3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-reject
16 TITLE
:=Netfilter IPv4 reject support
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_REJECT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT-m
)))
25 $(eval
$(call KernelPackage
,nf-reject
))
28 define KernelPackage
/nf-reject6
30 TITLE
:=Netfilter IPv6 reject support
33 CONFIG_NETFILTER_ADVANCED
=y \
36 FILES
:=$(foreach mod
,$(NF_REJECT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
37 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT6-m
)))
40 $(eval
$(call KernelPackage
,nf-reject6
))
43 define KernelPackage
/nf-ipt
46 KCONFIG
:=$(KCONFIG_NF_IPT
)
47 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
48 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
51 $(eval
$(call KernelPackage
,nf-ipt
))
54 define KernelPackage
/nf-ipt6
57 KCONFIG
:=$(KCONFIG_NF_IPT6
)
58 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
59 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
63 $(eval
$(call KernelPackage
,nf-ipt6
))
67 define KernelPackage
/ipt-core
70 KCONFIG
:=$(KCONFIG_IPT_CORE
)
71 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
72 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
73 DEPENDS
:=+kmod-nf-reject
+kmod-nf-ipt
76 define KernelPackage
/ipt-core
/description
77 Netfilter core kernel modules
88 $(eval
$(call KernelPackage
,ipt-core
))
91 define KernelPackage
/nf-conntrack
93 TITLE
:=Netfilter connection tracking
96 CONFIG_NETFILTER_ADVANCED
=y \
97 CONFIG_NF_CONNTRACK_MARK
=y \
98 CONFIG_NF_CONNTRACK_ZONES
=y \
99 $(KCONFIG_NF_CONNTRACK
)
100 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
101 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
104 $(eval
$(call KernelPackage
,nf-conntrack
))
107 define KernelPackage
/nf-conntrack6
109 TITLE
:=Netfilter IPv6 connection tracking
110 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
111 DEPENDS
:=@IPV6
+kmod-nf-conntrack
112 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
113 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
116 $(eval
$(call KernelPackage
,nf-conntrack6
))
119 define KernelPackage
/nf-nat
122 KCONFIG
:=$(KCONFIG_NF_NAT
)
123 DEPENDS
:=+kmod-nf-conntrack
124 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
125 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
128 $(eval
$(call KernelPackage
,nf-nat
))
131 define KernelPackage
/nf-nat6
133 TITLE
:=Netfilter IPV6-NAT
134 KCONFIG
:=$(KCONFIG_NF_NAT6
)
135 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-nat
136 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
137 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
140 $(eval
$(call KernelPackage
,nf-nat6
))
143 define KernelPackage
/nf-flow
145 TITLE
:=Netfilter flowtable support
147 CONFIG_NETFILTER_INGRESS
=y \
148 CONFIG_NF_FLOW_TABLE \
149 CONFIG_NF_FLOW_TABLE_HW
150 DEPENDS
:=+kmod-nf-conntrack @
!LINUX_3_18 @
!LINUX_4_4 @
!LINUX_4_9
152 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table.ko \
153 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table_hw.ko
154 AUTOLOAD
:=$(call AutoProbe
,nf_flow_table nf_flow_table_hw
)
157 $(eval
$(call KernelPackage
,nf-flow
))
160 define AddDepends
/ipt
162 DEPENDS
+= +kmod-ipt-core
$(1)
166 define KernelPackage
/ipt-conntrack
167 TITLE
:=Basic connection tracking modules
168 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
169 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
170 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
171 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
174 define KernelPackage
/ipt-conntrack
/description
175 Netfilter
(IPv4
) kernel modules for connection tracking
184 $(eval
$(call KernelPackage
,ipt-conntrack
))
187 define KernelPackage
/ipt-conntrack-extra
188 TITLE
:=Extra connection tracking modules
189 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
190 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
191 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
192 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
195 define KernelPackage
/ipt-conntrack-extra
/description
196 Netfilter
(IPv4
) extra kernel modules for connection tracking
205 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
207 define KernelPackage
/ipt-conntrack-label
208 TITLE
:=Module for handling connection tracking labels
209 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_LABEL
)
210 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_LABEL-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
211 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_LABEL-m
)))
212 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
215 define KernelPackage
/ipt-conntrack-label
/description
216 Netfilter
(IPv4
) module for handling connection tracking labels
221 $(eval
$(call KernelPackage
,ipt-conntrack-label
))
223 define KernelPackage
/ipt-filter
224 TITLE
:=Modules for packet content inspection
225 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
226 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
227 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
228 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
231 define KernelPackage
/ipt-filter
/description
232 Netfilter
(IPv4
) kernel modules for packet content inspection
237 $(eval
$(call KernelPackage
,ipt-filter
))
240 define KernelPackage
/ipt-offload
241 TITLE
:=Netfilter routing
/NAT offload support
242 KCONFIG
:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
243 FILES
:=$(foreach mod
,$(IPT_FLOW-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
244 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FLOW-m
)))
245 $(call AddDepends
/ipt
,+kmod-nf-flow
)
248 $(eval
$(call KernelPackage
,ipt-offload
))
251 define KernelPackage
/ipt-ipopt
252 TITLE
:=Modules for matching
/changing IP packet options
253 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
254 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
255 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
256 $(call AddDepends
/ipt
)
259 define KernelPackage
/ipt-ipopt
/description
260 Netfilter
(IPv4
) modules for matching
/changing IP packet options
275 $(eval
$(call KernelPackage
,ipt-ipopt
))
278 define KernelPackage
/ipt-ipsec
279 TITLE
:=Modules for matching IPSec packets
280 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
281 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
282 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
283 $(call AddDepends
/ipt
)
286 define KernelPackage
/ipt-ipsec
/description
287 Netfilter
(IPv4
) modules for matching IPSec packets
294 $(eval
$(call KernelPackage
,ipt-ipsec
))
298 ipset
/ip_set_bitmap_ip \
299 ipset
/ip_set_bitmap_ipmac \
300 ipset
/ip_set_bitmap_port \
301 ipset
/ip_set_hash_ip \
302 ipset
/ip_set_hash_ipmark \
303 ipset
/ip_set_hash_ipport \
304 ipset
/ip_set_hash_ipportip \
305 ipset
/ip_set_hash_ipportnet \
306 ipset
/ip_set_hash_mac \
307 ipset
/ip_set_hash_netportnet \
308 ipset
/ip_set_hash_net \
309 ipset
/ip_set_hash_netnet \
310 ipset
/ip_set_hash_netport \
311 ipset
/ip_set_hash_netiface \
312 ipset
/ip_set_list_set \
315 define KernelPackage
/ipt-ipset
316 SUBMENU
:=Netfilter Extensions
317 TITLE
:=IPset netfilter modules
318 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
321 CONFIG_IP_SET_MAX
=256 \
322 CONFIG_NETFILTER_XT_SET \
323 CONFIG_IP_SET_BITMAP_IP \
324 CONFIG_IP_SET_BITMAP_IPMAC \
325 CONFIG_IP_SET_BITMAP_PORT \
326 CONFIG_IP_SET_HASH_IP \
327 CONFIG_IP_SET_HASH_IPMARK \
328 CONFIG_IP_SET_HASH_IPPORT \
329 CONFIG_IP_SET_HASH_IPPORTIP \
330 CONFIG_IP_SET_HASH_IPPORTNET \
331 CONFIG_IP_SET_HASH_MAC \
332 CONFIG_IP_SET_HASH_NET \
333 CONFIG_IP_SET_HASH_NETNET \
334 CONFIG_IP_SET_HASH_NETIFACE \
335 CONFIG_IP_SET_HASH_NETPORT \
336 CONFIG_IP_SET_HASH_NETPORTNET \
337 CONFIG_IP_SET_LIST_SET \
338 CONFIG_NET_EMATCH_IPSET
=n
339 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
340 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
342 $(eval
$(call KernelPackage
,ipt-ipset
))
345 define KernelPackage
/ipt-nat
346 TITLE
:=Basic NAT targets
347 KCONFIG
:=$(KCONFIG_IPT_NAT
)
348 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
349 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
350 $(call AddDepends
/ipt
,+kmod-nf-nat
)
353 define KernelPackage
/ipt-nat
/description
354 Netfilter
(IPv4
) kernel modules for basic NAT targets
359 $(eval
$(call KernelPackage
,ipt-nat
))
362 define KernelPackage
/ipt-raw
363 TITLE
:=Netfilter IPv4 raw table support
364 KCONFIG
:=CONFIG_IP_NF_RAW
365 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/iptable_raw.ko
366 AUTOLOAD
:=$(call AutoProbe
,iptable_raw
)
367 $(call AddDepends
/ipt
)
370 $(eval
$(call KernelPackage
,ipt-raw
))
373 define KernelPackage
/ipt-raw6
374 TITLE
:=Netfilter IPv6 raw table support
375 KCONFIG
:=CONFIG_IP6_NF_RAW
376 FILES
:=$(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6table_raw.ko
377 AUTOLOAD
:=$(call AutoProbe
,ip6table_raw
)
378 $(call AddDepends
/ipt
,+kmod-ip6tables
)
381 $(eval
$(call KernelPackage
,ipt-raw6
))
384 define KernelPackage
/ipt-nat6
385 TITLE
:=IPv6 NAT targets
386 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
387 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
388 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
389 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
390 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
391 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
392 $(call AddDepends
/ipt
,+kmod-ip6tables
)
395 define KernelPackage
/ipt-nat6
/description
396 Netfilter
(IPv6
) kernel modules for NAT targets
399 $(eval
$(call KernelPackage
,ipt-nat6
))
402 define KernelPackage
/ipt-nat-extra
403 TITLE
:=Extra NAT targets
404 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
405 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
406 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
407 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
410 define KernelPackage
/ipt-nat-extra
/description
411 Netfilter
(IPv4
) kernel modules for extra NAT targets
417 $(eval
$(call KernelPackage
,ipt-nat-extra
))
420 define KernelPackage
/nf-nathelper
422 TITLE
:=Basic Conntrack and NAT helpers
423 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
424 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
425 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
426 DEPENDS
:=+kmod-nf-nat
429 define KernelPackage
/nf-nathelper
/description
430 Default Netfilter
(IPv4
) Conntrack and NAT helpers
435 $(eval
$(call KernelPackage
,nf-nathelper
))
438 define KernelPackage
/nf-nathelper-extra
440 TITLE
:=Extra Conntrack and NAT helpers
441 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
442 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
443 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
444 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
447 define KernelPackage
/nf-nathelper-extra
/description
448 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
462 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
465 define KernelPackage
/ipt-ulog
466 TITLE
:=Module for user-space packet logging
467 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
468 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
469 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
470 $(call AddDepends
/ipt
)
473 define KernelPackage
/ipt-ulog
/description
474 Netfilter
(IPv4
) module for user-space packet logging
479 $(eval
$(call KernelPackage
,ipt-ulog
))
482 define KernelPackage
/ipt-nflog
483 TITLE
:=Module for user-space packet logging
484 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
485 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
486 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
487 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
490 define KernelPackage
/ipt-nflog
/description
491 Netfilter module for user-space packet logging
496 $(eval
$(call KernelPackage
,ipt-nflog
))
499 define KernelPackage
/ipt-nfqueue
500 TITLE
:=Module for user-space packet queuing
501 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
502 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
503 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
504 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
507 define KernelPackage
/ipt-nfqueue
/description
508 Netfilter module for user-space packet queuing
513 $(eval
$(call KernelPackage
,ipt-nfqueue
))
516 define KernelPackage
/ipt-debug
517 TITLE
:=Module for debugging
/development
518 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
519 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
520 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
521 $(call AddDepends
/ipt
,+kmod-ipt-raw
+IPV6
:kmod-ipt-raw6
)
524 define KernelPackage
/ipt-debug
/description
525 Netfilter modules for debugging
/development of the firewall
530 $(eval
$(call KernelPackage
,ipt-debug
))
533 define KernelPackage
/ipt-led
534 TITLE
:=Module to trigger a LED with a Netfilter rule
535 KCONFIG
:=$(KCONFIG_IPT_LED
)
536 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
537 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
538 $(call AddDepends
/ipt
)
541 define KernelPackage
/ipt-led
/description
542 Netfilter target to trigger a LED when a network packet is matched.
545 $(eval
$(call KernelPackage
,ipt-led
))
547 define KernelPackage
/ipt-tproxy
548 TITLE
:=Transparent proxying support
549 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-nf-conntrack6
+IPV6
:kmod-ip6tables
551 CONFIG_NETFILTER_XT_MATCH_SOCKET \
552 CONFIG_NETFILTER_XT_TARGET_TPROXY
554 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
555 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_TPROXY-m
)))
556 $(call AddDepends
/ipt
)
559 define KernelPackage
/ipt-tproxy
/description
560 Kernel modules for Transparent Proxying
563 $(eval
$(call KernelPackage
,ipt-tproxy
))
565 define KernelPackage
/ipt-tee
567 DEPENDS
:=+kmod-ipt-conntrack
569 CONFIG_NETFILTER_XT_TARGET_TEE
571 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
572 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
573 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
574 $(call AddDepends
/ipt
)
577 define KernelPackage
/ipt-tee
/description
578 Kernel modules for TEE
581 $(eval
$(call KernelPackage
,ipt-tee
))
584 define KernelPackage
/ipt-u32
587 CONFIG_NETFILTER_XT_MATCH_U32
589 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
590 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
591 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
592 $(call AddDepends
/ipt
)
595 define KernelPackage
/ipt-u32
/description
596 Kernel modules for U32
599 $(eval
$(call KernelPackage
,ipt-u32
))
601 define KernelPackage
/ipt-checksum
602 TITLE
:=CHECKSUM support
604 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
606 $(LINUX_DIR
)/net
/netfilter
/xt_CHECKSUM.ko \
607 $(foreach mod
,$(IPT_CHECKSUM-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
608 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CHECKSUM-m
)))
609 $(call AddDepends
/ipt
)
612 define KernelPackage
/ipt-checksum
/description
613 Kernel modules for CHECKSUM fillin target
616 $(eval
$(call KernelPackage
,ipt-checksum
))
619 define KernelPackage
/ipt-iprange
620 TITLE
:=Module for matching ip ranges
621 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
622 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
623 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
624 $(call AddDepends
/ipt
)
627 define KernelPackage
/ipt-iprange
/description
628 Netfilter
(IPv4
) module for matching ip ranges
633 $(eval
$(call KernelPackage
,ipt-iprange
))
635 define KernelPackage
/ipt-cluster
636 TITLE
:=Module for matching cluster
637 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
638 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
639 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
640 $(call AddDepends
/ipt
)
643 define KernelPackage
/ipt-cluster
/description
644 Netfilter
(IPv4
/IPv6
) module for matching cluster
645 This option allows you to build work-load-sharing clusters of
646 network servers
/stateful firewalls without having a dedicated
647 load-balancing router
/server
/switch. Basically
, this match returns
648 true when the packet must be handled by this cluster node. Thus
,
649 all nodes see
all packets and this match decides which node handles
650 what packets. The work-load sharing algorithm is based on source
653 This module is usable for ipv4 and ipv6.
655 To use it also enable iptables-mod-cluster
657 see
`iptables -m cluster --help` for more information.
660 $(eval
$(call KernelPackage
,ipt-cluster
))
662 define KernelPackage
/ipt-clusterip
663 TITLE
:=Module for CLUSTERIP
664 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
665 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
666 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
667 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
670 define KernelPackage
/ipt-clusterip
/description
671 Netfilter
(IPv4-only
) module for CLUSTERIP
672 The CLUSTERIP target allows you to build load-balancing clusters of
673 network servers without having a dedicated load-balancing
674 router
/server
/switch.
676 To use it also enable iptables-mod-clusterip
678 see
`iptables -j CLUSTERIP --help` for more information.
681 $(eval
$(call KernelPackage
,ipt-clusterip
))
684 define KernelPackage
/ipt-extra
686 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
687 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
688 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
689 $(call AddDepends
/ipt
,+kmod-br-netfilter
)
692 define KernelPackage
/ipt-extra
/description
693 Other Netfilter
(IPv4
) kernel modules
697 - physdev
(if bridge support was enabled in kernel
)
702 $(eval
$(call KernelPackage
,ipt-extra
))
705 define KernelPackage
/ip6tables
708 DEPENDS
:=+kmod-nf-reject6
+kmod-nf-ipt6
+kmod-ipt-core
709 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
710 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
711 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
714 define KernelPackage
/ip6tables
/description
715 Netfilter IPv6 firewalling support
718 $(eval
$(call KernelPackage
,ip6tables
))
720 define KernelPackage
/ip6tables-extra
722 TITLE
:=Extra IPv6 modules
723 DEPENDS
:=+kmod-ip6tables
724 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
725 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
726 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
729 define KernelPackage
/ip6tables-extra
/description
730 Netfilter IPv6 extra header matching modules
733 $(eval
$(call KernelPackage
,ip6tables-extra
))
735 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
736 define KernelPackage
/arptables
738 TITLE
:=ARP firewalling modules
739 DEPENDS
:=+kmod-ipt-core
740 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
741 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
742 CONFIG_IP_NF_ARPFILTER \
743 CONFIG_IP_NF_ARP_MANGLE
744 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
747 define KernelPackage
/arptables
/description
748 Kernel modules for ARP firewalling
751 $(eval
$(call KernelPackage
,arptables
))
754 define KernelPackage
/br-netfilter
756 TITLE
:=Bridge netfilter support modules
758 DEPENDS
:=+kmod-ipt-core
759 FILES
:=$(LINUX_DIR
)/net
/bridge
/br_netfilter.ko
760 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
761 AUTOLOAD
:=$(call AutoProbe
,br_netfilter
)
764 $(eval
$(call KernelPackage
,br-netfilter
))
767 define KernelPackage
/ebtables
769 TITLE
:=Bridge firewalling modules
770 DEPENDS
:=+kmod-ipt-core
+kmod-br-netfilter
771 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
772 KCONFIG
:=$(KCONFIG_EBTABLES
)
773 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
776 define KernelPackage
/ebtables
/description
777 ebtables is a general
, extensible frame
/packet identification
778 framework. It provides you to do Ethernet
779 filtering
/NAT
/brouting on the Ethernet bridge.
782 $(eval
$(call KernelPackage
,ebtables
))
785 define AddDepends
/ebtables
787 DEPENDS
+=kmod-ebtables
$(1)
791 define KernelPackage
/ebtables-ipv4
792 TITLE
:=ebtables
: IPv4 support
793 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
794 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
795 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
796 $(call AddDepends
/ebtables
)
799 define KernelPackage
/ebtables-ipv4
/description
800 This option adds the IPv4 support to ebtables
, which allows basic
801 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
804 $(eval
$(call KernelPackage
,ebtables-ipv4
))
807 define KernelPackage
/ebtables-ipv6
808 TITLE
:=ebtables
: IPv6 support
809 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
810 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
811 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
812 $(call AddDepends
/ebtables
)
815 define KernelPackage
/ebtables-ipv6
/description
816 This option adds the IPv6 support to ebtables
, which allows basic
817 IPv6 header field filtering and target support.
820 $(eval
$(call KernelPackage
,ebtables-ipv6
))
823 define KernelPackage
/ebtables-watchers
824 TITLE
:=ebtables
: watchers support
825 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
826 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
827 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
828 $(call AddDepends
/ebtables
)
831 define KernelPackage
/ebtables-watchers
/description
832 This option adds the log watchers
, that you can use in any rule
833 in any ebtables table.
836 $(eval
$(call KernelPackage
,ebtables-watchers
))
839 define KernelPackage
/nfnetlink
841 TITLE
:=Netlink-based userspace interface
842 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
843 KCONFIG
:=$(KCONFIG_NFNETLINK
)
844 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
847 define KernelPackage
/nfnetlink
/description
848 Kernel modules support for a netlink-based userspace interface
851 $(eval
$(call KernelPackage
,nfnetlink
))
854 define AddDepends
/nfnetlink
856 DEPENDS
+=+kmod-nfnetlink
$(1)
860 define KernelPackage
/nfnetlink-log
861 TITLE
:=Netfilter LOG over NFNETLINK interface
862 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
863 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
864 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
865 $(call AddDepends
/nfnetlink
)
868 define KernelPackage
/nfnetlink-log
/description
869 Kernel modules support for logging packets via NFNETLINK
874 $(eval
$(call KernelPackage
,nfnetlink-log
))
877 define KernelPackage
/nfnetlink-queue
878 TITLE
:=Netfilter QUEUE over NFNETLINK interface
879 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
880 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
881 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
882 $(call AddDepends
/nfnetlink
)
885 define KernelPackage
/nfnetlink-queue
/description
886 Kernel modules support for queueing packets via NFNETLINK
891 $(eval
$(call KernelPackage
,nfnetlink-queue
))
894 define KernelPackage
/nf-conntrack-netlink
895 TITLE
:=Connection tracking netlink interface
896 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
897 KCONFIG
:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS
=y
898 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
899 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
902 define KernelPackage
/nf-conntrack-netlink
/description
903 Kernel modules support for a netlink-based connection tracking
907 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
909 define KernelPackage
/ipt-hashlimit
911 TITLE
:=Netfilter hashlimit match
912 DEPENDS
:=+kmod-ipt-core
913 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
914 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
915 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
916 $(call KernelPackage
/ipt
)
919 define KernelPackage
/ipt-hashlimit
/description
920 Kernel modules support for the hashlimit bucket match module
923 $(eval
$(call KernelPackage
,ipt-hashlimit
))
925 define KernelPackage
/ipt-rpfilter
927 TITLE
:=Netfilter rpfilter match
928 DEPENDS
:=+kmod-ipt-core
929 KCONFIG
:=$(KCONFIG_IPT_RPFILTER
)
931 $(LINUX_DIR
)/net
/ipv4
/netfilter
/ipt_rpfilter.ko \
932 $(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6t_rpfilter.ko
)
933 AUTOLOAD
:=$(call AutoProbe
,ipt_rpfilter ip6t_rpfilter
)
934 $(call KernelPackage
/ipt
)
937 define KernelPackage
/ipt-rpfilter
/description
938 Kernel modules support for the Netfilter rpfilter match
941 $(eval
$(call KernelPackage
,ipt-rpfilter
))
944 define KernelPackage
/nft-core
946 TITLE
:=Netfilter nf_tables support
947 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-reject
+kmod-nf-reject6
+kmod-nf-conntrack6
948 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
949 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
951 CONFIG_NFT_COMPAT
=n \
956 define KernelPackage
/nft-core
/description
957 Kernel module support for nftables
960 $(eval
$(call KernelPackage
,nft-core
))
963 define KernelPackage
/nft-arp
965 TITLE
:=Netfilter nf_tables ARP table support
966 DEPENDS
:=+kmod-nft-core
967 FILES
:=$(foreach mod
,$(NFT_ARP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
968 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_ARP-m
)))
969 KCONFIG
:=$(KCONFIG_NFT_ARP
)
972 $(eval
$(call KernelPackage
,nft-arp
))
975 define KernelPackage
/nft-bridge
977 TITLE
:=Netfilter nf_tables bridge table support
978 DEPENDS
:=+kmod-nft-core
979 FILES
:=$(foreach mod
,$(NFT_BRIDGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
980 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_BRIDGE-m
)))
982 CONFIG_NF_LOG_BRIDGE
=n \
983 $(KCONFIG_NFT_BRIDGE
)
986 $(eval
$(call KernelPackage
,nft-bridge
))
989 define KernelPackage
/nft-nat
991 TITLE
:=Netfilter nf_tables NAT support
992 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
993 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
994 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
995 KCONFIG
:=$(KCONFIG_NFT_NAT
)
998 $(eval
$(call KernelPackage
,nft-nat
))
1001 define KernelPackage
/nft-offload
1003 TITLE
:=Netfilter nf_tables routing
/NAT offload support
1004 DEPENDS
:=+kmod-nf-flow
+kmod-nft-nat
1006 CONFIG_NF_FLOW_TABLE_INET \
1007 CONFIG_NF_FLOW_TABLE_IPV4 \
1008 CONFIG_NF_FLOW_TABLE_IPV6 \
1009 CONFIG_NFT_FLOW_OFFLOAD
1011 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table_inet.ko \
1012 $(LINUX_DIR
)/net
/ipv4
/netfilter
/nf_flow_table_ipv4.ko \
1013 $(LINUX_DIR
)/net
/ipv6
/netfilter
/nf_flow_table_ipv6.ko \
1014 $(LINUX_DIR
)/net
/netfilter
/nft_flow_offload.ko
1015 AUTOLOAD
:=$(call AutoProbe
,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload
)
1018 $(eval
$(call KernelPackage
,nft-offload
))
1021 define KernelPackage
/nft-nat6
1023 TITLE
:=Netfilter nf_tables IPv6-NAT support
1024 DEPENDS
:=+kmod-nft-nat
+kmod-nf-nat6
1025 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1026 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
1027 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
1030 $(eval
$(call KernelPackage
,nft-nat6
))