3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-reject
16 TITLE
:=Netfilter IPv4 reject support
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_REJECT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT-m
)))
25 $(eval
$(call KernelPackage
,nf-reject
))
28 define KernelPackage
/nf-reject6
30 TITLE
:=Netfilter IPv6 reject support
33 CONFIG_NETFILTER_ADVANCED
=y \
36 FILES
:=$(foreach mod
,$(NF_REJECT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
37 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT6-m
)))
40 $(eval
$(call KernelPackage
,nf-reject6
))
43 define KernelPackage
/nf-ipt
46 KCONFIG
:=$(KCONFIG_NF_IPT
)
47 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
48 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
51 $(eval
$(call KernelPackage
,nf-ipt
))
54 define KernelPackage
/nf-ipt6
57 KCONFIG
:=$(KCONFIG_NF_IPT6
)
58 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
59 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
63 $(eval
$(call KernelPackage
,nf-ipt6
))
67 define KernelPackage
/ipt-core
70 KCONFIG
:=$(KCONFIG_IPT_CORE
)
71 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
72 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
73 DEPENDS
:=+kmod-nf-reject
+kmod-nf-ipt
76 define KernelPackage
/ipt-core
/description
77 Netfilter core kernel modules
88 $(eval
$(call KernelPackage
,ipt-core
))
91 define KernelPackage
/nf-conntrack
93 TITLE
:=Netfilter connection tracking
96 CONFIG_NETFILTER_ADVANCED
=y \
97 CONFIG_NF_CONNTRACK_MARK
=y \
98 CONFIG_NF_CONNTRACK_ZONES
=y \
99 $(KCONFIG_NF_CONNTRACK
)
100 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
101 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
104 $(eval
$(call KernelPackage
,nf-conntrack
))
107 define KernelPackage
/nf-conntrack6
109 TITLE
:=Netfilter IPv6 connection tracking
110 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
111 DEPENDS
:=@IPV6
+kmod-nf-conntrack
112 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
113 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
116 $(eval
$(call KernelPackage
,nf-conntrack6
))
119 define KernelPackage
/nf-nat
122 KCONFIG
:=$(KCONFIG_NF_NAT
)
123 DEPENDS
:=+kmod-nf-conntrack
124 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
125 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
128 $(eval
$(call KernelPackage
,nf-nat
))
131 define KernelPackage
/nf-nat6
133 TITLE
:=Netfilter IPV6-NAT
134 KCONFIG
:=$(KCONFIG_NF_NAT6
)
135 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-nat
136 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
137 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
140 $(eval
$(call KernelPackage
,nf-nat6
))
143 define AddDepends
/ipt
145 DEPENDS
+= +kmod-ipt-core
$(1)
149 define KernelPackage
/ipt-conntrack
150 TITLE
:=Basic connection tracking modules
151 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
152 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
153 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
154 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
157 define KernelPackage
/ipt-conntrack
/description
158 Netfilter
(IPv4
) kernel modules for connection tracking
167 $(eval
$(call KernelPackage
,ipt-conntrack
))
170 define KernelPackage
/ipt-conntrack-extra
171 TITLE
:=Extra connection tracking modules
172 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
173 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
174 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
175 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
178 define KernelPackage
/ipt-conntrack-extra
/description
179 Netfilter
(IPv4
) extra kernel modules for connection tracking
188 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
190 define KernelPackage
/ipt-conntrack-label
191 TITLE
:=Module for handling connection tracking labels
192 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_LABEL
)
193 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_LABEL-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
194 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_LABEL-m
)))
195 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
198 define KernelPackage
/ipt-conntrack-label
/description
199 Netfilter
(IPv4
) module for handling connection tracking labels
204 $(eval
$(call KernelPackage
,ipt-conntrack-label
))
206 define KernelPackage
/ipt-filter
207 TITLE
:=Modules for packet content inspection
208 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
209 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
210 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
211 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
214 define KernelPackage
/ipt-filter
/description
215 Netfilter
(IPv4
) kernel modules for packet content inspection
220 $(eval
$(call KernelPackage
,ipt-filter
))
223 define KernelPackage
/ipt-ipopt
224 TITLE
:=Modules for matching
/changing IP packet options
225 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
226 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
227 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
228 $(call AddDepends
/ipt
)
231 define KernelPackage
/ipt-ipopt
/description
232 Netfilter
(IPv4
) modules for matching
/changing IP packet options
247 $(eval
$(call KernelPackage
,ipt-ipopt
))
250 define KernelPackage
/ipt-ipsec
251 TITLE
:=Modules for matching IPSec packets
252 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
253 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
254 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
255 $(call AddDepends
/ipt
)
258 define KernelPackage
/ipt-ipsec
/description
259 Netfilter
(IPv4
) modules for matching IPSec packets
266 $(eval
$(call KernelPackage
,ipt-ipsec
))
270 ipset
/ip_set_bitmap_ip \
271 ipset
/ip_set_bitmap_ipmac \
272 ipset
/ip_set_bitmap_port \
273 ipset
/ip_set_hash_ip \
274 ipset
/ip_set_hash_ipmark \
275 ipset
/ip_set_hash_ipport \
276 ipset
/ip_set_hash_ipportip \
277 ipset
/ip_set_hash_ipportnet \
278 ipset
/ip_set_hash_mac \
279 ipset
/ip_set_hash_netportnet \
280 ipset
/ip_set_hash_net \
281 ipset
/ip_set_hash_netnet \
282 ipset
/ip_set_hash_netport \
283 ipset
/ip_set_hash_netiface \
284 ipset
/ip_set_list_set \
287 define KernelPackage
/ipt-ipset
288 SUBMENU
:=Netfilter Extensions
289 TITLE
:=IPset netfilter modules
290 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
293 CONFIG_IP_SET_MAX
=256 \
294 CONFIG_NETFILTER_XT_SET \
295 CONFIG_IP_SET_BITMAP_IP \
296 CONFIG_IP_SET_BITMAP_IPMAC \
297 CONFIG_IP_SET_BITMAP_PORT \
298 CONFIG_IP_SET_HASH_IP \
299 CONFIG_IP_SET_HASH_IPMARK \
300 CONFIG_IP_SET_HASH_IPPORT \
301 CONFIG_IP_SET_HASH_IPPORTIP \
302 CONFIG_IP_SET_HASH_IPPORTNET \
303 CONFIG_IP_SET_HASH_MAC \
304 CONFIG_IP_SET_HASH_NET \
305 CONFIG_IP_SET_HASH_NETNET \
306 CONFIG_IP_SET_HASH_NETIFACE \
307 CONFIG_IP_SET_HASH_NETPORT \
308 CONFIG_IP_SET_HASH_NETPORTNET \
309 CONFIG_IP_SET_LIST_SET \
310 CONFIG_NET_EMATCH_IPSET
=n
311 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
312 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
314 $(eval
$(call KernelPackage
,ipt-ipset
))
317 define KernelPackage
/ipt-nat
318 TITLE
:=Basic NAT targets
319 KCONFIG
:=$(KCONFIG_IPT_NAT
)
320 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
321 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
322 $(call AddDepends
/ipt
,+kmod-nf-nat
)
325 define KernelPackage
/ipt-nat
/description
326 Netfilter
(IPv4
) kernel modules for basic NAT targets
331 $(eval
$(call KernelPackage
,ipt-nat
))
334 define KernelPackage
/ipt-raw
335 TITLE
:=Netfilter IPv4 raw table support
336 KCONFIG
:=CONFIG_IP_NF_RAW
337 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/iptable_raw.ko
338 AUTOLOAD
:=$(call AutoProbe
,iptable_raw
)
339 $(call AddDepends
/ipt
)
342 $(eval
$(call KernelPackage
,ipt-raw
))
345 define KernelPackage
/ipt-raw6
346 TITLE
:=Netfilter IPv6 raw table support
347 KCONFIG
:=CONFIG_IP6_NF_RAW
348 FILES
:=$(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6table_raw.ko
349 AUTOLOAD
:=$(call AutoProbe
,ip6table_raw
)
350 $(call AddDepends
/ipt
,+kmod-ip6tables
)
353 $(eval
$(call KernelPackage
,ipt-raw6
))
356 define KernelPackage
/ipt-nat6
357 TITLE
:=IPv6 NAT targets
358 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
359 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
360 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
361 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
362 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
363 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
364 $(call AddDepends
/ipt
,+kmod-ip6tables
)
367 define KernelPackage
/ipt-nat6
/description
368 Netfilter
(IPv6
) kernel modules for NAT targets
371 $(eval
$(call KernelPackage
,ipt-nat6
))
374 define KernelPackage
/ipt-nat-extra
375 TITLE
:=Extra NAT targets
376 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
377 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
378 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
379 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
382 define KernelPackage
/ipt-nat-extra
/description
383 Netfilter
(IPv4
) kernel modules for extra NAT targets
389 $(eval
$(call KernelPackage
,ipt-nat-extra
))
392 define KernelPackage
/nf-nathelper
394 TITLE
:=Basic Conntrack and NAT helpers
395 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
396 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
397 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
398 DEPENDS
:=+kmod-nf-nat
401 define KernelPackage
/nf-nathelper
/description
402 Default Netfilter
(IPv4
) Conntrack and NAT helpers
407 $(eval
$(call KernelPackage
,nf-nathelper
))
410 define KernelPackage
/nf-nathelper-extra
412 TITLE
:=Extra Conntrack and NAT helpers
413 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
414 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
415 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
416 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
419 define KernelPackage
/nf-nathelper-extra
/description
420 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
434 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
437 define KernelPackage
/ipt-ulog
438 TITLE
:=Module for user-space packet logging
439 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
440 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
441 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
442 $(call AddDepends
/ipt
)
445 define KernelPackage
/ipt-ulog
/description
446 Netfilter
(IPv4
) module for user-space packet logging
451 $(eval
$(call KernelPackage
,ipt-ulog
))
454 define KernelPackage
/ipt-nflog
455 TITLE
:=Module for user-space packet logging
456 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
457 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
458 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
459 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
462 define KernelPackage
/ipt-nflog
/description
463 Netfilter module for user-space packet logging
468 $(eval
$(call KernelPackage
,ipt-nflog
))
471 define KernelPackage
/ipt-nfqueue
472 TITLE
:=Module for user-space packet queuing
473 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
474 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
475 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
476 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
479 define KernelPackage
/ipt-nfqueue
/description
480 Netfilter module for user-space packet queuing
485 $(eval
$(call KernelPackage
,ipt-nfqueue
))
488 define KernelPackage
/ipt-debug
489 TITLE
:=Module for debugging
/development
490 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
491 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
492 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
493 $(call AddDepends
/ipt
,+kmod-ipt-raw
+IPV6
:kmod-ipt-raw6
)
496 define KernelPackage
/ipt-debug
/description
497 Netfilter modules for debugging
/development of the firewall
502 $(eval
$(call KernelPackage
,ipt-debug
))
505 define KernelPackage
/ipt-led
506 TITLE
:=Module to trigger a LED with a Netfilter rule
507 KCONFIG
:=$(KCONFIG_IPT_LED
)
508 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
509 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
510 $(call AddDepends
/ipt
)
513 define KernelPackage
/ipt-led
/description
514 Netfilter target to trigger a LED when a network packet is matched.
517 $(eval
$(call KernelPackage
,ipt-led
))
519 define KernelPackage
/ipt-tproxy
520 TITLE
:=Transparent proxying support
521 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-nf-conntrack6
+IPV6
:kmod-ip6tables
523 CONFIG_NETFILTER_XT_MATCH_SOCKET \
524 CONFIG_NETFILTER_XT_TARGET_TPROXY
526 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
527 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_TPROXY-m
)))
528 $(call AddDepends
/ipt
)
531 define KernelPackage
/ipt-tproxy
/description
532 Kernel modules for Transparent Proxying
535 $(eval
$(call KernelPackage
,ipt-tproxy
))
537 define KernelPackage
/ipt-tee
539 DEPENDS
:=+kmod-ipt-conntrack
541 CONFIG_NETFILTER_XT_TARGET_TEE
543 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
544 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
545 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
546 $(call AddDepends
/ipt
)
549 define KernelPackage
/ipt-tee
/description
550 Kernel modules for TEE
553 $(eval
$(call KernelPackage
,ipt-tee
))
556 define KernelPackage
/ipt-u32
559 CONFIG_NETFILTER_XT_MATCH_U32
561 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
562 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
563 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
564 $(call AddDepends
/ipt
)
567 define KernelPackage
/ipt-u32
/description
568 Kernel modules for U32
571 $(eval
$(call KernelPackage
,ipt-u32
))
573 define KernelPackage
/ipt-checksum
574 TITLE
:=CHECKSUM support
576 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
578 $(LINUX_DIR
)/net
/netfilter
/xt_CHECKSUM.ko \
579 $(foreach mod
,$(IPT_CHECKSUM-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
580 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CHECKSUM-m
)))
581 $(call AddDepends
/ipt
)
584 define KernelPackage
/ipt-checksum
/description
585 Kernel modules for CHECKSUM fillin target
588 $(eval
$(call KernelPackage
,ipt-checksum
))
591 define KernelPackage
/ipt-iprange
592 TITLE
:=Module for matching ip ranges
593 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
594 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
595 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
596 $(call AddDepends
/ipt
)
599 define KernelPackage
/ipt-iprange
/description
600 Netfilter
(IPv4
) module for matching ip ranges
605 $(eval
$(call KernelPackage
,ipt-iprange
))
607 define KernelPackage
/ipt-cluster
608 TITLE
:=Module for matching cluster
609 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
610 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
611 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
612 $(call AddDepends
/ipt
)
615 define KernelPackage
/ipt-cluster
/description
616 Netfilter
(IPv4
/IPv6
) module for matching cluster
617 This option allows you to build work-load-sharing clusters of
618 network servers
/stateful firewalls without having a dedicated
619 load-balancing router
/server
/switch. Basically
, this match returns
620 true when the packet must be handled by this cluster node. Thus
,
621 all nodes see
all packets and this match decides which node handles
622 what packets. The work-load sharing algorithm is based on source
625 This module is usable for ipv4 and ipv6.
627 To use it also enable iptables-mod-cluster
629 see
`iptables -m cluster --help` for more information.
632 $(eval
$(call KernelPackage
,ipt-cluster
))
634 define KernelPackage
/ipt-clusterip
635 TITLE
:=Module for CLUSTERIP
636 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
637 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
638 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
639 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
642 define KernelPackage
/ipt-clusterip
/description
643 Netfilter
(IPv4-only
) module for CLUSTERIP
644 The CLUSTERIP target allows you to build load-balancing clusters of
645 network servers without having a dedicated load-balancing
646 router
/server
/switch.
648 To use it also enable iptables-mod-clusterip
650 see
`iptables -j CLUSTERIP --help` for more information.
653 $(eval
$(call KernelPackage
,ipt-clusterip
))
656 define KernelPackage
/ipt-extra
658 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
659 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
660 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
661 $(call AddDepends
/ipt
,+kmod-br-netfilter
)
664 define KernelPackage
/ipt-extra
/description
665 Other Netfilter
(IPv4
) kernel modules
669 - physdev
(if bridge support was enabled in kernel
)
674 $(eval
$(call KernelPackage
,ipt-extra
))
677 define KernelPackage
/ip6tables
680 DEPENDS
:=+kmod-nf-reject6
+kmod-nf-ipt6
+kmod-ipt-core
681 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
682 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
683 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
686 define KernelPackage
/ip6tables
/description
687 Netfilter IPv6 firewalling support
690 $(eval
$(call KernelPackage
,ip6tables
))
692 define KernelPackage
/ip6tables-extra
694 TITLE
:=Extra IPv6 modules
695 DEPENDS
:=+kmod-ip6tables
696 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
697 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
698 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
701 define KernelPackage
/ip6tables-extra
/description
702 Netfilter IPv6 extra header matching modules
705 $(eval
$(call KernelPackage
,ip6tables-extra
))
707 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
708 define KernelPackage
/arptables
710 TITLE
:=ARP firewalling modules
711 DEPENDS
:=+kmod-ipt-core
712 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
713 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
714 CONFIG_IP_NF_ARPFILTER \
715 CONFIG_IP_NF_ARP_MANGLE
716 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
719 define KernelPackage
/arptables
/description
720 Kernel modules for ARP firewalling
723 $(eval
$(call KernelPackage
,arptables
))
726 define KernelPackage
/br-netfilter
728 TITLE
:=Bridge netfilter support modules
730 DEPENDS
:=+kmod-ipt-core
731 FILES
:=$(LINUX_DIR
)/net
/bridge
/br_netfilter.ko
732 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
733 AUTOLOAD
:=$(call AutoProbe
,br_netfilter
)
736 $(eval
$(call KernelPackage
,br-netfilter
))
739 define KernelPackage
/ebtables
741 TITLE
:=Bridge firewalling modules
742 DEPENDS
:=+kmod-ipt-core
+kmod-br-netfilter
743 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
744 KCONFIG
:=$(KCONFIG_EBTABLES
)
745 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
748 define KernelPackage
/ebtables
/description
749 ebtables is a general
, extensible frame
/packet identification
750 framework. It provides you to do Ethernet
751 filtering
/NAT
/brouting on the Ethernet bridge.
754 $(eval
$(call KernelPackage
,ebtables
))
757 define AddDepends
/ebtables
759 DEPENDS
+=kmod-ebtables
$(1)
763 define KernelPackage
/ebtables-ipv4
764 TITLE
:=ebtables
: IPv4 support
765 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
766 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
767 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
768 $(call AddDepends
/ebtables
)
771 define KernelPackage
/ebtables-ipv4
/description
772 This option adds the IPv4 support to ebtables
, which allows basic
773 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
776 $(eval
$(call KernelPackage
,ebtables-ipv4
))
779 define KernelPackage
/ebtables-ipv6
780 TITLE
:=ebtables
: IPv6 support
781 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
782 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
783 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
784 $(call AddDepends
/ebtables
)
787 define KernelPackage
/ebtables-ipv6
/description
788 This option adds the IPv6 support to ebtables
, which allows basic
789 IPv6 header field filtering and target support.
792 $(eval
$(call KernelPackage
,ebtables-ipv6
))
795 define KernelPackage
/ebtables-watchers
796 TITLE
:=ebtables
: watchers support
797 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
798 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
799 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
800 $(call AddDepends
/ebtables
)
803 define KernelPackage
/ebtables-watchers
/description
804 This option adds the log watchers
, that you can use in any rule
805 in any ebtables table.
808 $(eval
$(call KernelPackage
,ebtables-watchers
))
811 define KernelPackage
/nfnetlink
813 TITLE
:=Netlink-based userspace interface
814 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
815 KCONFIG
:=$(KCONFIG_NFNETLINK
)
816 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
819 define KernelPackage
/nfnetlink
/description
820 Kernel modules support for a netlink-based userspace interface
823 $(eval
$(call KernelPackage
,nfnetlink
))
826 define AddDepends
/nfnetlink
828 DEPENDS
+=+kmod-nfnetlink
$(1)
832 define KernelPackage
/nfnetlink-log
833 TITLE
:=Netfilter LOG over NFNETLINK interface
834 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
835 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
836 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
837 $(call AddDepends
/nfnetlink
)
840 define KernelPackage
/nfnetlink-log
/description
841 Kernel modules support for logging packets via NFNETLINK
846 $(eval
$(call KernelPackage
,nfnetlink-log
))
849 define KernelPackage
/nfnetlink-queue
850 TITLE
:=Netfilter QUEUE over NFNETLINK interface
851 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
852 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
853 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
854 $(call AddDepends
/nfnetlink
)
857 define KernelPackage
/nfnetlink-queue
/description
858 Kernel modules support for queueing packets via NFNETLINK
863 $(eval
$(call KernelPackage
,nfnetlink-queue
))
866 define KernelPackage
/nf-conntrack-netlink
867 TITLE
:=Connection tracking netlink interface
868 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
869 KCONFIG
:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS
=y
870 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
871 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
874 define KernelPackage
/nf-conntrack-netlink
/description
875 Kernel modules support for a netlink-based connection tracking
879 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
881 define KernelPackage
/ipt-hashlimit
883 TITLE
:=Netfilter hashlimit match
884 DEPENDS
:=+kmod-ipt-core
885 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
886 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
887 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
888 $(call KernelPackage
/ipt
)
891 define KernelPackage
/ipt-hashlimit
/description
892 Kernel modules support for the hashlimit bucket match module
895 $(eval
$(call KernelPackage
,ipt-hashlimit
))
897 define KernelPackage
/ipt-rpfilter
899 TITLE
:=Netfilter rpfilter match
900 DEPENDS
:=+kmod-ipt-core
901 KCONFIG
:=$(KCONFIG_IPT_RPFILTER
)
903 $(LINUX_DIR
)/net
/ipv4
/netfilter
/ipt_rpfilter.ko \
904 $(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6t_rpfilter.ko
)
905 AUTOLOAD
:=$(call AutoProbe
,ipt_rpfilter ip6t_rpfilter
)
906 $(call KernelPackage
/ipt
)
909 define KernelPackage
/ipt-rpfilter
/description
910 Kernel modules support for the Netfilter rpfilter match
913 $(eval
$(call KernelPackage
,ipt-rpfilter
))
916 define KernelPackage
/nft-core
918 TITLE
:=Netfilter nf_tables support
919 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-reject
+kmod-nf-reject6
+kmod-nf-conntrack6
920 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
921 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
923 CONFIG_NFT_COMPAT
=n \
928 define KernelPackage
/nft-core
/description
929 Kernel module support for nftables
932 $(eval
$(call KernelPackage
,nft-core
))
935 define KernelPackage
/nft-arp
937 TITLE
:=Netfilter nf_tables ARP table support
938 DEPENDS
:=+kmod-nft-core
939 FILES
:=$(foreach mod
,$(NFT_ARP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
940 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_ARP-m
)))
941 KCONFIG
:=$(KCONFIG_NFT_ARP
)
944 $(eval
$(call KernelPackage
,nft-arp
))
947 define KernelPackage
/nft-bridge
949 TITLE
:=Netfilter nf_tables bridge table support
950 DEPENDS
:=+kmod-nft-core
951 FILES
:=$(foreach mod
,$(NFT_BRIDGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
952 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_BRIDGE-m
)))
954 CONFIG_NF_LOG_BRIDGE
=n \
955 $(KCONFIG_NFT_BRIDGE
)
958 $(eval
$(call KernelPackage
,nft-bridge
))
961 define KernelPackage
/nft-nat
963 TITLE
:=Netfilter nf_tables NAT support
964 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
965 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
966 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
967 KCONFIG
:=$(KCONFIG_NFT_NAT
)
970 $(eval
$(call KernelPackage
,nft-nat
))
973 define KernelPackage
/nft-nat6
975 TITLE
:=Netfilter nf_tables IPv6-NAT support
976 DEPENDS
:=+kmod-nft-nat
+kmod-nf-nat6
977 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
978 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
979 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
982 $(eval
$(call KernelPackage
,nft-nat6
))