3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-ipt
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
25 $(eval
$(call KernelPackage
,nf-ipt
))
28 define KernelPackage
/nf-ipt6
31 KCONFIG
:=$(KCONFIG_NF_IPT6
)
32 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
33 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
34 DEPENDS
:=+kmod-nf-ipt
+kmod-nf-conntrack6
37 $(eval
$(call KernelPackage
,nf-ipt6
))
41 define KernelPackage
/ipt-core
44 KCONFIG
:=$(KCONFIG_IPT_CORE
)
45 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
46 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
50 define KernelPackage
/ipt-core
/description
51 Netfilter core kernel modules
62 $(eval
$(call KernelPackage
,ipt-core
))
65 define KernelPackage
/nf-conntrack
67 TITLE
:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED
=y \
71 $(KCONFIG_NF_CONNTRACK
)
72 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
73 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
76 $(eval
$(call KernelPackage
,nf-conntrack
))
79 define KernelPackage
/nf-conntrack6
81 TITLE
:=Netfilter IPv6 connection tracking
82 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
83 DEPENDS
:=+kmod-ipv6
+kmod-nf-conntrack
84 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
85 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
88 $(eval
$(call KernelPackage
,nf-conntrack6
))
91 define KernelPackage
/nf-nat
94 KCONFIG
:=$(KCONFIG_NF_NAT
)
95 DEPENDS
:=+kmod-nf-conntrack
+kmod-nf-ipt
96 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
97 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
100 $(eval
$(call KernelPackage
,nf-nat
))
103 define KernelPackage
/nf-nat6
105 TITLE
:=Netfilter IPV6-NAT
106 KCONFIG
:=$(KCONFIG_NF_NAT6
)
107 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-ipt6
+kmod-nf-nat
108 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
109 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
112 $(eval
$(call KernelPackage
,nf-nat6
))
115 define AddDepends
/ipt
117 DEPENDS
+= +kmod-ipt-core
$(1)
121 define KernelPackage
/ipt-conntrack
122 TITLE
:=Basic connection tracking modules
123 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
124 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
125 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
126 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
129 define KernelPackage
/ipt-conntrack
/description
130 Netfilter
(IPv4
) kernel modules for connection tracking
139 $(eval
$(call KernelPackage
,ipt-conntrack
))
142 define KernelPackage
/ipt-conntrack-extra
143 TITLE
:=Extra connection tracking modules
144 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
145 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
146 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
147 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
150 define KernelPackage
/ipt-conntrack-extra
/description
151 Netfilter
(IPv4
) extra kernel modules for connection tracking
160 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
163 define KernelPackage
/ipt-filter
164 TITLE
:=Modules for packet content inspection
165 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
166 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
167 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
168 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
171 define KernelPackage
/ipt-filter
/description
172 Netfilter
(IPv4
) kernel modules for packet content inspection
178 $(eval
$(call KernelPackage
,ipt-filter
))
181 define KernelPackage
/ipt-ipopt
182 TITLE
:=Modules for matching
/changing IP packet options
183 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
184 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
185 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
186 $(call AddDepends
/ipt
)
189 define KernelPackage
/ipt-ipopt
/description
190 Netfilter
(IPv4
) modules for matching
/changing IP packet options
205 $(eval
$(call KernelPackage
,ipt-ipopt
))
208 define KernelPackage
/ipt-ipsec
209 TITLE
:=Modules for matching IPSec packets
210 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
211 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
212 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
213 $(call AddDepends
/ipt
)
216 define KernelPackage
/ipt-ipsec
/description
217 Netfilter
(IPv4
) modules for matching IPSec packets
224 $(eval
$(call KernelPackage
,ipt-ipsec
))
227 define KernelPackage
/ipt-nat
228 TITLE
:=Basic NAT targets
229 KCONFIG
:=$(KCONFIG_IPT_NAT
)
230 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
231 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
232 $(call AddDepends
/ipt
,+kmod-nf-nat
)
235 define KernelPackage
/ipt-nat
/description
236 Netfilter
(IPv4
) kernel modules for basic NAT targets
241 $(eval
$(call KernelPackage
,ipt-nat
))
244 define KernelPackage
/ipt-nat6
245 TITLE
:=IPv6 NAT targets
246 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
247 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
248 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
249 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
250 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
251 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
252 $(call AddDepends
/ipt
,+kmod-ip6tables
)
255 define KernelPackage
/ipt-nat6
/description
256 Netfilter
(IPv6
) kernel modules for NAT targets
259 $(eval
$(call KernelPackage
,ipt-nat6
))
262 define KernelPackage
/ipt-nat-extra
263 TITLE
:=Extra NAT targets
264 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
265 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
266 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
267 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
270 define KernelPackage
/ipt-nat-extra
/description
271 Netfilter
(IPv4
) kernel modules for extra NAT targets
277 $(eval
$(call KernelPackage
,ipt-nat-extra
))
280 define KernelPackage
/nf-nathelper
282 TITLE
:=Basic Conntrack and NAT helpers
283 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
284 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
285 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
286 DEPENDS
:=+kmod-nf-nat
289 define KernelPackage
/nf-nathelper
/description
290 Default Netfilter
(IPv4
) Conntrack and NAT helpers
297 $(eval
$(call KernelPackage
,nf-nathelper
))
300 define KernelPackage
/nf-nathelper-extra
302 TITLE
:=Extra Conntrack and NAT helpers
303 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
304 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
305 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
306 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
309 define KernelPackage
/nf-nathelper-extra
/description
310 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
322 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
325 define KernelPackage
/ipt-queue
326 TITLE
:=Module for user-space packet queueing
327 KCONFIG
:=$(KCONFIG_IPT_QUEUE
)
329 FILES
:=$(foreach mod
,$(IPT_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
330 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_QUEUE-m
)))
331 $(call AddDepends
/ipt
)
334 define KernelPackage
/ipt-queue
/description
335 Netfilter
(IPv4
) module for user-space packet queueing
340 $(eval
$(call KernelPackage
,ipt-queue
))
343 define KernelPackage
/ipt-ulog
344 TITLE
:=Module for user-space packet logging
345 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
346 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
347 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
348 $(call AddDepends
/ipt
)
351 define KernelPackage
/ipt-ulog
/description
352 Netfilter
(IPv4
) module for user-space packet logging
357 $(eval
$(call KernelPackage
,ipt-ulog
))
360 define KernelPackage
/ipt-nflog
361 TITLE
:=Module for user-space packet logging
362 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
363 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
364 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
365 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
368 define KernelPackage
/ipt-nflog
/description
369 Netfilter module for user-space packet logging
374 $(eval
$(call KernelPackage
,ipt-nflog
))
377 define KernelPackage
/ipt-nfqueue
378 TITLE
:=Module for user-space packet queuing
379 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
380 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
381 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
382 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
385 define KernelPackage
/ipt-nfqueue
/description
386 Netfilter module for user-space packet queuing
391 $(eval
$(call KernelPackage
,ipt-nfqueue
))
394 define KernelPackage
/ipt-debug
395 TITLE
:=Module for debugging
/development
396 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
398 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
399 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
400 $(call AddDepends
/ipt
)
403 define KernelPackage
/ipt-debug
/description
404 Netfilter modules for debugging
/development of the firewall
409 $(eval
$(call KernelPackage
,ipt-debug
))
412 define KernelPackage
/ipt-led
413 TITLE
:=Module to trigger a LED with a Netfilter rule
414 KCONFIG
:=$(KCONFIG_IPT_LED
)
415 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
416 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
417 $(call AddDepends
/ipt
)
420 define KernelPackage
/ipt-led
/description
421 Netfilter target to trigger a LED when a network packet is matched.
424 $(eval
$(call KernelPackage
,ipt-led
))
426 define KernelPackage
/ipt-tproxy
427 TITLE
:=Transparent proxying support
428 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-ipv6
+IPV6
:kmod-ip6tables
430 CONFIG_NETFILTER_TPROXY \
431 CONFIG_NETFILTER_XT_MATCH_SOCKET \
432 CONFIG_NETFILTER_XT_TARGET_TPROXY
434 $(if
$(call kernel_patchver_lt
,3.12),$(LINUX_DIR
)/net
/netfilter
/nf_tproxy_core.ko
) \
435 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
436 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tproxy_core
$(IPT_TPROXY-m
)))
437 $(call AddDepends
/ipt
)
440 define KernelPackage
/ipt-tproxy
/description
441 Kernel modules for Transparent Proxying
444 $(eval
$(call KernelPackage
,ipt-tproxy
))
446 define KernelPackage
/ipt-tee
448 DEPENDS
:=+kmod-ipt-conntrack
+IPV6
:kmod-ipv6
450 CONFIG_NETFILTER_XT_TARGET_TEE
452 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
453 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
454 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
455 $(call AddDepends
/ipt
)
458 define KernelPackage
/ipt-tee
/description
459 Kernel modules for TEE
462 $(eval
$(call KernelPackage
,ipt-tee
))
465 define KernelPackage
/ipt-u32
468 CONFIG_NETFILTER_XT_MATCH_U32
470 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
471 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
472 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
473 $(call AddDepends
/ipt
)
476 define KernelPackage
/ipt-u32
/description
477 Kernel modules for U32
480 $(eval
$(call KernelPackage
,ipt-u32
))
483 define KernelPackage
/ipt-iprange
484 TITLE
:=Module for matching ip ranges
485 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
486 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
487 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
488 $(call AddDepends
/ipt
)
491 define KernelPackage
/ipt-iprange
/description
492 Netfilter
(IPv4
) module for matching ip ranges
497 $(eval
$(call KernelPackage
,ipt-iprange
))
499 define KernelPackage
/ipt-cluster
500 TITLE
:=Module for matching cluster
501 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
502 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
503 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
504 $(call AddDepends
/ipt
)
507 define KernelPackage
/ipt-cluster
/description
508 Netfilter
(IPv4
/IPv6
) module for matching cluster
509 This option allows you to build work-load-sharing clusters of
510 network servers
/stateful firewalls without having a dedicated
511 load-balancing router
/server
/switch. Basically
, this match returns
512 true when the packet must be handled by this cluster node. Thus
,
513 all nodes see
all packets and this match decides which node handles
514 what packets. The work-load sharing algorithm is based on source
517 This module is usable for ipv4 and ipv6.
519 To use it also enable iptables-mod-cluster
521 see
`iptables -m cluster --help` for more information.
524 $(eval
$(call KernelPackage
,ipt-cluster
))
526 define KernelPackage
/ipt-clusterip
527 TITLE
:=Module for CLUSTERIP
528 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
529 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
530 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
531 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
534 define KernelPackage
/ipt-clusterip
/description
535 Netfilter
(IPv4-only
) module for CLUSTERIP
536 The CLUSTERIP target allows you to build load-balancing clusters of
537 network servers without having a dedicated load-balancing
538 router
/server
/switch.
540 To use it also enable iptables-mod-clusterip
542 see
`iptables -j CLUSTERIP --help` for more information.
545 $(eval
$(call KernelPackage
,ipt-clusterip
))
548 define KernelPackage
/ipt-extra
550 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
551 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
552 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
553 $(call AddDepends
/ipt
)
556 define KernelPackage
/ipt-extra
/description
557 Other Netfilter
(IPv4
) kernel modules
561 - physdev
(if bridge support was enabled in kernel
)
566 $(eval
$(call KernelPackage
,ipt-extra
))
569 define KernelPackage
/ip6tables
572 DEPENDS
:=+kmod-nf-ipt6
+kmod-ipt-core
+kmod-ipt-conntrack
573 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
574 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
575 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
578 define KernelPackage
/ip6tables
/description
579 Netfilter IPv6 firewalling support
582 $(eval
$(call KernelPackage
,ip6tables
))
584 define KernelPackage
/ip6tables-extra
586 TITLE
:=Extra IPv6 modules
587 DEPENDS
:=+kmod-ip6tables
588 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
589 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
590 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
593 define KernelPackage
/ip6tables-extra
/description
594 Netfilter IPv6 extra header matching modules
597 $(eval
$(call KernelPackage
,ip6tables-extra
))
599 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
600 define KernelPackage
/arptables
602 TITLE
:=ARP firewalling modules
603 DEPENDS
:=+kmod-ipt-core
604 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
605 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
606 CONFIG_IP_NF_ARPFILTER \
607 CONFIG_IP_NF_ARP_MANGLE
608 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
611 define KernelPackage
/arptables
/description
612 Kernel modules for ARP firewalling
615 $(eval
$(call KernelPackage
,arptables
))
618 define KernelPackage
/ebtables
620 TITLE
:=Bridge firewalling modules
621 DEPENDS
:=+kmod-ipt-core
+kmod-bridge
622 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
623 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
=y \
625 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
628 define KernelPackage
/ebtables
/description
629 ebtables is a general
, extensible frame
/packet identification
630 framework. It provides you to do Ethernet
631 filtering
/NAT
/brouting on the Ethernet bridge.
634 $(eval
$(call KernelPackage
,ebtables
))
637 define AddDepends
/ebtables
639 DEPENDS
+=kmod-ebtables
$(1)
643 define KernelPackage
/ebtables-ipv4
644 TITLE
:=ebtables
: IPv4 support
645 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
646 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
647 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
648 $(call AddDepends
/ebtables
)
651 define KernelPackage
/ebtables-ipv4
/description
652 This option adds the IPv4 support to ebtables
, which allows basic
653 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
656 $(eval
$(call KernelPackage
,ebtables-ipv4
))
659 define KernelPackage
/ebtables-ipv6
660 TITLE
:=ebtables
: IPv6 support
661 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
662 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
663 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
664 $(call AddDepends
/ebtables
)
667 define KernelPackage
/ebtables-ipv6
/description
668 This option adds the IPv6 support to ebtables
, which allows basic
669 IPv6 header field filtering and target support.
672 $(eval
$(call KernelPackage
,ebtables-ipv6
))
675 define KernelPackage
/ebtables-watchers
676 TITLE
:=ebtables
: watchers support
677 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
678 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
679 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
680 $(call AddDepends
/ebtables
)
683 define KernelPackage
/ebtables-watchers
/description
684 This option adds the log watchers
, that you can use in any rule
685 in any ebtables table.
688 $(eval
$(call KernelPackage
,ebtables-watchers
))
691 define KernelPackage
/nfnetlink
693 TITLE
:=Netlink-based userspace interface
694 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
695 KCONFIG
:=$(KCONFIG_NFNETLINK
)
696 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
699 define KernelPackage
/nfnetlink
/description
700 Kernel modules support for a netlink-based userspace interface
703 $(eval
$(call KernelPackage
,nfnetlink
))
706 define AddDepends
/nfnetlink
708 DEPENDS
+=+kmod-nfnetlink
$(1)
712 define KernelPackage
/nfnetlink-log
713 TITLE
:=Netfilter LOG over NFNETLINK interface
714 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
715 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
716 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
717 $(call AddDepends
/nfnetlink
)
720 define KernelPackage
/nfnetlink-log
/description
721 Kernel modules support for logging packets via NFNETLINK
726 $(eval
$(call KernelPackage
,nfnetlink-log
))
729 define KernelPackage
/nfnetlink-queue
730 TITLE
:=Netfilter QUEUE over NFNETLINK interface
731 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
732 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
733 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
734 $(call AddDepends
/nfnetlink
)
737 define KernelPackage
/nfnetlink-queue
/description
738 Kernel modules support for queueing packets via NFNETLINK
743 $(eval
$(call KernelPackage
,nfnetlink-queue
))
746 define KernelPackage
/nf-conntrack-netlink
747 TITLE
:=Connection tracking netlink interface
748 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
749 KCONFIG
:=CONFIG_NF_CT_NETLINK
750 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
751 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
754 define KernelPackage
/nf-conntrack-netlink
/description
755 Kernel modules support for a netlink-based connection tracking
759 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
761 define KernelPackage
/ipt-hashlimit
763 TITLE
:=Netfilter hashlimit match
764 DEPENDS
:=+kmod-ipt-core
765 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
766 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
767 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
768 $(call KernelPackage
/ipt
)
771 define KernelPackage
/ipt-hashlimit
/description
772 Kernel modules support for the hashlimit bucket match module
775 $(eval
$(call KernelPackage
,ipt-hashlimit
))
778 define KernelPackage
/nft-core
780 TITLE
:=Netfilter nf_tables support
781 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-conntrack6
782 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
783 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
786 CONFIG_NETFILTER_ADVANCED
=y \
787 CONFIG_NFT_COMPAT
=n \
789 CONFIG_NF_TABLES_ARP
=n \
790 CONFIG_NF_TABLES_BRIDGE
=n \
794 define KernelPackage
/nft-core
/description
795 Kernel module support for nftables
798 $(eval
$(call KernelPackage
,nft-core
))
801 define KernelPackage
/nft-nat
803 TITLE
:=Netfilter nf_tables NAT support
804 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
805 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
806 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
807 KCONFIG
:=$(KCONFIG_NFT_NAT
)
810 $(eval
$(call KernelPackage
,nft-nat
))
813 define KernelPackage
/nft-nat6
815 TITLE
:=Netfilter nf_tables IPv6-NAT support
816 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat6
817 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
818 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
819 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
822 $(eval
$(call KernelPackage
,nft-nat6
))