3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-reject
16 TITLE
:=Netfilter IPv4 reject support
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_REJECT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT-m
)))
25 $(eval
$(call KernelPackage
,nf-reject
))
28 define KernelPackage
/nf-reject6
30 TITLE
:=Netfilter IPv6 reject support
33 CONFIG_NETFILTER_ADVANCED
=y \
36 FILES
:=$(foreach mod
,$(NF_REJECT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
37 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT6-m
)))
40 $(eval
$(call KernelPackage
,nf-reject6
))
43 define KernelPackage
/nf-ipt
46 KCONFIG
:=$(KCONFIG_NF_IPT
)
47 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
48 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
51 $(eval
$(call KernelPackage
,nf-ipt
))
54 define KernelPackage
/nf-ipt6
57 KCONFIG
:=$(KCONFIG_NF_IPT6
)
58 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
59 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
63 $(eval
$(call KernelPackage
,nf-ipt6
))
67 define KernelPackage
/ipt-core
70 KCONFIG
:=$(KCONFIG_IPT_CORE
)
71 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
72 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
73 DEPENDS
:=+kmod-nf-reject
+kmod-nf-ipt
76 define KernelPackage
/ipt-core
/description
77 Netfilter core kernel modules
88 $(eval
$(call KernelPackage
,ipt-core
))
91 define KernelPackage
/nf-conntrack
93 TITLE
:=Netfilter connection tracking
96 CONFIG_NETFILTER_ADVANCED
=y \
97 CONFIG_NF_CONNTRACK_MARK
=y \
98 CONFIG_NF_CONNTRACK_ZONES
=y \
99 $(KCONFIG_NF_CONNTRACK
)
100 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
101 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
104 define KernelPackage
/nf-conntrack
/install
105 $(INSTALL_DIR
) $(1)/etc
/sysctl.d
106 $(INSTALL_DATA
) .
/files
/sysctl-nf-conntrack.conf
$(1)/etc
/sysctl.d
/11-nf-conntrack.conf
109 $(eval
$(call KernelPackage
,nf-conntrack
))
112 define KernelPackage
/nf-conntrack6
114 TITLE
:=Netfilter IPv6 connection tracking
115 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
116 DEPENDS
:=@IPV6
+kmod-nf-conntrack
117 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
118 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
121 $(eval
$(call KernelPackage
,nf-conntrack6
))
124 define KernelPackage
/nf-nat
127 KCONFIG
:=$(KCONFIG_NF_NAT
)
128 DEPENDS
:=+kmod-nf-conntrack
129 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
130 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
133 $(eval
$(call KernelPackage
,nf-nat
))
136 define KernelPackage
/nf-nat6
138 TITLE
:=Netfilter IPV6-NAT
139 KCONFIG
:=$(KCONFIG_NF_NAT6
)
140 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-nat
141 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
142 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
145 $(eval
$(call KernelPackage
,nf-nat6
))
148 define KernelPackage
/nf-flow
150 TITLE
:=Netfilter flowtable support
152 CONFIG_NETFILTER_INGRESS
=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS
:=+kmod-nf-conntrack @
!LINUX_3_18 @
!LINUX_4_9
157 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table.ko \
158 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table_hw.ko
159 AUTOLOAD
:=$(call AutoProbe
,nf_flow_table nf_flow_table_hw
)
162 $(eval
$(call KernelPackage
,nf-flow
))
165 define AddDepends
/ipt
167 DEPENDS
+= +kmod-ipt-core
$(1)
171 define KernelPackage
/ipt-conntrack
172 TITLE
:=Basic connection tracking modules
173 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
174 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
175 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
176 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
179 define KernelPackage
/ipt-conntrack
/description
180 Netfilter
(IPv4
) kernel modules for connection tracking
189 $(eval
$(call KernelPackage
,ipt-conntrack
))
192 define KernelPackage
/ipt-conntrack-extra
193 TITLE
:=Extra connection tracking modules
194 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
195 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
196 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
197 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
200 define KernelPackage
/ipt-conntrack-extra
/description
201 Netfilter
(IPv4
) extra kernel modules for connection tracking
210 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
212 define KernelPackage
/ipt-conntrack-label
213 TITLE
:=Module for handling connection tracking labels
214 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_LABEL
)
215 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_LABEL-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
216 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_LABEL-m
)))
217 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
220 define KernelPackage
/ipt-conntrack-label
/description
221 Netfilter
(IPv4
) module for handling connection tracking labels
226 $(eval
$(call KernelPackage
,ipt-conntrack-label
))
228 define KernelPackage
/ipt-filter
229 TITLE
:=Modules for packet content inspection
230 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
231 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
232 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
233 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
236 define KernelPackage
/ipt-filter
/description
237 Netfilter
(IPv4
) kernel modules for packet content inspection
243 $(eval
$(call KernelPackage
,ipt-filter
))
246 define KernelPackage
/ipt-offload
247 TITLE
:=Netfilter routing
/NAT offload support
248 KCONFIG
:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
249 FILES
:=$(foreach mod
,$(IPT_FLOW-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
250 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FLOW-m
)))
251 $(call AddDepends
/ipt
,+kmod-nf-flow
)
254 $(eval
$(call KernelPackage
,ipt-offload
))
257 define KernelPackage
/ipt-ipopt
258 TITLE
:=Modules for matching
/changing IP packet options
259 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
260 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
261 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
262 $(call AddDepends
/ipt
)
265 define KernelPackage
/ipt-ipopt
/description
266 Netfilter
(IPv4
) modules for matching
/changing IP packet options
281 $(eval
$(call KernelPackage
,ipt-ipopt
))
284 define KernelPackage
/ipt-ipsec
285 TITLE
:=Modules for matching IPSec packets
286 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
287 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
288 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
289 $(call AddDepends
/ipt
)
292 define KernelPackage
/ipt-ipsec
/description
293 Netfilter
(IPv4
) modules for matching IPSec packets
300 $(eval
$(call KernelPackage
,ipt-ipsec
))
304 ipset
/ip_set_bitmap_ip \
305 ipset
/ip_set_bitmap_ipmac \
306 ipset
/ip_set_bitmap_port \
307 ipset
/ip_set_hash_ip \
308 ipset
/ip_set_hash_ipmark \
309 ipset
/ip_set_hash_ipport \
310 ipset
/ip_set_hash_ipportip \
311 ipset
/ip_set_hash_ipportnet \
312 ipset
/ip_set_hash_mac \
313 ipset
/ip_set_hash_netportnet \
314 ipset
/ip_set_hash_net \
315 ipset
/ip_set_hash_netnet \
316 ipset
/ip_set_hash_netport \
317 ipset
/ip_set_hash_netiface \
318 ipset
/ip_set_list_set \
321 define KernelPackage
/ipt-ipset
322 SUBMENU
:=Netfilter Extensions
323 TITLE
:=IPset netfilter modules
324 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
327 CONFIG_IP_SET_MAX
=256 \
328 CONFIG_NETFILTER_XT_SET \
329 CONFIG_IP_SET_BITMAP_IP \
330 CONFIG_IP_SET_BITMAP_IPMAC \
331 CONFIG_IP_SET_BITMAP_PORT \
332 CONFIG_IP_SET_HASH_IP \
333 CONFIG_IP_SET_HASH_IPMAC \
334 CONFIG_IP_SET_HASH_IPMARK \
335 CONFIG_IP_SET_HASH_IPPORT \
336 CONFIG_IP_SET_HASH_IPPORTIP \
337 CONFIG_IP_SET_HASH_IPPORTNET \
338 CONFIG_IP_SET_HASH_MAC \
339 CONFIG_IP_SET_HASH_NET \
340 CONFIG_IP_SET_HASH_NETNET \
341 CONFIG_IP_SET_HASH_NETIFACE \
342 CONFIG_IP_SET_HASH_NETPORT \
343 CONFIG_IP_SET_HASH_NETPORTNET \
344 CONFIG_IP_SET_LIST_SET \
345 CONFIG_NET_EMATCH_IPSET
=n
346 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
347 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
349 $(eval
$(call KernelPackage
,ipt-ipset
))
368 define KernelPackage
/nf-ipvs
369 SUBMENU
:=Netfilter Extensions
370 TITLE
:=IP Virtual Server modules
371 DEPENDS
:=@IPV6
+kmod-lib-crc32c
+kmod-ipt-conntrack
+kmod-nf-conntrack
374 CONFIG_IP_VS_IPV6
=y \
375 CONFIG_IP_VS_DEBUG
=n \
376 CONFIG_IP_VS_PROTO_TCP
=y \
377 CONFIG_IP_VS_PROTO_UDP
=y \
378 CONFIG_IP_VS_PROTO_AH_ESP
=y \
379 CONFIG_IP_VS_PROTO_ESP
=y \
380 CONFIG_IP_VS_PROTO_AH
=y \
381 CONFIG_IP_VS_PROTO_SCTP
=y \
382 CONFIG_IP_VS_TAB_BITS
=12 \
395 CONFIG_IP_VS_SH_TAB_BITS
=8 \
396 CONFIG_IP_VS_NFCT
=y \
397 CONFIG_NETFILTER_XT_MATCH_IPVS
398 FILES
:=$(foreach mod
,$(IPVS_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
399 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
,+kmod-nf-conntrack
)
402 define KernelPackage
/nf-ipvs
/description
403 IPVS
(IP Virtual Server
) implements transport-layer load balancing inside
404 the Linux kernel so called Layer-4 switching.
407 $(eval
$(call KernelPackage
,nf-ipvs
))
410 define KernelPackage
/nf-ipvs-ftp
412 TITLE
:=Virtual Server FTP protocol support
413 KCONFIG
:=CONFIG_IP_VS_FTP
414 DEPENDS
:=kmod-nf-ipvs
+kmod-nf-nat
+kmod-nf-nathelper
415 FILES
:=$(LINUX_DIR
)/net
/netfilter
/ipvs
/ip_vs_ftp.ko
418 define KernelPackage
/nf-ipvs-ftp
/description
419 In the virtual server via Network Address Translation
,
420 the IP address and port number of real servers cannot be sent to
421 clients in ftp connections directly
, so FTP protocol helper is
422 required for tracking the connection and mangling it back to that of
426 $(eval
$(call KernelPackage
,nf-ipvs-ftp
))
429 define KernelPackage
/nf-ipvs-sip
431 TITLE
:=Virtual Server SIP protocol support
432 KCONFIG
:=CONFIG_IP_VS_PE_SIP
433 DEPENDS
:=kmod-nf-ipvs
+kmod-nf-nathelper-extra
434 FILES
:=$(LINUX_DIR
)/net
/netfilter
/ipvs
/ip_vs_pe_sip.ko
437 define KernelPackage
/nf-ipvs-sip
/description
438 Allow persistence based on the SIP Call-ID
441 $(eval
$(call KernelPackage
,nf-ipvs-sip
))
444 define KernelPackage
/ipt-nat
445 TITLE
:=Basic NAT targets
446 KCONFIG
:=$(KCONFIG_IPT_NAT
)
447 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
448 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
449 $(call AddDepends
/ipt
,+kmod-nf-nat
)
452 define KernelPackage
/ipt-nat
/description
453 Netfilter
(IPv4
) kernel modules for basic NAT targets
458 $(eval
$(call KernelPackage
,ipt-nat
))
461 define KernelPackage
/ipt-raw
462 TITLE
:=Netfilter IPv4 raw table support
463 KCONFIG
:=CONFIG_IP_NF_RAW
464 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/iptable_raw.ko
465 AUTOLOAD
:=$(call AutoProbe
,iptable_raw
)
466 $(call AddDepends
/ipt
)
469 $(eval
$(call KernelPackage
,ipt-raw
))
472 define KernelPackage
/ipt-raw6
473 TITLE
:=Netfilter IPv6 raw table support
474 KCONFIG
:=CONFIG_IP6_NF_RAW
475 FILES
:=$(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6table_raw.ko
476 AUTOLOAD
:=$(call AutoProbe
,ip6table_raw
)
477 $(call AddDepends
/ipt
,+kmod-ip6tables
)
480 $(eval
$(call KernelPackage
,ipt-raw6
))
483 define KernelPackage
/ipt-nat6
484 TITLE
:=IPv6 NAT targets
485 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
486 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
487 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
488 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
489 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
490 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
491 $(call AddDepends
/ipt
,+kmod-ip6tables
)
494 define KernelPackage
/ipt-nat6
/description
495 Netfilter
(IPv6
) kernel modules for NAT targets
498 $(eval
$(call KernelPackage
,ipt-nat6
))
501 define KernelPackage
/ipt-nat-extra
502 TITLE
:=Extra NAT targets
503 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
504 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
505 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
506 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
509 define KernelPackage
/ipt-nat-extra
/description
510 Netfilter
(IPv4
) kernel modules for extra NAT targets
516 $(eval
$(call KernelPackage
,ipt-nat-extra
))
519 define KernelPackage
/nf-nathelper
521 TITLE
:=Basic Conntrack and NAT helpers
522 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
523 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
524 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
525 DEPENDS
:=+kmod-nf-nat
528 define KernelPackage
/nf-nathelper
/description
529 Default Netfilter
(IPv4
) Conntrack and NAT helpers
534 $(eval
$(call KernelPackage
,nf-nathelper
))
537 define KernelPackage
/nf-nathelper-extra
539 TITLE
:=Extra Conntrack and NAT helpers
540 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
541 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
542 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
543 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
+kmod-ipt-raw
+LINUX_4_19
:kmod-asn1-decoder
546 define KernelPackage
/nf-nathelper-extra
/description
547 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
561 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
564 define KernelPackage
/ipt-ulog
565 TITLE
:=Module for user-space packet logging
566 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
567 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
568 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
569 $(call AddDepends
/ipt
)
572 define KernelPackage
/ipt-ulog
/description
573 Netfilter
(IPv4
) module for user-space packet logging
578 $(eval
$(call KernelPackage
,ipt-ulog
))
581 define KernelPackage
/ipt-nflog
582 TITLE
:=Module for user-space packet logging
583 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
584 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
585 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
586 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
589 define KernelPackage
/ipt-nflog
/description
590 Netfilter module for user-space packet logging
595 $(eval
$(call KernelPackage
,ipt-nflog
))
598 define KernelPackage
/ipt-nfqueue
599 TITLE
:=Module for user-space packet queuing
600 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
601 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
602 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
603 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
606 define KernelPackage
/ipt-nfqueue
/description
607 Netfilter module for user-space packet queuing
612 $(eval
$(call KernelPackage
,ipt-nfqueue
))
615 define KernelPackage
/ipt-debug
616 TITLE
:=Module for debugging
/development
617 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
618 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
619 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
620 $(call AddDepends
/ipt
,+kmod-ipt-raw
+IPV6
:kmod-ipt-raw6
)
623 define KernelPackage
/ipt-debug
/description
624 Netfilter modules for debugging
/development of the firewall
629 $(eval
$(call KernelPackage
,ipt-debug
))
632 define KernelPackage
/ipt-led
633 TITLE
:=Module to trigger a LED with a Netfilter rule
634 KCONFIG
:=$(KCONFIG_IPT_LED
)
635 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
636 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
637 $(call AddDepends
/ipt
)
640 define KernelPackage
/ipt-led
/description
641 Netfilter target to trigger a LED when a network packet is matched.
644 $(eval
$(call KernelPackage
,ipt-led
))
646 define KernelPackage
/ipt-tproxy
647 TITLE
:=Transparent proxying support
648 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-nf-conntrack6
+IPV6
:kmod-ip6tables
650 CONFIG_NETFILTER_XT_MATCH_SOCKET \
651 CONFIG_NETFILTER_XT_TARGET_TPROXY
653 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
654 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_TPROXY-m
)))
655 $(call AddDepends
/ipt
)
658 define KernelPackage
/ipt-tproxy
/description
659 Kernel modules for Transparent Proxying
662 $(eval
$(call KernelPackage
,ipt-tproxy
))
664 define KernelPackage
/ipt-tee
666 DEPENDS
:=+kmod-ipt-conntrack
668 CONFIG_NETFILTER_XT_TARGET_TEE
670 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
671 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
672 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
673 $(call AddDepends
/ipt
)
676 define KernelPackage
/ipt-tee
/description
677 Kernel modules for TEE
680 $(eval
$(call KernelPackage
,ipt-tee
))
683 define KernelPackage
/ipt-u32
686 CONFIG_NETFILTER_XT_MATCH_U32
688 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
689 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
690 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
691 $(call AddDepends
/ipt
)
694 define KernelPackage
/ipt-u32
/description
695 Kernel modules for U32
698 $(eval
$(call KernelPackage
,ipt-u32
))
700 define KernelPackage
/ipt-checksum
701 TITLE
:=CHECKSUM support
703 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
705 $(LINUX_DIR
)/net
/netfilter
/xt_CHECKSUM.ko \
706 $(foreach mod
,$(IPT_CHECKSUM-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
707 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CHECKSUM-m
)))
708 $(call AddDepends
/ipt
)
711 define KernelPackage
/ipt-checksum
/description
712 Kernel modules for CHECKSUM fillin target
715 $(eval
$(call KernelPackage
,ipt-checksum
))
718 define KernelPackage
/ipt-iprange
719 TITLE
:=Module for matching ip ranges
720 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
721 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
722 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
723 $(call AddDepends
/ipt
)
726 define KernelPackage
/ipt-iprange
/description
727 Netfilter
(IPv4
) module for matching ip ranges
732 $(eval
$(call KernelPackage
,ipt-iprange
))
734 define KernelPackage
/ipt-cluster
735 TITLE
:=Module for matching cluster
736 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
737 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
738 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
739 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
742 define KernelPackage
/ipt-cluster
/description
743 Netfilter
(IPv4
/IPv6
) module for matching cluster
744 This option allows you to build work-load-sharing clusters of
745 network servers
/stateful firewalls without having a dedicated
746 load-balancing router
/server
/switch. Basically
, this match returns
747 true when the packet must be handled by this cluster node. Thus
,
748 all nodes see
all packets and this match decides which node handles
749 what packets. The work-load sharing algorithm is based on source
752 This module is usable for ipv4 and ipv6.
754 To use it also enable iptables-mod-cluster
756 see
`iptables -m cluster --help` for more information.
759 $(eval
$(call KernelPackage
,ipt-cluster
))
761 define KernelPackage
/ipt-clusterip
762 TITLE
:=Module for CLUSTERIP
763 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
764 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
765 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
766 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
769 define KernelPackage
/ipt-clusterip
/description
770 Netfilter
(IPv4-only
) module for CLUSTERIP
771 The CLUSTERIP target allows you to build load-balancing clusters of
772 network servers without having a dedicated load-balancing
773 router
/server
/switch.
775 To use it also enable iptables-mod-clusterip
777 see
`iptables -j CLUSTERIP --help` for more information.
780 $(eval
$(call KernelPackage
,ipt-clusterip
))
783 define KernelPackage
/ipt-extra
785 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
786 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
787 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
788 $(call AddDepends
/ipt
)
791 define KernelPackage
/ipt-extra
/description
792 Other Netfilter
(IPv4
) kernel modules
800 $(eval
$(call KernelPackage
,ipt-extra
))
803 define KernelPackage
/ipt-physdev
804 TITLE
:=physdev module
805 KCONFIG
:=$(KCONFIG_IPT_PHYSDEV
)
806 FILES
:=$(foreach mod
,$(IPT_PHYSDEV-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
807 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_PHYSDEV-m
)))
808 $(call AddDepends
/ipt
,+kmod-br-netfilter
)
811 define KernelPackage
/ipt-physdev
/description
812 The iptables physdev kernel module
815 $(eval
$(call KernelPackage
,ipt-physdev
))
818 define KernelPackage
/ip6tables
821 DEPENDS
:=+kmod-nf-reject6
+kmod-nf-ipt6
+kmod-ipt-core
822 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
823 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
824 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
827 define KernelPackage
/ip6tables
/description
828 Netfilter IPv6 firewalling support
831 $(eval
$(call KernelPackage
,ip6tables
))
833 define KernelPackage
/ip6tables-extra
835 TITLE
:=Extra IPv6 modules
836 DEPENDS
:=+kmod-ip6tables
837 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
838 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
839 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
842 define KernelPackage
/ip6tables-extra
/description
843 Netfilter IPv6 extra header matching modules
846 $(eval
$(call KernelPackage
,ip6tables-extra
))
848 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
849 define KernelPackage
/arptables
851 TITLE
:=ARP firewalling modules
852 DEPENDS
:=+kmod-ipt-core
853 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
854 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
855 CONFIG_IP_NF_ARPFILTER \
856 CONFIG_IP_NF_ARP_MANGLE
857 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
860 define KernelPackage
/arptables
/description
861 Kernel modules for ARP firewalling
864 $(eval
$(call KernelPackage
,arptables
))
867 define KernelPackage
/br-netfilter
869 TITLE
:=Bridge netfilter support modules
870 DEPENDS
:=+kmod-ipt-core
871 FILES
:=$(LINUX_DIR
)/net
/bridge
/br_netfilter.ko
872 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
873 AUTOLOAD
:=$(call AutoProbe
,br_netfilter
)
876 define KernelPackage
/br-netfilter
/install
877 $(INSTALL_DIR
) $(1)/etc
/sysctl.d
878 $(INSTALL_DATA
) .
/files
/sysctl-br-netfilter.conf
$(1)/etc
/sysctl.d
/11-br-netfilter.conf
881 $(eval
$(call KernelPackage
,br-netfilter
))
884 define KernelPackage
/ebtables
886 TITLE
:=Bridge firewalling modules
887 DEPENDS
:=+kmod-ipt-core
888 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
889 KCONFIG
:=$(KCONFIG_EBTABLES
)
890 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
893 define KernelPackage
/ebtables
/description
894 ebtables is a general
, extensible frame
/packet identification
895 framework. It provides you to do Ethernet
896 filtering
/NAT
/brouting on the Ethernet bridge.
899 $(eval
$(call KernelPackage
,ebtables
))
902 define AddDepends
/ebtables
904 DEPENDS
+= +kmod-ebtables
$(1)
908 define KernelPackage
/ebtables-ipv4
909 TITLE
:=ebtables
: IPv4 support
910 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
911 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
912 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
913 $(call AddDepends
/ebtables
)
916 define KernelPackage
/ebtables-ipv4
/description
917 This option adds the IPv4 support to ebtables
, which allows basic
918 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
921 $(eval
$(call KernelPackage
,ebtables-ipv4
))
924 define KernelPackage
/ebtables-ipv6
925 TITLE
:=ebtables
: IPv6 support
926 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
927 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
928 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
929 $(call AddDepends
/ebtables
)
932 define KernelPackage
/ebtables-ipv6
/description
933 This option adds the IPv6 support to ebtables
, which allows basic
934 IPv6 header field filtering and target support.
937 $(eval
$(call KernelPackage
,ebtables-ipv6
))
940 define KernelPackage
/ebtables-watchers
941 TITLE
:=ebtables
: watchers support
942 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
943 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
944 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
945 $(call AddDepends
/ebtables
)
948 define KernelPackage
/ebtables-watchers
/description
949 This option adds the log watchers
, that you can use in any rule
950 in any ebtables table.
953 $(eval
$(call KernelPackage
,ebtables-watchers
))
956 define KernelPackage
/nfnetlink
958 TITLE
:=Netlink-based userspace interface
959 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
960 KCONFIG
:=$(KCONFIG_NFNETLINK
)
961 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
964 define KernelPackage
/nfnetlink
/description
965 Kernel modules support for a netlink-based userspace interface
968 $(eval
$(call KernelPackage
,nfnetlink
))
971 define AddDepends
/nfnetlink
973 DEPENDS
+=+kmod-nfnetlink
$(1)
977 define KernelPackage
/nfnetlink-log
978 TITLE
:=Netfilter LOG over NFNETLINK interface
979 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
980 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
981 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
982 $(call AddDepends
/nfnetlink
)
985 define KernelPackage
/nfnetlink-log
/description
986 Kernel modules support for logging packets via NFNETLINK
991 $(eval
$(call KernelPackage
,nfnetlink-log
))
994 define KernelPackage
/nfnetlink-queue
995 TITLE
:=Netfilter QUEUE over NFNETLINK interface
996 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
997 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
998 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
999 $(call AddDepends
/nfnetlink
)
1002 define KernelPackage
/nfnetlink-queue
/description
1003 Kernel modules support for queueing packets via NFNETLINK
1008 $(eval
$(call KernelPackage
,nfnetlink-queue
))
1011 define KernelPackage
/nf-conntrack-netlink
1012 TITLE
:=Connection tracking netlink interface
1013 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
1014 KCONFIG
:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS
=y
1015 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
1016 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
1019 define KernelPackage
/nf-conntrack-netlink
/description
1020 Kernel modules support for a netlink-based connection tracking
1024 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
1026 define KernelPackage
/ipt-hashlimit
1028 TITLE
:=Netfilter hashlimit match
1029 DEPENDS
:=+kmod-ipt-core
1030 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
1031 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
1032 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
1033 $(call KernelPackage
/ipt
)
1036 define KernelPackage
/ipt-hashlimit
/description
1037 Kernel modules support for the hashlimit bucket match module
1040 $(eval
$(call KernelPackage
,ipt-hashlimit
))
1042 define KernelPackage
/ipt-rpfilter
1044 TITLE
:=Netfilter rpfilter match
1045 DEPENDS
:=+kmod-ipt-core
1046 KCONFIG
:=$(KCONFIG_IPT_RPFILTER
)
1048 $(LINUX_DIR
)/net
/ipv4
/netfilter
/ipt_rpfilter.ko \
1049 $(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6t_rpfilter.ko
)
1050 AUTOLOAD
:=$(call AutoProbe
,ipt_rpfilter ip6t_rpfilter
)
1051 $(call KernelPackage
/ipt
)
1054 define KernelPackage
/ipt-rpfilter
/description
1055 Kernel modules support for the Netfilter rpfilter match
1058 $(eval
$(call KernelPackage
,ipt-rpfilter
))
1061 define KernelPackage
/nft-core
1063 TITLE
:=Netfilter nf_tables support
1064 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-reject
+kmod-nf-reject6
+kmod-nf-conntrack6
1065 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1066 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
1068 CONFIG_NFT_COMPAT
=n \
1069 CONFIG_NFT_QUEUE
=n \
1073 define KernelPackage
/nft-core
/description
1074 Kernel module support for nftables
1077 $(eval
$(call KernelPackage
,nft-core
))
1080 define KernelPackage
/nft-arp
1082 TITLE
:=Netfilter nf_tables ARP table support
1083 DEPENDS
:=+kmod-nft-core
1084 FILES
:=$(foreach mod
,$(NFT_ARP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1085 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_ARP-m
)))
1086 KCONFIG
:=$(KCONFIG_NFT_ARP
)
1089 $(eval
$(call KernelPackage
,nft-arp
))
1092 define KernelPackage
/nft-bridge
1094 TITLE
:=Netfilter nf_tables bridge table support
1095 DEPENDS
:=+kmod-nft-core
1096 FILES
:=$(foreach mod
,$(NFT_BRIDGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1097 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_BRIDGE-m
)))
1099 CONFIG_NF_LOG_BRIDGE
=n \
1100 $(KCONFIG_NFT_BRIDGE
)
1103 $(eval
$(call KernelPackage
,nft-bridge
))
1106 define KernelPackage
/nft-nat
1108 TITLE
:=Netfilter nf_tables NAT support
1109 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
1110 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1111 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
1112 KCONFIG
:=$(KCONFIG_NFT_NAT
)
1115 $(eval
$(call KernelPackage
,nft-nat
))
1118 define KernelPackage
/nft-offload
1120 TITLE
:=Netfilter nf_tables routing
/NAT offload support
1121 DEPENDS
:=+kmod-nf-flow
+kmod-nft-nat
1123 CONFIG_NF_FLOW_TABLE_INET \
1124 CONFIG_NF_FLOW_TABLE_IPV4 \
1125 CONFIG_NF_FLOW_TABLE_IPV6 \
1126 CONFIG_NFT_FLOW_OFFLOAD
1128 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table_inet.ko \
1129 $(LINUX_DIR
)/net
/ipv4
/netfilter
/nf_flow_table_ipv4.ko \
1130 $(LINUX_DIR
)/net
/ipv6
/netfilter
/nf_flow_table_ipv6.ko \
1131 $(LINUX_DIR
)/net
/netfilter
/nft_flow_offload.ko
1132 AUTOLOAD
:=$(call AutoProbe
,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload
)
1135 $(eval
$(call KernelPackage
,nft-offload
))
1138 define KernelPackage
/nft-nat6
1140 TITLE
:=Netfilter nf_tables IPv6-NAT support
1141 DEPENDS
:=+kmod-nft-nat
+kmod-nf-nat6
1142 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1143 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
1144 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
1147 $(eval
$(call KernelPackage
,nft-nat6
))
1149 define KernelPackage
/nft-netdev
1151 TITLE
:=Netfilter nf_tables netdev support
1152 DEPENDS
:=+kmod-nft-core
1154 CONFIG_NETFILTER_INGRESS
=y \
1155 CONFIG_NF_TABLES_NETDEV \
1156 CONFIG_NF_DUP_NETDEV \
1157 CONFIG_NFT_DUP_NETDEV \
1158 CONFIG_NFT_FWD_NETDEV
1160 $(LINUX_DIR
)/net
/netfilter
/nf_tables_netdev.ko@lt4.17 \
1161 $(LINUX_DIR
)/net
/netfilter
/nf_dup_netdev.ko \
1162 $(LINUX_DIR
)/net
/netfilter
/nft_dup_netdev.ko \
1163 $(LINUX_DIR
)/net
/netfilter
/nft_fwd_netdev.ko
1164 AUTOLOAD
:=$(call AutoProbe
,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev
)
1167 $(eval
$(call KernelPackage
,nft-netdev
))
1170 define KernelPackage
/nft-fib
1172 TITLE
:=Netfilter nf_tables fib support
1173 DEPENDS
:=+kmod-nft-core
1174 FILES
:=$(foreach mod
,$(NFT_FIB-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1175 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_FIB-m
)))
1176 KCONFIG
:=$(KCONFIG_NFT_FIB
)
1179 $(eval
$(call KernelPackage
,nft-fib
))