3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-reject
16 TITLE
:=Netfilter IPv4 reject support
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_REJECT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT-m
)))
25 $(eval
$(call KernelPackage
,nf-reject
))
28 define KernelPackage
/nf-reject6
30 TITLE
:=Netfilter IPv6 reject support
33 CONFIG_NETFILTER_ADVANCED
=y \
36 FILES
:=$(foreach mod
,$(NF_REJECT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
37 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT6-m
)))
40 $(eval
$(call KernelPackage
,nf-reject6
))
43 define KernelPackage
/nf-ipt
46 KCONFIG
:=$(KCONFIG_NF_IPT
)
47 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
48 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
51 $(eval
$(call KernelPackage
,nf-ipt
))
54 define KernelPackage
/nf-ipt6
57 KCONFIG
:=$(KCONFIG_NF_IPT6
)
58 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
59 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
63 $(eval
$(call KernelPackage
,nf-ipt6
))
67 define KernelPackage
/ipt-core
70 KCONFIG
:=$(KCONFIG_IPT_CORE
)
71 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
72 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
73 DEPENDS
:=+kmod-nf-reject
+kmod-nf-ipt
76 define KernelPackage
/ipt-core
/description
77 Netfilter core kernel modules
88 $(eval
$(call KernelPackage
,ipt-core
))
91 define KernelPackage
/nf-conntrack
93 TITLE
:=Netfilter connection tracking
96 CONFIG_NETFILTER_ADVANCED
=y \
97 CONFIG_NF_CONNTRACK_MARK
=y \
98 CONFIG_NF_CONNTRACK_ZONES
=y \
99 $(KCONFIG_NF_CONNTRACK
)
100 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
101 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
104 $(eval
$(call KernelPackage
,nf-conntrack
))
107 define KernelPackage
/nf-conntrack6
109 TITLE
:=Netfilter IPv6 connection tracking
110 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
111 DEPENDS
:=@IPV6
+kmod-nf-conntrack
112 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
113 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
116 $(eval
$(call KernelPackage
,nf-conntrack6
))
119 define KernelPackage
/nf-nat
122 KCONFIG
:=$(KCONFIG_NF_NAT
)
123 DEPENDS
:=+kmod-nf-conntrack
124 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
125 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
128 $(eval
$(call KernelPackage
,nf-nat
))
131 define KernelPackage
/nf-nat6
133 TITLE
:=Netfilter IPV6-NAT
134 KCONFIG
:=$(KCONFIG_NF_NAT6
)
135 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-nat
136 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
137 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
140 $(eval
$(call KernelPackage
,nf-nat6
))
143 define AddDepends
/ipt
145 DEPENDS
+= +kmod-ipt-core
$(1)
149 define KernelPackage
/ipt-conntrack
150 TITLE
:=Basic connection tracking modules
151 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
152 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
153 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
154 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
157 define KernelPackage
/ipt-conntrack
/description
158 Netfilter
(IPv4
) kernel modules for connection tracking
167 $(eval
$(call KernelPackage
,ipt-conntrack
))
170 define KernelPackage
/ipt-conntrack-extra
171 TITLE
:=Extra connection tracking modules
172 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
173 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
174 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
175 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
178 define KernelPackage
/ipt-conntrack-extra
/description
179 Netfilter
(IPv4
) extra kernel modules for connection tracking
188 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
191 define KernelPackage
/ipt-filter
192 TITLE
:=Modules for packet content inspection
193 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
194 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
195 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
196 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
199 define KernelPackage
/ipt-filter
/description
200 Netfilter
(IPv4
) kernel modules for packet content inspection
205 $(eval
$(call KernelPackage
,ipt-filter
))
208 define KernelPackage
/ipt-ipopt
209 TITLE
:=Modules for matching
/changing IP packet options
210 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
211 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
212 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
213 $(call AddDepends
/ipt
)
216 define KernelPackage
/ipt-ipopt
/description
217 Netfilter
(IPv4
) modules for matching
/changing IP packet options
232 $(eval
$(call KernelPackage
,ipt-ipopt
))
235 define KernelPackage
/ipt-ipsec
236 TITLE
:=Modules for matching IPSec packets
237 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
238 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
239 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
240 $(call AddDepends
/ipt
)
243 define KernelPackage
/ipt-ipsec
/description
244 Netfilter
(IPv4
) modules for matching IPSec packets
251 $(eval
$(call KernelPackage
,ipt-ipsec
))
255 ipset
/ip_set_bitmap_ip \
256 ipset
/ip_set_bitmap_ipmac \
257 ipset
/ip_set_bitmap_port \
258 ipset
/ip_set_hash_ip \
259 ipset
/ip_set_hash_ipmark \
260 ipset
/ip_set_hash_ipport \
261 ipset
/ip_set_hash_ipportip \
262 ipset
/ip_set_hash_ipportnet \
263 ipset
/ip_set_hash_mac \
264 ipset
/ip_set_hash_netportnet \
265 ipset
/ip_set_hash_net \
266 ipset
/ip_set_hash_netnet \
267 ipset
/ip_set_hash_netport \
268 ipset
/ip_set_hash_netiface \
269 ipset
/ip_set_list_set \
272 define KernelPackage
/ipt-ipset
273 SUBMENU
:=Netfilter Extensions
274 TITLE
:=IPset netfilter modules
275 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
278 CONFIG_IP_SET_MAX
=256 \
279 CONFIG_NETFILTER_XT_SET \
280 CONFIG_IP_SET_BITMAP_IP \
281 CONFIG_IP_SET_BITMAP_IPMAC \
282 CONFIG_IP_SET_BITMAP_PORT \
283 CONFIG_IP_SET_HASH_IP \
284 CONFIG_IP_SET_HASH_IPMARK \
285 CONFIG_IP_SET_HASH_IPPORT \
286 CONFIG_IP_SET_HASH_IPPORTIP \
287 CONFIG_IP_SET_HASH_IPPORTNET \
288 CONFIG_IP_SET_HASH_MAC \
289 CONFIG_IP_SET_HASH_NET \
290 CONFIG_IP_SET_HASH_NETNET \
291 CONFIG_IP_SET_HASH_NETIFACE \
292 CONFIG_IP_SET_HASH_NETPORT \
293 CONFIG_IP_SET_HASH_NETPORTNET \
294 CONFIG_IP_SET_LIST_SET \
295 CONFIG_NET_EMATCH_IPSET
=n
296 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
297 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
299 $(eval
$(call KernelPackage
,ipt-ipset
))
302 define KernelPackage
/ipt-nat
303 TITLE
:=Basic NAT targets
304 KCONFIG
:=$(KCONFIG_IPT_NAT
)
305 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
306 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
307 $(call AddDepends
/ipt
,+kmod-nf-nat
)
310 define KernelPackage
/ipt-nat
/description
311 Netfilter
(IPv4
) kernel modules for basic NAT targets
316 $(eval
$(call KernelPackage
,ipt-nat
))
319 define KernelPackage
/ipt-raw
320 TITLE
:=Netfilter IPv4 raw table support
321 KCONFIG
:=CONFIG_IP_NF_RAW
322 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/iptable_raw.ko
323 AUTOLOAD
:=$(call AutoProbe
,iptable_raw
)
324 $(call AddDepends
/ipt
)
327 $(eval
$(call KernelPackage
,ipt-raw
))
330 define KernelPackage
/ipt-raw6
331 TITLE
:=Netfilter IPv6 raw table support
332 KCONFIG
:=CONFIG_IP6_NF_RAW
333 FILES
:=$(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6table_raw.ko
334 AUTOLOAD
:=$(call AutoProbe
,ip6table_raw
)
335 $(call AddDepends
/ipt
,+kmod-ip6tables
)
338 $(eval
$(call KernelPackage
,ipt-raw6
))
341 define KernelPackage
/ipt-nat6
342 TITLE
:=IPv6 NAT targets
343 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
344 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
345 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
346 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
347 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
348 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
349 $(call AddDepends
/ipt
,+kmod-ip6tables
)
352 define KernelPackage
/ipt-nat6
/description
353 Netfilter
(IPv6
) kernel modules for NAT targets
356 $(eval
$(call KernelPackage
,ipt-nat6
))
359 define KernelPackage
/ipt-nat-extra
360 TITLE
:=Extra NAT targets
361 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
362 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
363 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
364 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
367 define KernelPackage
/ipt-nat-extra
/description
368 Netfilter
(IPv4
) kernel modules for extra NAT targets
374 $(eval
$(call KernelPackage
,ipt-nat-extra
))
377 define KernelPackage
/nf-nathelper
379 TITLE
:=Basic Conntrack and NAT helpers
380 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
381 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
382 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
383 DEPENDS
:=+kmod-nf-nat
386 define KernelPackage
/nf-nathelper
/description
387 Default Netfilter
(IPv4
) Conntrack and NAT helpers
392 $(eval
$(call KernelPackage
,nf-nathelper
))
395 define KernelPackage
/nf-nathelper-extra
397 TITLE
:=Extra Conntrack and NAT helpers
398 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
399 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
400 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
401 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
404 define KernelPackage
/nf-nathelper-extra
/description
405 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
419 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
422 define KernelPackage
/ipt-ulog
423 TITLE
:=Module for user-space packet logging
424 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
425 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
426 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
427 $(call AddDepends
/ipt
)
430 define KernelPackage
/ipt-ulog
/description
431 Netfilter
(IPv4
) module for user-space packet logging
436 $(eval
$(call KernelPackage
,ipt-ulog
))
439 define KernelPackage
/ipt-nflog
440 TITLE
:=Module for user-space packet logging
441 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
442 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
443 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
444 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
447 define KernelPackage
/ipt-nflog
/description
448 Netfilter module for user-space packet logging
453 $(eval
$(call KernelPackage
,ipt-nflog
))
456 define KernelPackage
/ipt-nfqueue
457 TITLE
:=Module for user-space packet queuing
458 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
459 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
460 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
461 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
464 define KernelPackage
/ipt-nfqueue
/description
465 Netfilter module for user-space packet queuing
470 $(eval
$(call KernelPackage
,ipt-nfqueue
))
473 define KernelPackage
/ipt-debug
474 TITLE
:=Module for debugging
/development
475 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
476 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
477 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
478 $(call AddDepends
/ipt
,+kmod-ipt-raw
+IPV6
:kmod-ipt-raw6
)
481 define KernelPackage
/ipt-debug
/description
482 Netfilter modules for debugging
/development of the firewall
487 $(eval
$(call KernelPackage
,ipt-debug
))
490 define KernelPackage
/ipt-led
491 TITLE
:=Module to trigger a LED with a Netfilter rule
492 KCONFIG
:=$(KCONFIG_IPT_LED
)
493 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
494 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
495 $(call AddDepends
/ipt
)
498 define KernelPackage
/ipt-led
/description
499 Netfilter target to trigger a LED when a network packet is matched.
502 $(eval
$(call KernelPackage
,ipt-led
))
504 define KernelPackage
/ipt-tproxy
505 TITLE
:=Transparent proxying support
506 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-ip6tables
508 CONFIG_NETFILTER_XT_MATCH_SOCKET \
509 CONFIG_NETFILTER_XT_TARGET_TPROXY
511 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
512 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_TPROXY-m
)))
513 $(call AddDepends
/ipt
)
516 define KernelPackage
/ipt-tproxy
/description
517 Kernel modules for Transparent Proxying
520 $(eval
$(call KernelPackage
,ipt-tproxy
))
522 define KernelPackage
/ipt-tee
524 DEPENDS
:=+kmod-ipt-conntrack
526 CONFIG_NETFILTER_XT_TARGET_TEE
528 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
529 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
530 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
531 $(call AddDepends
/ipt
)
534 define KernelPackage
/ipt-tee
/description
535 Kernel modules for TEE
538 $(eval
$(call KernelPackage
,ipt-tee
))
541 define KernelPackage
/ipt-u32
544 CONFIG_NETFILTER_XT_MATCH_U32
546 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
547 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
548 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
549 $(call AddDepends
/ipt
)
552 define KernelPackage
/ipt-u32
/description
553 Kernel modules for U32
556 $(eval
$(call KernelPackage
,ipt-u32
))
558 define KernelPackage
/ipt-checksum
559 TITLE
:=CHECKSUM support
561 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
563 $(LINUX_DIR
)/net
/netfilter
/xt_CHECKSUM.ko \
564 $(foreach mod
,$(IPT_CHECKSUM-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
565 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CHECKSUM-m
)))
566 $(call AddDepends
/ipt
)
569 define KernelPackage
/ipt-checksum
/description
570 Kernel modules for CHECKSUM fillin target
573 $(eval
$(call KernelPackage
,ipt-checksum
))
576 define KernelPackage
/ipt-iprange
577 TITLE
:=Module for matching ip ranges
578 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
579 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
580 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
581 $(call AddDepends
/ipt
)
584 define KernelPackage
/ipt-iprange
/description
585 Netfilter
(IPv4
) module for matching ip ranges
590 $(eval
$(call KernelPackage
,ipt-iprange
))
592 define KernelPackage
/ipt-cluster
593 TITLE
:=Module for matching cluster
594 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
595 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
596 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
597 $(call AddDepends
/ipt
)
600 define KernelPackage
/ipt-cluster
/description
601 Netfilter
(IPv4
/IPv6
) module for matching cluster
602 This option allows you to build work-load-sharing clusters of
603 network servers
/stateful firewalls without having a dedicated
604 load-balancing router
/server
/switch. Basically
, this match returns
605 true when the packet must be handled by this cluster node. Thus
,
606 all nodes see
all packets and this match decides which node handles
607 what packets. The work-load sharing algorithm is based on source
610 This module is usable for ipv4 and ipv6.
612 To use it also enable iptables-mod-cluster
614 see
`iptables -m cluster --help` for more information.
617 $(eval
$(call KernelPackage
,ipt-cluster
))
619 define KernelPackage
/ipt-clusterip
620 TITLE
:=Module for CLUSTERIP
621 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
622 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
623 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
624 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
627 define KernelPackage
/ipt-clusterip
/description
628 Netfilter
(IPv4-only
) module for CLUSTERIP
629 The CLUSTERIP target allows you to build load-balancing clusters of
630 network servers without having a dedicated load-balancing
631 router
/server
/switch.
633 To use it also enable iptables-mod-clusterip
635 see
`iptables -j CLUSTERIP --help` for more information.
638 $(eval
$(call KernelPackage
,ipt-clusterip
))
641 define KernelPackage
/ipt-extra
643 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
644 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
645 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
646 $(call AddDepends
/ipt
,+kmod-br-netfilter
)
649 define KernelPackage
/ipt-extra
/description
650 Other Netfilter
(IPv4
) kernel modules
654 - physdev
(if bridge support was enabled in kernel
)
659 $(eval
$(call KernelPackage
,ipt-extra
))
662 define KernelPackage
/ip6tables
665 DEPENDS
:=+kmod-nf-reject6
+kmod-nf-ipt6
+kmod-ipt-core
666 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
667 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
668 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
671 define KernelPackage
/ip6tables
/description
672 Netfilter IPv6 firewalling support
675 $(eval
$(call KernelPackage
,ip6tables
))
677 define KernelPackage
/ip6tables-extra
679 TITLE
:=Extra IPv6 modules
680 DEPENDS
:=+kmod-ip6tables
681 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
682 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
683 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
686 define KernelPackage
/ip6tables-extra
/description
687 Netfilter IPv6 extra header matching modules
690 $(eval
$(call KernelPackage
,ip6tables-extra
))
692 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
693 define KernelPackage
/arptables
695 TITLE
:=ARP firewalling modules
696 DEPENDS
:=+kmod-ipt-core
697 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
698 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
699 CONFIG_IP_NF_ARPFILTER \
700 CONFIG_IP_NF_ARP_MANGLE
701 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
704 define KernelPackage
/arptables
/description
705 Kernel modules for ARP firewalling
708 $(eval
$(call KernelPackage
,arptables
))
711 define KernelPackage
/br-netfilter
713 TITLE
:=Bridge netfilter support modules
715 DEPENDS
:=+kmod-ipt-core
716 FILES
:=$(LINUX_DIR
)/net
/bridge
/br_netfilter.ko
717 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
718 AUTOLOAD
:=$(call AutoProbe
,br_netfilter
)
721 $(eval
$(call KernelPackage
,br-netfilter
))
724 define KernelPackage
/ebtables
726 TITLE
:=Bridge firewalling modules
727 DEPENDS
:=+kmod-ipt-core
+kmod-br-netfilter
728 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
729 KCONFIG
:=$(KCONFIG_EBTABLES
)
730 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
733 define KernelPackage
/ebtables
/description
734 ebtables is a general
, extensible frame
/packet identification
735 framework. It provides you to do Ethernet
736 filtering
/NAT
/brouting on the Ethernet bridge.
739 $(eval
$(call KernelPackage
,ebtables
))
742 define AddDepends
/ebtables
744 DEPENDS
+=kmod-ebtables
$(1)
748 define KernelPackage
/ebtables-ipv4
749 TITLE
:=ebtables
: IPv4 support
750 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
751 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
752 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
753 $(call AddDepends
/ebtables
)
756 define KernelPackage
/ebtables-ipv4
/description
757 This option adds the IPv4 support to ebtables
, which allows basic
758 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
761 $(eval
$(call KernelPackage
,ebtables-ipv4
))
764 define KernelPackage
/ebtables-ipv6
765 TITLE
:=ebtables
: IPv6 support
766 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
767 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
768 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
769 $(call AddDepends
/ebtables
)
772 define KernelPackage
/ebtables-ipv6
/description
773 This option adds the IPv6 support to ebtables
, which allows basic
774 IPv6 header field filtering and target support.
777 $(eval
$(call KernelPackage
,ebtables-ipv6
))
780 define KernelPackage
/ebtables-watchers
781 TITLE
:=ebtables
: watchers support
782 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
783 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
784 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
785 $(call AddDepends
/ebtables
)
788 define KernelPackage
/ebtables-watchers
/description
789 This option adds the log watchers
, that you can use in any rule
790 in any ebtables table.
793 $(eval
$(call KernelPackage
,ebtables-watchers
))
796 define KernelPackage
/nfnetlink
798 TITLE
:=Netlink-based userspace interface
799 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
800 KCONFIG
:=$(KCONFIG_NFNETLINK
)
801 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
804 define KernelPackage
/nfnetlink
/description
805 Kernel modules support for a netlink-based userspace interface
808 $(eval
$(call KernelPackage
,nfnetlink
))
811 define AddDepends
/nfnetlink
813 DEPENDS
+=+kmod-nfnetlink
$(1)
817 define KernelPackage
/nfnetlink-log
818 TITLE
:=Netfilter LOG over NFNETLINK interface
819 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
820 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
821 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
822 $(call AddDepends
/nfnetlink
)
825 define KernelPackage
/nfnetlink-log
/description
826 Kernel modules support for logging packets via NFNETLINK
831 $(eval
$(call KernelPackage
,nfnetlink-log
))
834 define KernelPackage
/nfnetlink-queue
835 TITLE
:=Netfilter QUEUE over NFNETLINK interface
836 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
837 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
838 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
839 $(call AddDepends
/nfnetlink
)
842 define KernelPackage
/nfnetlink-queue
/description
843 Kernel modules support for queueing packets via NFNETLINK
848 $(eval
$(call KernelPackage
,nfnetlink-queue
))
851 define KernelPackage
/nf-conntrack-netlink
852 TITLE
:=Connection tracking netlink interface
853 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
854 KCONFIG
:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS
=y
855 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
856 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
859 define KernelPackage
/nf-conntrack-netlink
/description
860 Kernel modules support for a netlink-based connection tracking
864 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
866 define KernelPackage
/ipt-hashlimit
868 TITLE
:=Netfilter hashlimit match
869 DEPENDS
:=+kmod-ipt-core
870 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
871 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
872 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
873 $(call KernelPackage
/ipt
)
876 define KernelPackage
/ipt-hashlimit
/description
877 Kernel modules support for the hashlimit bucket match module
880 $(eval
$(call KernelPackage
,ipt-hashlimit
))
882 define KernelPackage
/ipt-rpfilter
884 TITLE
:=Netfilter rpfilter match
885 DEPENDS
:=+kmod-ipt-core
886 KCONFIG
:=$(KCONFIG_IPT_RPFILTER
)
888 $(LINUX_DIR
)/net
/ipv4
/netfilter
/ipt_rpfilter.ko \
889 $(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6t_rpfilter.ko
)
890 AUTOLOAD
:=$(call AutoProbe
,ipt_rpfilter ip6t_rpfilter
)
891 $(call KernelPackage
/ipt
)
894 define KernelPackage
/ipt-rpfilter
/description
895 Kernel modules support for the Netfilter rpfilter match
898 $(eval
$(call KernelPackage
,ipt-rpfilter
))
901 define KernelPackage
/nft-core
903 TITLE
:=Netfilter nf_tables support
904 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-reject
+kmod-nf-reject6
+kmod-nf-conntrack6
905 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
906 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
908 CONFIG_NFT_COMPAT
=n \
913 define KernelPackage
/nft-core
/description
914 Kernel module support for nftables
917 $(eval
$(call KernelPackage
,nft-core
))
920 define KernelPackage
/nft-arp
922 TITLE
:=Netfilter nf_tables ARP table support
923 DEPENDS
:=+kmod-nft-core
924 FILES
:=$(foreach mod
,$(NFT_ARP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
925 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_ARP-m
)))
926 KCONFIG
:=$(KCONFIG_NFT_ARP
)
929 $(eval
$(call KernelPackage
,nft-arp
))
932 define KernelPackage
/nft-bridge
934 TITLE
:=Netfilter nf_tables bridge table support
935 DEPENDS
:=+kmod-nft-core
936 FILES
:=$(foreach mod
,$(NFT_BRIDGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
937 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_BRIDGE-m
)))
939 CONFIG_NF_LOG_BRIDGE
=n \
940 $(KCONFIG_NFT_BRIDGE
)
943 $(eval
$(call KernelPackage
,nft-bridge
))
946 define KernelPackage
/nft-nat
948 TITLE
:=Netfilter nf_tables NAT support
949 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
950 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
951 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
952 KCONFIG
:=$(KCONFIG_NFT_NAT
)
955 $(eval
$(call KernelPackage
,nft-nat
))
958 define KernelPackage
/nft-nat6
960 TITLE
:=Netfilter nf_tables IPv6-NAT support
961 DEPENDS
:=+kmod-nft-nat
+kmod-nf-nat6
962 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
963 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
964 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
967 $(eval
$(call KernelPackage
,nft-nat6
))