_ip \
229 ipset
/ip_set_bitmap_ipmac \
230 ipset
/ip_set_bitmap_port \
231 ipset
/ip_set_hash_ip \
232 ipset
/ip_set_hash_ipmark \
233 ipset
/ip_set_hash_ipport \
234 ipset
/ip_set_hash_ipportip \
235 ipset
/ip_set_hash_ipportnet \
236 ipset
/ip_set_hash_mac \
237 ipset
/ip_set_hash_netportnet \
238 ipset
/ip_set_hash_net \
239 ipset
/ip_set_hash_netnet \
240 ipset
/ip_set_hash_netport \
241 ipset
/ip_set_hash_netiface \
242 ipset
/ip_set_list_set \
245 define KernelPackage
/ipt-ipset
246 SUBMENU
:=Netfilter Extensions
247 TITLE
:=IPset netfilter modules
248 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
251 CONFIG_IP_SET_MAX
=256 \
252 CONFIG_NETFILTER_XT_SET \
253 CONFIG_IP_SET_BITMAP_IP \
254 CONFIG_IP_SET_BITMAP_IPMAC \
255 CONFIG_IP_SET_BITMAP_PORT \
256 CONFIG_IP_SET_HASH_IP \
257 CONFIG_IP_SET_HASH_IPMARK \
258 CONFIG_IP_SET_HASH_IPPORT \
259 CONFIG_IP_SET_HASH_IPPORTIP \
260 CONFIG_IP_SET_HASH_IPPORTNET \
261 CONFIG_IP_SET_HASH_MAC \
262 CONFIG_IP_SET_HASH_NET \
263 CONFIG_IP_SET_HASH_NETNET \
264 CONFIG_IP_SET_HASH_NETIFACE \
265 CONFIG_IP_SET_HASH_NETPORT \
266 CONFIG_IP_SET_HASH_NETPORTNET \
267 CONFIG_IP_SET_LIST_SET \
268 CONFIG_NET_EMATCH_IPSET
=n
269 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
270 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
272 $(eval
$(call KernelPackage
,ipt-ipset
))
275 define KernelPackage
/ipt-nat
276 TITLE
:=Basic NAT targets
277 KCONFIG
:=$(KCONFIG_IPT_NAT
)
278 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
279 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
280 $(call AddDepends
/ipt
,+kmod-nf-nat
)
283 define KernelPackage
/ipt-nat
/description
284 Netfilter
(IPv4
) kernel modules for basic NAT targets
289 $(eval
$(call KernelPackage
,ipt-nat
))
292 define KernelPackage
/ipt-raw
293 TITLE
:=Netfilter IPv4 raw table support
294 KCONFIG
:=CONFIG_IP_NF_RAW
295 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/iptable_raw.ko
296 AUTOLOAD
:=$(call AutoProbe
,iptable_raw
)
297 $(call AddDepends
/ipt
)
300 $(eval
$(call KernelPackage
,ipt-raw
))
303 define KernelPackage
/ipt-raw6
304 TITLE
:=Netfilter IPv6 raw table support
305 KCONFIG
:=CONFIG_IP6_NF_RAW
306 FILES
:=$(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6table_raw.ko
307 AUTOLOAD
:=$(call AutoProbe
,ip6table_raw
)
308 $(call AddDepends
/ipt
,+kmod-ip6tables
)
311 $(eval
$(call KernelPackage
,ipt-raw6
))
314 define KernelPackage
/ipt-nat6
315 TITLE
:=IPv6 NAT targets
316 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
317 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
318 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
319 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
320 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
321 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
322 $(call AddDepends
/ipt
,+kmod-ip6tables
)
325 define KernelPackage
/ipt-nat6
/description
326 Netfilter
(IPv6
) kernel modules for NAT targets
329 $(eval
$(call KernelPackage
,ipt-nat6
))
332 define KernelPackage
/ipt-nat-extra
333 TITLE
:=Extra NAT targets
334 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
335 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
336 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
337 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
340 define KernelPackage
/ipt-nat-extra
/description
341 Netfilter
(IPv4
) kernel modules for extra NAT targets
347 $(eval
$(call KernelPackage
,ipt-nat-extra
))
350 define KernelPackage
/nf-nathelper
352 TITLE
:=Basic Conntrack and NAT helpers
353 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
354 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
355 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
356 DEPENDS
:=+kmod-nf-nat
359 define KernelPackage
/nf-nathelper
/description
360 Default Netfilter
(IPv4
) Conntrack and NAT helpers
365 $(eval
$(call KernelPackage
,nf-nathelper
))
368 define KernelPackage
/nf-nathelper-extra
370 TITLE
:=Extra Conntrack and NAT helpers
371 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
372 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
373 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
374 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
377 define KernelPackage
/nf-nathelper-extra
/description
378 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
392 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
395 define KernelPackage
/ipt-ulog
396 TITLE
:=Module for user-space packet logging
397 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
398 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
399 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
400 $(call AddDepends
/ipt
)
403 define KernelPackage
/ipt-ulog
/description
404 Netfilter
(IPv4
) module for user-space packet logging
409 $(eval
$(call KernelPackage
,ipt-ulog
))
412 define KernelPackage
/ipt-nflog
413 TITLE
:=Module for user-space packet logging
414 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
415 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
416 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
417 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
420 define KernelPackage
/ipt-nflog
/description
421 Netfilter module for user-space packet logging
426 $(eval
$(call KernelPackage
,ipt-nflog
))
429 define KernelPackage
/ipt-nfqueue
430 TITLE
:=Module for user-space packet queuing
431 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
432 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
433 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
434 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
437 define KernelPackage
/ipt-nfqueue
/description
438 Netfilter module for user-space packet queuing
443 $(eval
$(call KernelPackage
,ipt-nfqueue
))
446 define KernelPackage
/ipt-debug
447 TITLE
:=Module for debugging
/development
448 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
450 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
451 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
452 $(call AddDepends
/ipt
)
455 define KernelPackage
/ipt-debug
/description
456 Netfilter modules for debugging
/development of the firewall
461 $(eval
$(call KernelPackage
,ipt-debug
))
464 define KernelPackage
/ipt-led
465 TITLE
:=Module to trigger a LED with a Netfilter rule
466 KCONFIG
:=$(KCONFIG_IPT_LED
)
467 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
468 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
469 $(call AddDepends
/ipt
)
472 define KernelPackage
/ipt-led
/description
473 Netfilter target to trigger a LED when a network packet is matched.
476 $(eval
$(call KernelPackage
,ipt-led
))
478 define KernelPackage
/ipt-tproxy
479 TITLE
:=Transparent proxying support
480 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-ip6tables
482 CONFIG_NETFILTER_XT_MATCH_SOCKET \
483 CONFIG_NETFILTER_XT_TARGET_TPROXY
485 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
486 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_TPROXY-m
)))
487 $(call AddDepends
/ipt
)
490 define KernelPackage
/ipt-tproxy
/description
491 Kernel modules for Transparent Proxying
494 $(eval
$(call KernelPackage
,ipt-tproxy
))
496 define KernelPackage
/ipt-tee
498 DEPENDS
:=+kmod-ipt-conntrack
500 CONFIG_NETFILTER_XT_TARGET_TEE
502 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
503 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
504 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
505 $(call AddDepends
/ipt
)
508 define KernelPackage
/ipt-tee
/description
509 Kernel modules for TEE
512 $(eval
$(call KernelPackage
,ipt-tee
))
515 define KernelPackage
/ipt-u32
518 CONFIG_NETFILTER_XT_MATCH_U32
520 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
521 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
522 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
523 $(call AddDepends
/ipt
)
526 define KernelPackage
/ipt-u32
/description
527 Kernel modules for U32
530 $(eval
$(call KernelPackage
,ipt-u32
))
532 define KernelPackage
/ipt-checksum
533 TITLE
:=CHECKSUM support
535 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
537 $(LINUX_DIR
)/net
/netfilter
/xt_CHECKSUM.ko \
538 $(foreach mod
,$(IPT_CHECKSUM-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
539 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CHECKSUM-m
)))
540 $(call AddDepends
/ipt
)
543 define KernelPackage
/ipt-checksum
/description
544 Kernel modules for CHECKSUM fillin target
547 $(eval
$(call KernelPackage
,ipt-checksum
))
550 define KernelPackage
/ipt-iprange
551 TITLE
:=Module for matching ip ranges
552 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
553 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
554 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
555 $(call AddDepends
/ipt
)
558 define KernelPackage
/ipt-iprange
/description
559 Netfilter
(IPv4
) module for matching ip ranges
564 $(eval
$(call KernelPackage
,ipt-iprange
))
566 define KernelPackage
/ipt-cluster
567 TITLE
:=Module for matching cluster
568 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
569 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
570 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
571 $(call AddDepends
/ipt
)
574 define KernelPackage
/ipt-cluster
/description
575 Netfilter
(IPv4
/IPv6
) module for matching cluster
576 This option allows you to build work-load-sharing clusters of
577 network servers
/stateful firewalls without having a dedicated
578 load-balancing router
/server
/switch. Basically
, this match returns
579 true when the packet must be handled by this cluster node. Thus
,
580 all nodes see
all packets and this match decides which node handles
581 what packets. The work-load sharing algorithm is based on source
584 This module is usable for ipv4 and ipv6.
586 To use it also enable iptables-mod-cluster
588 see
`iptables -m cluster --help` for more information.
591 $(eval
$(call KernelPackage
,ipt-cluster
))
593 define KernelPackage
/ipt-clusterip
594 TITLE
:=Module for CLUSTERIP
595 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
596 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
597 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
598 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
601 define KernelPackage
/ipt-clusterip
/description
602 Netfilter
(IPv4-only
) module for CLUSTERIP
603 The CLUSTERIP target allows you to build load-balancing clusters of
604 network servers without having a dedicated load-balancing
605 router
/server
/switch.
607 To use it also enable iptables-mod-clusterip
609 see
`iptables -j CLUSTERIP --help` for more information.
612 $(eval
$(call KernelPackage
,ipt-clusterip
))
615 define KernelPackage
/ipt-extra
617 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
618 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
619 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
620 $(call AddDepends
/ipt
,+kmod-br-netfilter
)
623 define KernelPackage
/ipt-extra
/description
624 Other Netfilter
(IPv4
) kernel modules
628 - physdev
(if bridge support was enabled in kernel
)
633 $(eval
$(call KernelPackage
,ipt-extra
))
636 define KernelPackage
/ip6tables
639 DEPENDS
:=+kmod-nf-ipt6
+kmod-ipt-core
+kmod-ipt-conntrack
640 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
641 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
642 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
645 define KernelPackage
/ip6tables
/description
646 Netfilter IPv6 firewalling support
649 $(eval
$(call KernelPackage
,ip6tables
))
651 define KernelPackage
/ip6tables-extra
653 TITLE
:=Extra IPv6 modules
654 DEPENDS
:=+kmod-ip6tables
655 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
656 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
657 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
660 define KernelPackage
/ip6tables-extra
/description
661 Netfilter IPv6 extra header matching modules
664 $(eval
$(call KernelPackage
,ip6tables-extra
))
666 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
667 define KernelPackage
/arptables
669 TITLE
:=ARP firewalling modules
670 DEPENDS
:=+kmod-ipt-core
671 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
672 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
673 CONFIG_IP_NF_ARPFILTER \
674 CONFIG_IP_NF_ARP_MANGLE
675 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
678 define KernelPackage
/arptables
/description
679 Kernel modules for ARP firewalling
682 $(eval
$(call KernelPackage
,arptables
))
685 define KernelPackage
/br-netfilter
687 TITLE
:=Bridge netfilter support modules
689 DEPENDS
:=+kmod-ipt-core
690 FILES
:=$(LINUX_DIR
)/net
/bridge
/br_netfilter.ko
691 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
692 AUTOLOAD
:=$(call AutoProbe
,br_netfilter
)
695 $(eval
$(call KernelPackage
,br-netfilter
))
698 define KernelPackage
/ebtables
700 TITLE
:=Bridge firewalling modules
701 DEPENDS
:=+kmod-ipt-core
+kmod-br-netfilter
702 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
703 KCONFIG
:=$(KCONFIG_EBTABLES
)
704 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
707 define KernelPackage
/ebtables
/description
708 ebtables is a general
, extensible frame
/packet identification
709 framework. It provides you to do Ethernet
710 filtering
/NAT
/brouting on the Ethernet bridge.
713 $(eval
$(call KernelPackage
,ebtables
))
716 define AddDepends
/ebtables
718 DEPENDS
+=kmod-ebtables
$(1)
722 define KernelPackage
/ebtables-ipv4
723 TITLE
:=ebtables
: IPv4 support
724 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
725 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
726 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
727 $(call AddDepends
/ebtables
)
730 define KernelPackage
/ebtables-ipv4
/description
731 This option adds the IPv4 support to ebtables
, which allows basic
732 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
735 $(eval
$(call KernelPackage
,ebtables-ipv4
))
738 define KernelPackage
/ebtables-ipv6
739 TITLE
:=ebtables
: IPv6 support
740 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
741 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
742 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
743 $(call AddDepends
/ebtables
)
746 define KernelPackage
/ebtables-ipv6
/description
747 This option adds the IPv6 support to ebtables
, which allows basic
748 IPv6 header field filtering and target support.
751 $(eval
$(call KernelPackage
,ebtables-ipv6
))
754 define KernelPackage
/ebtables-watchers
755 TITLE
:=ebtables
: watchers support
756 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
757 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
758 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
759 $(call AddDepends
/ebtables
)
762 define KernelPackage
/ebtables-watchers
/description
763 This option adds the log watchers
, that you can use in any rule
764 in any ebtables table.
767 $(eval
$(call KernelPackage
,ebtables-watchers
))
770 define KernelPackage
/nfnetlink
772 TITLE
:=Netlink-based userspace interface
773 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
774 KCONFIG
:=$(KCONFIG_NFNETLINK
)
775 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
778 define KernelPackage
/nfnetlink
/description
779 Kernel modules support for a netlink-based userspace interface
782 $(eval
$(call KernelPackage
,nfnetlink
))
785 define AddDepends
/nfnetlink
787 DEPENDS
+=+kmod-nfnetlink
$(1)
791 define KernelPackage
/nfnetlink-log
792 TITLE
:=Netfilter LOG over NFNETLINK interface
793 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
794 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
795 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
796 $(call AddDepends
/nfnetlink
)
799 define KernelPackage
/nfnetlink-log
/description
800 Kernel modules support for logging packets via NFNETLINK
805 $(eval
$(call KernelPackage
,nfnetlink-log
))
808 define KernelPackage
/nfnetlink-queue
809 TITLE
:=Netfilter QUEUE over NFNETLINK interface
810 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
811 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
812 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
813 $(call AddDepends
/nfnetlink
)
816 define KernelPackage
/nfnetlink-queue
/description
817 Kernel modules support for queueing packets via NFNETLINK
822 $(eval
$(call KernelPackage
,nfnetlink-queue
))
825 define KernelPackage
/nf-conntrack-netlink
826 TITLE
:=Connection tracking netlink interface
827 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
828 KCONFIG
:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS
=y
829 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
830 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
833 define KernelPackage
/nf-conntrack-netlink
/description
834 Kernel modules support for a netlink-based connection tracking
838 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
840 define KernelPackage
/ipt-hashlimit
842 TITLE
:=Netfilter hashlimit match
843 DEPENDS
:=+kmod-ipt-core
844 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
845 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
846 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
847 $(call KernelPackage
/ipt
)
850 define KernelPackage
/ipt-hashlimit
/description
851 Kernel modules support for the hashlimit bucket match module
854 $(eval
$(call KernelPackage
,ipt-hashlimit
))
856 define KernelPackage
/ipt-rpfilter
858 TITLE
:=Netfilter rpfilter match
859 DEPENDS
:=+kmod-ipt-core
860 KCONFIG
:=$(KCONFIG_IPT_RPFILTER
)
862 $(LINUX_DIR
)/net
/ipv4
/netfilter
/ipt_rpfilter.ko \
863 $(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6t_rpfilter.ko
)
864 AUTOLOAD
:=$(call AutoProbe
,ipt_rpfilter ip6t_rpfilter
)
865 $(call KernelPackage
/ipt
)
868 define KernelPackage
/ipt-rpfilter
/description
869 Kernel modules support for the Netfilter rpfilter match
872 $(eval
$(call KernelPackage
,ipt-rpfilter
))
875 define KernelPackage
/nft-core
877 TITLE
:=Netfilter nf_tables support
878 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-conntrack6
+kmod-nf-ipt
+kmod-nf-ipt6
879 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
880 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
883 CONFIG_NETFILTER_ADVANCED
=y \
884 CONFIG_NFT_COMPAT
=n \
886 CONFIG_NF_TABLES_ARP
=n \
887 CONFIG_NF_TABLES_BRIDGE
=n \
891 define KernelPackage
/nft-core
/description
892 Kernel module support for nftables
895 $(eval
$(call KernelPackage
,nft-core
))
898 define KernelPackage
/nft-nat
900 TITLE
:=Netfilter nf_tables NAT support
901 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
+kmod-nf-nat6
902 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
903 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
904 KCONFIG
:=$(KCONFIG_NFT_NAT
)
907 $(eval
$(call KernelPackage
,nft-nat
))
910 define KernelPackage
/nft-nat6
912 TITLE
:=Netfilter nf_tables IPv6-NAT support
913 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat6
914 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
915 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
916 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
919 $(eval
$(call KernelPackage
,nft-nat6
))