3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
13 define KernelPackage
/ipt-core
18 CONFIG_NETFILTER_ADVANCED
=y \
20 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
21 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
24 define KernelPackage
/ipt-core
/description
25 Netfilter core kernel modules
36 $(eval
$(call KernelPackage
,ipt-core
))
41 DEPENDS
+= +kmod-ipt-core
$(1)
45 define KernelPackage
/ipt-conntrack
46 TITLE
:=Basic connection tracking modules
47 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
48 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
49 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
50 $(call AddDepends
/ipt
)
53 define KernelPackage
/ipt-conntrack
/description
54 Netfilter
(IPv4
) kernel modules for connection tracking
63 $(eval
$(call KernelPackage
,ipt-conntrack
))
66 define KernelPackage
/ipt-conntrack-extra
67 TITLE
:=Extra connection tracking modules
68 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
69 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
70 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
71 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
74 define KernelPackage
/ipt-conntrack-extra
/description
75 Netfilter
(IPv4
) extra kernel modules for connection tracking
84 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
87 define KernelPackage
/ipt-filter
88 TITLE
:=Modules for packet content inspection
89 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
90 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
91 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
92 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
95 define KernelPackage
/ipt-filter
/description
96 Netfilter
(IPv4
) kernel modules for packet content inspection
102 $(eval
$(call KernelPackage
,ipt-filter
))
105 define KernelPackage
/ipt-ipopt
106 TITLE
:=Modules for matching
/changing IP packet options
107 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
108 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
109 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
110 $(call AddDepends
/ipt
)
113 define KernelPackage
/ipt-ipopt
/description
114 Netfilter
(IPv4
) modules for matching
/changing IP packet options
129 $(eval
$(call KernelPackage
,ipt-ipopt
))
132 define KernelPackage
/ipt-ipsec
133 TITLE
:=Modules for matching IPSec packets
134 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
135 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
136 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
137 $(call AddDepends
/ipt
)
140 define KernelPackage
/ipt-ipsec
/description
141 Netfilter
(IPv4
) modules for matching IPSec packets
148 $(eval
$(call KernelPackage
,ipt-ipsec
))
151 define KernelPackage
/ipt-nat
152 TITLE
:=Basic NAT targets
153 KCONFIG
:=$(KCONFIG_IPT_NAT
)
154 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
155 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
156 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
159 define KernelPackage
/ipt-nat
/description
160 Netfilter
(IPv4
) kernel modules for basic NAT targets
165 $(eval
$(call KernelPackage
,ipt-nat
))
168 define KernelPackage
/ipt-nat6
169 TITLE
:=IPv6 NAT targets
170 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
171 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
172 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
173 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
174 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
175 $(call AddDepends
/ipt
,+kmod-ip6tables
)
178 define KernelPackage
/ipt-nat6
/description
179 Netfilter
(IPv6
) kernel modules for NAT targets
182 $(eval
$(call KernelPackage
,ipt-nat6
))
185 define KernelPackage
/ipt-nat-extra
186 TITLE
:=Extra NAT targets
187 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
188 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
189 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
190 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
193 define KernelPackage
/ipt-nat-extra
/description
194 Netfilter
(IPv4
) kernel modules for extra NAT targets
200 $(eval
$(call KernelPackage
,ipt-nat-extra
))
203 define KernelPackage
/ipt-nathelper
204 TITLE
:=Basic Conntrack and NAT helpers
205 KCONFIG
:=$(KCONFIG_IPT_NATHELPER
)
206 FILES
:=$(foreach mod
,$(IPT_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
207 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NATHELPER-m
)))
208 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
211 define KernelPackage
/ipt-nathelper
/description
212 Default Netfilter
(IPv4
) Conntrack and NAT helpers
219 $(eval
$(call KernelPackage
,ipt-nathelper
))
222 define KernelPackage
/ipt-nathelper-extra
223 TITLE
:=Extra Conntrack and NAT helpers
224 KCONFIG
:=$(KCONFIG_IPT_NATHELPER_EXTRA
)
225 FILES
:=$(foreach mod
,$(IPT_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
226 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NATHELPER_EXTRA-m
)))
227 $(call AddDepends
/ipt
,+kmod-ipt-nat
+kmod-lib-textsearch
)
230 define KernelPackage
/ipt-nathelper-extra
/description
231 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
243 $(eval
$(call KernelPackage
,ipt-nathelper-extra
))
246 define KernelPackage
/ipt-queue
247 TITLE
:=Module for user-space packet queueing
248 KCONFIG
:=$(KCONFIG_IPT_QUEUE
)
250 FILES
:=$(foreach mod
,$(IPT_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
251 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_QUEUE-m
)))
252 $(call AddDepends
/ipt
)
255 define KernelPackage
/ipt-queue
/description
256 Netfilter
(IPv4
) module for user-space packet queueing
261 $(eval
$(call KernelPackage
,ipt-queue
))
264 define KernelPackage
/ipt-ulog
265 TITLE
:=Module for user-space packet logging
266 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
267 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
268 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
269 $(call AddDepends
/ipt
)
272 define KernelPackage
/ipt-ulog
/description
273 Netfilter
(IPv4
) module for user-space packet logging
278 $(eval
$(call KernelPackage
,ipt-ulog
))
281 define KernelPackage
/ipt-nflog
282 TITLE
:=Module for user-space packet logging
283 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
284 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
285 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
286 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
289 define KernelPackage
/ipt-nflog
/description
290 Netfilter module for user-space packet logging
295 $(eval
$(call KernelPackage
,ipt-nflog
))
298 define KernelPackage
/ipt-nfqueue
299 TITLE
:=Module for user-space packet queuing
300 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
301 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
302 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
303 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
306 define KernelPackage
/ipt-nfqueue
/description
307 Netfilter module for user-space packet queuing
312 $(eval
$(call KernelPackage
,ipt-nfqueue
))
315 define KernelPackage
/ipt-debug
316 TITLE
:=Module for debugging
/development
317 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
319 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
320 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
321 $(call AddDepends
/ipt
)
324 define KernelPackage
/ipt-debug
/description
325 Netfilter modules for debugging
/development of the firewall
330 $(eval
$(call KernelPackage
,ipt-debug
))
333 define KernelPackage
/ipt-led
334 TITLE
:=Module to trigger a LED with a Netfilter rule
335 KCONFIG
:=$(KCONFIG_IPT_LED
)
336 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
337 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
338 $(call AddDepends
/ipt
)
341 define KernelPackage
/ipt-led
/description
342 Netfilter target to trigger a LED when a network packet is matched.
345 $(eval
$(call KernelPackage
,ipt-led
))
347 define KernelPackage
/ipt-tproxy
348 TITLE
:=Transparent proxying support
349 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-ipv6
+IPV6
:kmod-ip6tables
351 CONFIG_NETFILTER_TPROXY \
352 CONFIG_NETFILTER_XT_MATCH_SOCKET \
353 CONFIG_NETFILTER_XT_TARGET_TPROXY
355 $(if
$(call kernel_patchver_lt
,3.12),$(LINUX_DIR
)/net
/netfilter
/nf_tproxy_core.ko
) \
356 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
357 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tproxy_core
$(IPT_TPROXY-m
)))
358 $(call AddDepends
/ipt
)
361 define KernelPackage
/ipt-tproxy
/description
362 Kernel modules for Transparent Proxying
365 $(eval
$(call KernelPackage
,ipt-tproxy
))
367 define KernelPackage
/ipt-tee
369 DEPENDS
:=+kmod-ipt-conntrack
+IPV6
:kmod-ipv6
371 CONFIG_NETFILTER_XT_TARGET_TEE
373 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
374 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
375 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
376 $(call AddDepends
/ipt
)
379 define KernelPackage
/ipt-tee
/description
380 Kernel modules for TEE
383 $(eval
$(call KernelPackage
,ipt-tee
))
386 define KernelPackage
/ipt-u32
389 CONFIG_NETFILTER_XT_MATCH_U32
391 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
392 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
393 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
394 $(call AddDepends
/ipt
)
397 define KernelPackage
/ipt-u32
/description
398 Kernel modules for U32
401 $(eval
$(call KernelPackage
,ipt-u32
))
404 define KernelPackage
/ipt-iprange
405 TITLE
:=Module for matching ip ranges
406 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
407 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
408 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
409 $(call AddDepends
/ipt
)
412 define KernelPackage
/ipt-iprange
/description
413 Netfilter
(IPv4
) module for matching ip ranges
418 $(eval
$(call KernelPackage
,ipt-iprange
))
421 define KernelPackage
/ipt-extra
423 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
424 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
425 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
426 $(call AddDepends
/ipt
)
429 define KernelPackage
/ipt-extra
/description
430 Other Netfilter
(IPv4
) kernel modules
434 - physdev
(if bridge support was enabled in kernel
)
439 $(eval
$(call KernelPackage
,ipt-extra
))
442 define KernelPackage
/ip6tables
445 DEPENDS
:=+kmod-ipv6
+kmod-ipt-core
+kmod-ipt-conntrack
446 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
447 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
448 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
451 define KernelPackage
/ip6tables
/description
452 Netfilter IPv6 firewalling support
455 $(eval
$(call KernelPackage
,ip6tables
))
457 define KernelPackage
/ip6tables-extra
459 TITLE
:=Extra IPv6 modules
460 DEPENDS
:=+kmod-ip6tables
461 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
462 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
463 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
466 define KernelPackage
/ip6tables-extra
/description
467 Netfilter IPv6 extra header matching modules
470 $(eval
$(call KernelPackage
,ip6tables-extra
))
472 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
473 define KernelPackage
/arptables
475 TITLE
:=ARP firewalling modules
476 DEPENDS
:=+kmod-ipt-core
477 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
478 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
479 CONFIG_IP_NF_ARPFILTER \
480 CONFIG_IP_NF_ARP_MANGLE
481 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
484 define KernelPackage
/arptables
/description
485 Kernel modules for ARP firewalling
488 $(eval
$(call KernelPackage
,arptables
))
491 define KernelPackage
/ebtables
493 TITLE
:=Bridge firewalling modules
494 DEPENDS
:=+kmod-ipt-core
+kmod-bridge
495 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
496 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
=y \
498 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
501 define KernelPackage
/ebtables
/description
502 ebtables is a general
, extensible frame
/packet identification
503 framework. It provides you to do Ethernet
504 filtering
/NAT
/brouting on the Ethernet bridge.
507 $(eval
$(call KernelPackage
,ebtables
))
510 define AddDepends
/ebtables
512 DEPENDS
+=kmod-ebtables
$(1)
516 define KernelPackage
/ebtables-ipv4
517 TITLE
:=ebtables
: IPv4 support
518 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
519 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
520 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
521 $(call AddDepends
/ebtables
)
524 define KernelPackage
/ebtables-ipv4
/description
525 This option adds the IPv4 support to ebtables
, which allows basic
526 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
529 $(eval
$(call KernelPackage
,ebtables-ipv4
))
532 define KernelPackage
/ebtables-ipv6
533 TITLE
:=ebtables
: IPv6 support
534 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
535 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
536 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
537 $(call AddDepends
/ebtables
)
540 define KernelPackage
/ebtables-ipv6
/description
541 This option adds the IPv6 support to ebtables
, which allows basic
542 IPv6 header field filtering and target support.
545 $(eval
$(call KernelPackage
,ebtables-ipv6
))
548 define KernelPackage
/ebtables-watchers
549 TITLE
:=ebtables
: watchers support
550 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
551 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
552 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
553 $(call AddDepends
/ebtables
)
556 define KernelPackage
/ebtables-watchers
/description
557 This option adds the log watchers
, that you can use in any rule
558 in any ebtables table.
561 $(eval
$(call KernelPackage
,ebtables-watchers
))
564 define KernelPackage
/nfnetlink
566 TITLE
:=Netlink-based userspace interface
567 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
568 KCONFIG
:=$(KCONFIG_NFNETLINK
)
569 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
570 $(call AddDepends
/ipt
)
573 define KernelPackage
/nfnetlink
/description
574 Kernel modules support for a netlink-based userspace interface
577 $(eval
$(call KernelPackage
,nfnetlink
))
580 define AddDepends
/nfnetlink
582 DEPENDS
+=+kmod-nfnetlink
$(1)
586 define KernelPackage
/nfnetlink-log
587 TITLE
:=Netfilter LOG over NFNETLINK interface
588 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
589 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
590 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
591 $(call AddDepends
/nfnetlink
)
594 define KernelPackage
/nfnetlink-log
/description
595 Kernel modules support for logging packets via NFNETLINK
600 $(eval
$(call KernelPackage
,nfnetlink-log
))
603 define KernelPackage
/nfnetlink-queue
604 TITLE
:=Netfilter QUEUE over NFNETLINK interface
605 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
606 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
607 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
608 $(call AddDepends
/nfnetlink
)
611 define KernelPackage
/nfnetlink-queue
/description
612 Kernel modules support for queueing packets via NFNETLINK
617 $(eval
$(call KernelPackage
,nfnetlink-queue
))
620 define KernelPackage
/nf-conntrack-netlink
621 TITLE
:=Connection tracking netlink interface
622 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
623 KCONFIG
:=CONFIG_NF_CT_NETLINK
624 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
625 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
628 define KernelPackage
/nf-conntrack-netlink
/description
629 Kernel modules support for a netlink-based connection tracking
633 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
635 define KernelPackage
/ipt-hashlimit
637 TITLE
:=Netfilter hashlimit match
638 DEPENDS
:=+kmod-ipt-core
639 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
640 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
641 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
642 $(call KernelPackage
/ipt
)
645 define KernelPackage
/ipt-hashlimit
/description
646 Kernel modules support for the hashlimit bucket match module
649 $(eval
$(call KernelPackage
,ipt-hashlimit
))