3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-ipt
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
25 $(eval
$(call KernelPackage
,nf-ipt
))
28 define KernelPackage
/nf-ipt6
31 KCONFIG
:=$(KCONFIG_NF_IPT6
)
32 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
33 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
34 DEPENDS
:=+kmod-nf-ipt
+kmod-nf-conntrack6
37 $(eval
$(call KernelPackage
,nf-ipt6
))
41 define KernelPackage
/ipt-core
44 KCONFIG
:=$(KCONFIG_IPT_CORE
)
45 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
46 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
50 define KernelPackage
/ipt-core
/description
51 Netfilter core kernel modules
62 $(eval
$(call KernelPackage
,ipt-core
))
65 define KernelPackage
/nf-conntrack
67 TITLE
:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED
=y \
71 $(KCONFIG_NF_CONNTRACK
)
72 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
73 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
76 $(eval
$(call KernelPackage
,nf-conntrack
))
79 define KernelPackage
/nf-conntrack6
81 TITLE
:=Netfilter IPv6 connection tracking
82 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
83 DEPENDS
:=+kmod-ipv6
+kmod-nf-conntrack
84 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
85 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
88 $(eval
$(call KernelPackage
,nf-conntrack6
))
91 define KernelPackage
/nf-nat
94 KCONFIG
:=$(KCONFIG_NF_NAT
)
95 DEPENDS
:=+kmod-nf-conntrack
+kmod-nf-ipt
96 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
97 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
100 $(eval
$(call KernelPackage
,nf-nat
))
103 define KernelPackage
/nf-nat6
105 TITLE
:=Netfilter IPV6-NAT
106 KCONFIG
:=$(KCONFIG_NF_NAT6
)
107 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-ipt6
+kmod-nf-nat
108 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
109 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
112 $(eval
$(call KernelPackage
,nf-nat6
))
115 define AddDepends
/ipt
117 DEPENDS
+= +kmod-ipt-core
$(1)
121 define KernelPackage
/ipt-conntrack
122 TITLE
:=Basic connection tracking modules
123 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
124 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
125 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
126 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
129 define KernelPackage
/ipt-conntrack
/description
130 Netfilter
(IPv4
) kernel modules for connection tracking
139 $(eval
$(call KernelPackage
,ipt-conntrack
))
142 define KernelPackage
/ipt-conntrack-extra
143 TITLE
:=Extra connection tracking modules
144 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
145 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
146 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
147 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
150 define KernelPackage
/ipt-conntrack-extra
/description
151 Netfilter
(IPv4
) extra kernel modules for connection tracking
160 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
163 define KernelPackage
/ipt-filter
164 TITLE
:=Modules for packet content inspection
165 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
166 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
167 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
168 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
171 define KernelPackage
/ipt-filter
/description
172 Netfilter
(IPv4
) kernel modules for packet content inspection
178 $(eval
$(call KernelPackage
,ipt-filter
))
181 define KernelPackage
/ipt-ipopt
182 TITLE
:=Modules for matching
/changing IP packet options
183 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
184 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
185 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
186 $(call AddDepends
/ipt
)
189 define KernelPackage
/ipt-ipopt
/description
190 Netfilter
(IPv4
) modules for matching
/changing IP packet options
205 $(eval
$(call KernelPackage
,ipt-ipopt
))
208 define KernelPackage
/ipt-ipsec
209 TITLE
:=Modules for matching IPSec packets
210 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
211 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
212 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
213 $(call AddDepends
/ipt
)
216 define KernelPackage
/ipt-ipsec
/description
217 Netfilter
(IPv4
) modules for matching IPSec packets
224 $(eval
$(call KernelPackage
,ipt-ipsec
))
228 ipset
/ip_set_bitmap_ip \
229 ipset
/ip_set_bitmap_ipmac \
230 ipset
/ip_set_bitmap_port \
231 ipset
/ip_set_hash_ip \
232 ipset
/ip_set_hash_ipmark \
233 ipset
/ip_set_hash_ipport \
234 ipset
/ip_set_hash_ipportip \
235 ipset
/ip_set_hash_ipportnet \
236 ipset
/ip_set_hash_mac \
237 ipset
/ip_set_hash_netportnet \
238 ipset
/ip_set_hash_net \
239 ipset
/ip_set_hash_netnet \
240 ipset
/ip_set_hash_netport \
241 ipset
/ip_set_hash_netiface \
242 ipset
/ip_set_list_set \
245 define KernelPackage
/ipt-ipset
246 SUBMENU
:=Netfilter Extensions
247 TITLE
:=IPset netfilter modules
248 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
251 CONFIG_IP_SET_MAX
=256 \
252 CONFIG_NETFILTER_XT_SET \
253 CONFIG_IP_SET_BITMAP_IP \
254 CONFIG_IP_SET_BITMAP_IPMAC \
255 CONFIG_IP_SET_BITMAP_PORT \
256 CONFIG_IP_SET_HASH_IP \
257 CONFIG_IP_SET_HASH_IPMARK \
258 CONFIG_IP_SET_HASH_IPPORT \
259 CONFIG_IP_SET_HASH_IPPORTIP \
260 CONFIG_IP_SET_HASH_IPPORTNET \
261 CONFIG_IP_SET_HASH_MAC \
262 CONFIG_IP_SET_HASH_NET \
263 CONFIG_IP_SET_HASH_NETNET \
264 CONFIG_IP_SET_HASH_NETIFACE \
265 CONFIG_IP_SET_HASH_NETPORT \
266 CONFIG_IP_SET_HASH_NETPORTNET \
267 CONFIG_IP_SET_LIST_SET \
268 CONFIG_NET_EMATCH_IPSET
=n
269 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
270 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
272 $(eval
$(call KernelPackage
,ipt-ipset
))
275 define KernelPackage
/ipt-nat
276 TITLE
:=Basic NAT targets
277 KCONFIG
:=$(KCONFIG_IPT_NAT
)
278 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
279 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
280 $(call AddDepends
/ipt
,+kmod-nf-nat
)
283 define KernelPackage
/ipt-nat
/description
284 Netfilter
(IPv4
) kernel modules for basic NAT targets
289 $(eval
$(call KernelPackage
,ipt-nat
))
292 define KernelPackage
/ipt-nat6
293 TITLE
:=IPv6 NAT targets
294 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
295 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
296 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
297 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
298 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
299 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
300 $(call AddDepends
/ipt
,+kmod-ip6tables
)
303 define KernelPackage
/ipt-nat6
/description
304 Netfilter
(IPv6
) kernel modules for NAT targets
307 $(eval
$(call KernelPackage
,ipt-nat6
))
310 define KernelPackage
/ipt-nat-extra
311 TITLE
:=Extra NAT targets
312 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
313 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
314 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
315 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
318 define KernelPackage
/ipt-nat-extra
/description
319 Netfilter
(IPv4
) kernel modules for extra NAT targets
325 $(eval
$(call KernelPackage
,ipt-nat-extra
))
328 define KernelPackage
/nf-nathelper
330 TITLE
:=Basic Conntrack and NAT helpers
331 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
332 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
333 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
334 DEPENDS
:=+kmod-nf-nat
337 define KernelPackage
/nf-nathelper
/description
338 Default Netfilter
(IPv4
) Conntrack and NAT helpers
345 $(eval
$(call KernelPackage
,nf-nathelper
))
348 define KernelPackage
/nf-nathelper-extra
350 TITLE
:=Extra Conntrack and NAT helpers
351 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
352 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
353 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
354 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
357 define KernelPackage
/nf-nathelper-extra
/description
358 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
370 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
373 define KernelPackage
/ipt-queue
374 TITLE
:=Module for user-space packet queueing
375 KCONFIG
:=$(KCONFIG_IPT_QUEUE
)
376 FILES
:=$(foreach mod
,$(IPT_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
377 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_QUEUE-m
)))
378 $(call AddDepends
/ipt
)
381 define KernelPackage
/ipt-queue
/description
382 Netfilter
(IPv4
) module for user-space packet queueing
387 $(eval
$(call KernelPackage
,ipt-queue
))
390 define KernelPackage
/ipt-ulog
391 TITLE
:=Module for user-space packet logging
392 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
393 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
394 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
395 $(call AddDepends
/ipt
)
398 define KernelPackage
/ipt-ulog
/description
399 Netfilter
(IPv4
) module for user-space packet logging
404 $(eval
$(call KernelPackage
,ipt-ulog
))
407 define KernelPackage
/ipt-nflog
408 TITLE
:=Module for user-space packet logging
409 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
410 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
411 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
412 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
415 define KernelPackage
/ipt-nflog
/description
416 Netfilter module for user-space packet logging
421 $(eval
$(call KernelPackage
,ipt-nflog
))
424 define KernelPackage
/ipt-nfqueue
425 TITLE
:=Module for user-space packet queuing
426 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
427 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
428 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
429 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
432 define KernelPackage
/ipt-nfqueue
/description
433 Netfilter module for user-space packet queuing
438 $(eval
$(call KernelPackage
,ipt-nfqueue
))
441 define KernelPackage
/ipt-debug
442 TITLE
:=Module for debugging
/development
443 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
445 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
446 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
447 $(call AddDepends
/ipt
)
450 define KernelPackage
/ipt-debug
/description
451 Netfilter modules for debugging
/development of the firewall
456 $(eval
$(call KernelPackage
,ipt-debug
))
459 define KernelPackage
/ipt-led
460 TITLE
:=Module to trigger a LED with a Netfilter rule
461 KCONFIG
:=$(KCONFIG_IPT_LED
)
462 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
463 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
464 $(call AddDepends
/ipt
)
467 define KernelPackage
/ipt-led
/description
468 Netfilter target to trigger a LED when a network packet is matched.
471 $(eval
$(call KernelPackage
,ipt-led
))
473 define KernelPackage
/ipt-tproxy
474 TITLE
:=Transparent proxying support
475 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-ipv6
+IPV6
:kmod-ip6tables
477 CONFIG_NETFILTER_TPROXY \
478 CONFIG_NETFILTER_XT_MATCH_SOCKET \
479 CONFIG_NETFILTER_XT_TARGET_TPROXY
481 $(if
$(call kernel_patchver_lt
,3.12),$(LINUX_DIR
)/net
/netfilter
/nf_tproxy_core.ko
) \
482 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
483 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tproxy_core
$(IPT_TPROXY-m
)))
484 $(call AddDepends
/ipt
)
487 define KernelPackage
/ipt-tproxy
/description
488 Kernel modules for Transparent Proxying
491 $(eval
$(call KernelPackage
,ipt-tproxy
))
493 define KernelPackage
/ipt-tee
495 DEPENDS
:=+kmod-ipt-conntrack
+IPV6
:kmod-ipv6
497 CONFIG_NETFILTER_XT_TARGET_TEE
499 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
500 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
501 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
502 $(call AddDepends
/ipt
)
505 define KernelPackage
/ipt-tee
/description
506 Kernel modules for TEE
509 $(eval
$(call KernelPackage
,ipt-tee
))
512 define KernelPackage
/ipt-u32
515 CONFIG_NETFILTER_XT_MATCH_U32
517 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
518 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
519 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
520 $(call AddDepends
/ipt
)
523 define KernelPackage
/ipt-u32
/description
524 Kernel modules for U32
527 $(eval
$(call KernelPackage
,ipt-u32
))
530 define KernelPackage
/ipt-iprange
531 TITLE
:=Module for matching ip ranges
532 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
533 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
534 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
535 $(call AddDepends
/ipt
)
538 define KernelPackage
/ipt-iprange
/description
539 Netfilter
(IPv4
) module for matching ip ranges
544 $(eval
$(call KernelPackage
,ipt-iprange
))
546 define KernelPackage
/ipt-cluster
547 TITLE
:=Module for matching cluster
548 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
549 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
550 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
551 $(call AddDepends
/ipt
)
554 define KernelPackage
/ipt-cluster
/description
555 Netfilter
(IPv4
/IPv6
) module for matching cluster
556 This option allows you to build work-load-sharing clusters of
557 network servers
/stateful firewalls without having a dedicated
558 load-balancing router
/server
/switch. Basically
, this match returns
559 true when the packet must be handled by this cluster node. Thus
,
560 all nodes see
all packets and this match decides which node handles
561 what packets. The work-load sharing algorithm is based on source
564 This module is usable for ipv4 and ipv6.
566 To use it also enable iptables-mod-cluster
568 see
`iptables -m cluster --help` for more information.
571 $(eval
$(call KernelPackage
,ipt-cluster
))
573 define KernelPackage
/ipt-clusterip
574 TITLE
:=Module for CLUSTERIP
575 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
576 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
577 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
578 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
581 define KernelPackage
/ipt-clusterip
/description
582 Netfilter
(IPv4-only
) module for CLUSTERIP
583 The CLUSTERIP target allows you to build load-balancing clusters of
584 network servers without having a dedicated load-balancing
585 router
/server
/switch.
587 To use it also enable iptables-mod-clusterip
589 see
`iptables -j CLUSTERIP --help` for more information.
592 $(eval
$(call KernelPackage
,ipt-clusterip
))
595 define KernelPackage
/ipt-extra
597 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
598 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
599 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
600 $(call AddDepends
/ipt
)
603 define KernelPackage
/ipt-extra
/description
604 Other Netfilter
(IPv4
) kernel modules
608 - physdev
(if bridge support was enabled in kernel
)
613 $(eval
$(call KernelPackage
,ipt-extra
))
616 define KernelPackage
/ip6tables
619 DEPENDS
:=+kmod-nf-ipt6
+kmod-ipt-core
+kmod-ipt-conntrack
620 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
621 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
622 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
625 define KernelPackage
/ip6tables
/description
626 Netfilter IPv6 firewalling support
629 $(eval
$(call KernelPackage
,ip6tables
))
631 define KernelPackage
/ip6tables-extra
633 TITLE
:=Extra IPv6 modules
634 DEPENDS
:=+kmod-ip6tables
635 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
636 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
637 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
640 define KernelPackage
/ip6tables-extra
/description
641 Netfilter IPv6 extra header matching modules
644 $(eval
$(call KernelPackage
,ip6tables-extra
))
646 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
647 define KernelPackage
/arptables
649 TITLE
:=ARP firewalling modules
650 DEPENDS
:=+kmod-ipt-core
651 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
652 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
653 CONFIG_IP_NF_ARPFILTER \
654 CONFIG_IP_NF_ARP_MANGLE
655 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
658 define KernelPackage
/arptables
/description
659 Kernel modules for ARP firewalling
662 $(eval
$(call KernelPackage
,arptables
))
665 define KernelPackage
/ebtables
667 TITLE
:=Bridge firewalling modules
668 DEPENDS
:=+kmod-ipt-core
+kmod-bridge
669 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
670 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
=y \
672 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
675 define KernelPackage
/ebtables
/description
676 ebtables is a general
, extensible frame
/packet identification
677 framework. It provides you to do Ethernet
678 filtering
/NAT
/brouting on the Ethernet bridge.
681 $(eval
$(call KernelPackage
,ebtables
))
684 define AddDepends
/ebtables
686 DEPENDS
+=kmod-ebtables
$(1)
690 define KernelPackage
/ebtables-ipv4
691 TITLE
:=ebtables
: IPv4 support
692 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
693 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
694 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
695 $(call AddDepends
/ebtables
)
698 define KernelPackage
/ebtables-ipv4
/description
699 This option adds the IPv4 support to ebtables
, which allows basic
700 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
703 $(eval
$(call KernelPackage
,ebtables-ipv4
))
706 define KernelPackage
/ebtables-ipv6
707 TITLE
:=ebtables
: IPv6 support
708 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
709 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
710 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
711 $(call AddDepends
/ebtables
)
714 define KernelPackage
/ebtables-ipv6
/description
715 This option adds the IPv6 support to ebtables
, which allows basic
716 IPv6 header field filtering and target support.
719 $(eval
$(call KernelPackage
,ebtables-ipv6
))
722 define KernelPackage
/ebtables-watchers
723 TITLE
:=ebtables
: watchers support
724 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
725 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
726 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
727 $(call AddDepends
/ebtables
)
730 define KernelPackage
/ebtables-watchers
/description
731 This option adds the log watchers
, that you can use in any rule
732 in any ebtables table.
735 $(eval
$(call KernelPackage
,ebtables-watchers
))
738 define KernelPackage
/nfnetlink
740 TITLE
:=Netlink-based userspace interface
741 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
742 KCONFIG
:=$(KCONFIG_NFNETLINK
)
743 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
746 define KernelPackage
/nfnetlink
/description
747 Kernel modules support for a netlink-based userspace interface
750 $(eval
$(call KernelPackage
,nfnetlink
))
753 define AddDepends
/nfnetlink
755 DEPENDS
+=+kmod-nfnetlink
$(1)
759 define KernelPackage
/nfnetlink-log
760 TITLE
:=Netfilter LOG over NFNETLINK interface
761 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
762 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
763 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
764 $(call AddDepends
/nfnetlink
)
767 define KernelPackage
/nfnetlink-log
/description
768 Kernel modules support for logging packets via NFNETLINK
773 $(eval
$(call KernelPackage
,nfnetlink-log
))
776 define KernelPackage
/nfnetlink-queue
777 TITLE
:=Netfilter QUEUE over NFNETLINK interface
778 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
779 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
780 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
781 $(call AddDepends
/nfnetlink
)
784 define KernelPackage
/nfnetlink-queue
/description
785 Kernel modules support for queueing packets via NFNETLINK
790 $(eval
$(call KernelPackage
,nfnetlink-queue
))
793 define KernelPackage
/nf-conntrack-netlink
794 TITLE
:=Connection tracking netlink interface
795 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
796 KCONFIG
:=CONFIG_NF_CT_NETLINK
797 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
798 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
801 define KernelPackage
/nf-conntrack-netlink
/description
802 Kernel modules support for a netlink-based connection tracking
806 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
808 define KernelPackage
/ipt-hashlimit
810 TITLE
:=Netfilter hashlimit match
811 DEPENDS
:=+kmod-ipt-core
812 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
813 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
814 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
815 $(call KernelPackage
/ipt
)
818 define KernelPackage
/ipt-hashlimit
/description
819 Kernel modules support for the hashlimit bucket match module
822 $(eval
$(call KernelPackage
,ipt-hashlimit
))
825 define KernelPackage
/nft-core
827 TITLE
:=Netfilter nf_tables support
828 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-conntrack6
829 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
830 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
833 CONFIG_NETFILTER_ADVANCED
=y \
834 CONFIG_NFT_COMPAT
=n \
836 CONFIG_NF_TABLES_ARP
=n \
837 CONFIG_NF_TABLES_BRIDGE
=n \
841 define KernelPackage
/nft-core
/description
842 Kernel module support for nftables
845 $(eval
$(call KernelPackage
,nft-core
))
848 define KernelPackage
/nft-nat
850 TITLE
:=Netfilter nf_tables NAT support
851 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
852 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
853 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
854 KCONFIG
:=$(KCONFIG_NFT_NAT
)
857 $(eval
$(call KernelPackage
,nft-nat
))
860 define KernelPackage
/nft-nat6
862 TITLE
:=Netfilter nf_tables IPv6-NAT support
863 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat6
864 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
865 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
866 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
869 $(eval
$(call KernelPackage
,nft-nat6
))