3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-reject
16 TITLE
:=Netfilter IPv4 reject support
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_REJECT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT-m
)))
25 $(eval
$(call KernelPackage
,nf-reject
))
28 define KernelPackage
/nf-reject6
30 TITLE
:=Netfilter IPv6 reject support
33 CONFIG_NETFILTER_ADVANCED
=y \
36 FILES
:=$(foreach mod
,$(NF_REJECT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
37 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_REJECT6-m
)))
40 $(eval
$(call KernelPackage
,nf-reject6
))
43 define KernelPackage
/nf-ipt
46 KCONFIG
:=$(KCONFIG_NF_IPT
)
47 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
48 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
51 $(eval
$(call KernelPackage
,nf-ipt
))
54 define KernelPackage
/nf-ipt6
57 KCONFIG
:=$(KCONFIG_NF_IPT6
)
58 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
59 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
63 $(eval
$(call KernelPackage
,nf-ipt6
))
67 define KernelPackage
/ipt-core
70 KCONFIG
:=$(KCONFIG_IPT_CORE
)
71 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
72 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
73 DEPENDS
:=+kmod-nf-reject
+kmod-nf-ipt
76 define KernelPackage
/ipt-core
/description
77 Netfilter core kernel modules
88 $(eval
$(call KernelPackage
,ipt-core
))
91 define KernelPackage
/nf-conntrack
93 TITLE
:=Netfilter connection tracking
96 CONFIG_NETFILTER_ADVANCED
=y \
97 CONFIG_NF_CONNTRACK_MARK
=y \
98 CONFIG_NF_CONNTRACK_ZONES
=y \
99 $(KCONFIG_NF_CONNTRACK
)
100 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
101 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
104 define KernelPackage
/nf-conntrack
/install
105 $(INSTALL_DIR
) $(1)/etc
/sysctl.d
106 $(INSTALL_DATA
) .
/files
/sysctl-nf-conntrack.conf
$(1)/etc
/sysctl.d
/11-nf-conntrack.conf
109 $(eval
$(call KernelPackage
,nf-conntrack
))
112 define KernelPackage
/nf-conntrack6
114 TITLE
:=Netfilter IPv6 connection tracking
115 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
116 DEPENDS
:=@IPV6
+kmod-nf-conntrack
117 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
118 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
121 $(eval
$(call KernelPackage
,nf-conntrack6
))
124 define KernelPackage
/nf-nat
127 KCONFIG
:=$(KCONFIG_NF_NAT
)
128 DEPENDS
:=+kmod-nf-conntrack
129 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
130 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
133 $(eval
$(call KernelPackage
,nf-nat
))
136 define KernelPackage
/nf-nat6
138 TITLE
:=Netfilter IPV6-NAT
139 KCONFIG
:=$(KCONFIG_NF_NAT6
)
140 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-nat
141 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
142 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
145 $(eval
$(call KernelPackage
,nf-nat6
))
148 define KernelPackage
/nf-flow
150 TITLE
:=Netfilter flowtable support
152 CONFIG_NETFILTER_INGRESS
=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS
:=+kmod-nf-conntrack @
!LINUX_3_18 @
!LINUX_4_4 @
!LINUX_4_9
157 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table.ko \
158 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table_hw.ko
159 AUTOLOAD
:=$(call AutoProbe
,nf_flow_table nf_flow_table_hw
)
162 $(eval
$(call KernelPackage
,nf-flow
))
165 define AddDepends
/ipt
167 DEPENDS
+= +kmod-ipt-core
$(1)
171 define KernelPackage
/ipt-conntrack
172 TITLE
:=Basic connection tracking modules
173 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
174 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
175 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
176 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
179 define KernelPackage
/ipt-conntrack
/description
180 Netfilter
(IPv4
) kernel modules for connection tracking
189 $(eval
$(call KernelPackage
,ipt-conntrack
))
192 define KernelPackage
/ipt-conntrack-extra
193 TITLE
:=Extra connection tracking modules
194 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
195 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
196 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
197 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
200 define KernelPackage
/ipt-conntrack-extra
/description
201 Netfilter
(IPv4
) extra kernel modules for connection tracking
210 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
212 define KernelPackage
/ipt-conntrack-label
213 TITLE
:=Module for handling connection tracking labels
214 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_LABEL
)
215 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_LABEL-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
216 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_LABEL-m
)))
217 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
220 define KernelPackage
/ipt-conntrack-label
/description
221 Netfilter
(IPv4
) module for handling connection tracking labels
226 $(eval
$(call KernelPackage
,ipt-conntrack-label
))
228 define KernelPackage
/ipt-filter
229 TITLE
:=Modules for packet content inspection
230 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
231 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
232 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
233 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
236 define KernelPackage
/ipt-filter
/description
237 Netfilter
(IPv4
) kernel modules for packet content inspection
242 $(eval
$(call KernelPackage
,ipt-filter
))
245 define KernelPackage
/ipt-offload
246 TITLE
:=Netfilter routing
/NAT offload support
247 KCONFIG
:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
248 FILES
:=$(foreach mod
,$(IPT_FLOW-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
249 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FLOW-m
)))
250 $(call AddDepends
/ipt
,+kmod-nf-flow
)
253 $(eval
$(call KernelPackage
,ipt-offload
))
256 define KernelPackage
/ipt-ipopt
257 TITLE
:=Modules for matching
/changing IP packet options
258 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
259 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
260 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
261 $(call AddDepends
/ipt
)
264 define KernelPackage
/ipt-ipopt
/description
265 Netfilter
(IPv4
) modules for matching
/changing IP packet options
280 $(eval
$(call KernelPackage
,ipt-ipopt
))
283 define KernelPackage
/ipt-ipsec
284 TITLE
:=Modules for matching IPSec packets
285 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
286 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
287 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
288 $(call AddDepends
/ipt
)
291 define KernelPackage
/ipt-ipsec
/description
292 Netfilter
(IPv4
) modules for matching IPSec packets
299 $(eval
$(call KernelPackage
,ipt-ipsec
))
303 ipset
/ip_set_bitmap_ip \
304 ipset
/ip_set_bitmap_ipmac \
305 ipset
/ip_set_bitmap_port \
306 ipset
/ip_set_hash_ip \
307 ipset
/ip_set_hash_ipmark \
308 ipset
/ip_set_hash_ipport \
309 ipset
/ip_set_hash_ipportip \
310 ipset
/ip_set_hash_ipportnet \
311 ipset
/ip_set_hash_mac \
312 ipset
/ip_set_hash_netportnet \
313 ipset
/ip_set_hash_net \
314 ipset
/ip_set_hash_netnet \
315 ipset
/ip_set_hash_netport \
316 ipset
/ip_set_hash_netiface \
317 ipset
/ip_set_list_set \
320 define KernelPackage
/ipt-ipset
321 SUBMENU
:=Netfilter Extensions
322 TITLE
:=IPset netfilter modules
323 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
326 CONFIG_IP_SET_MAX
=256 \
327 CONFIG_NETFILTER_XT_SET \
328 CONFIG_IP_SET_BITMAP_IP \
329 CONFIG_IP_SET_BITMAP_IPMAC \
330 CONFIG_IP_SET_BITMAP_PORT \
331 CONFIG_IP_SET_HASH_IP \
332 CONFIG_IP_SET_HASH_IPMARK \
333 CONFIG_IP_SET_HASH_IPPORT \
334 CONFIG_IP_SET_HASH_IPPORTIP \
335 CONFIG_IP_SET_HASH_IPPORTNET \
336 CONFIG_IP_SET_HASH_MAC \
337 CONFIG_IP_SET_HASH_NET \
338 CONFIG_IP_SET_HASH_NETNET \
339 CONFIG_IP_SET_HASH_NETIFACE \
340 CONFIG_IP_SET_HASH_NETPORT \
341 CONFIG_IP_SET_HASH_NETPORTNET \
342 CONFIG_IP_SET_LIST_SET \
343 CONFIG_NET_EMATCH_IPSET
=n
344 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
345 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
347 $(eval
$(call KernelPackage
,ipt-ipset
))
350 define KernelPackage
/ipt-nat
351 TITLE
:=Basic NAT targets
352 KCONFIG
:=$(KCONFIG_IPT_NAT
)
353 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
354 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
355 $(call AddDepends
/ipt
,+kmod-nf-nat
)
358 define KernelPackage
/ipt-nat
/description
359 Netfilter
(IPv4
) kernel modules for basic NAT targets
364 $(eval
$(call KernelPackage
,ipt-nat
))
367 define KernelPackage
/ipt-raw
368 TITLE
:=Netfilter IPv4 raw table support
369 KCONFIG
:=CONFIG_IP_NF_RAW
370 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/iptable_raw.ko
371 AUTOLOAD
:=$(call AutoProbe
,iptable_raw
)
372 $(call AddDepends
/ipt
)
375 $(eval
$(call KernelPackage
,ipt-raw
))
378 define KernelPackage
/ipt-raw6
379 TITLE
:=Netfilter IPv6 raw table support
380 KCONFIG
:=CONFIG_IP6_NF_RAW
381 FILES
:=$(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6table_raw.ko
382 AUTOLOAD
:=$(call AutoProbe
,ip6table_raw
)
383 $(call AddDepends
/ipt
,+kmod-ip6tables
)
386 $(eval
$(call KernelPackage
,ipt-raw6
))
389 define KernelPackage
/ipt-nat6
390 TITLE
:=IPv6 NAT targets
391 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
392 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
393 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
394 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
395 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
396 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
397 $(call AddDepends
/ipt
,+kmod-ip6tables
)
400 define KernelPackage
/ipt-nat6
/description
401 Netfilter
(IPv6
) kernel modules for NAT targets
404 $(eval
$(call KernelPackage
,ipt-nat6
))
407 define KernelPackage
/ipt-nat-extra
408 TITLE
:=Extra NAT targets
409 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
410 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
411 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
412 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
415 define KernelPackage
/ipt-nat-extra
/description
416 Netfilter
(IPv4
) kernel modules for extra NAT targets
422 $(eval
$(call KernelPackage
,ipt-nat-extra
))
425 define KernelPackage
/nf-nathelper
427 TITLE
:=Basic Conntrack and NAT helpers
428 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
429 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
430 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
431 DEPENDS
:=+kmod-nf-nat
434 define KernelPackage
/nf-nathelper
/description
435 Default Netfilter
(IPv4
) Conntrack and NAT helpers
440 $(eval
$(call KernelPackage
,nf-nathelper
))
443 define KernelPackage
/nf-nathelper-extra
445 TITLE
:=Extra Conntrack and NAT helpers
446 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
447 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
448 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
449 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
452 define KernelPackage
/nf-nathelper-extra
/description
453 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
467 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
470 define KernelPackage
/ipt-ulog
471 TITLE
:=Module for user-space packet logging
472 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
473 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
474 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
475 $(call AddDepends
/ipt
)
478 define KernelPackage
/ipt-ulog
/description
479 Netfilter
(IPv4
) module for user-space packet logging
484 $(eval
$(call KernelPackage
,ipt-ulog
))
487 define KernelPackage
/ipt-nflog
488 TITLE
:=Module for user-space packet logging
489 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
490 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
491 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
492 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
495 define KernelPackage
/ipt-nflog
/description
496 Netfilter module for user-space packet logging
501 $(eval
$(call KernelPackage
,ipt-nflog
))
504 define KernelPackage
/ipt-nfqueue
505 TITLE
:=Module for user-space packet queuing
506 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
507 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
508 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
509 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
512 define KernelPackage
/ipt-nfqueue
/description
513 Netfilter module for user-space packet queuing
518 $(eval
$(call KernelPackage
,ipt-nfqueue
))
521 define KernelPackage
/ipt-debug
522 TITLE
:=Module for debugging
/development
523 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
524 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
525 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
526 $(call AddDepends
/ipt
,+kmod-ipt-raw
+IPV6
:kmod-ipt-raw6
)
529 define KernelPackage
/ipt-debug
/description
530 Netfilter modules for debugging
/development of the firewall
535 $(eval
$(call KernelPackage
,ipt-debug
))
538 define KernelPackage
/ipt-led
539 TITLE
:=Module to trigger a LED with a Netfilter rule
540 KCONFIG
:=$(KCONFIG_IPT_LED
)
541 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
542 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
543 $(call AddDepends
/ipt
)
546 define KernelPackage
/ipt-led
/description
547 Netfilter target to trigger a LED when a network packet is matched.
550 $(eval
$(call KernelPackage
,ipt-led
))
552 define KernelPackage
/ipt-tproxy
553 TITLE
:=Transparent proxying support
554 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-nf-conntrack6
+IPV6
:kmod-ip6tables
556 CONFIG_NETFILTER_XT_MATCH_SOCKET \
557 CONFIG_NETFILTER_XT_TARGET_TPROXY
559 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
560 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_TPROXY-m
)))
561 $(call AddDepends
/ipt
)
564 define KernelPackage
/ipt-tproxy
/description
565 Kernel modules for Transparent Proxying
568 $(eval
$(call KernelPackage
,ipt-tproxy
))
570 define KernelPackage
/ipt-tee
572 DEPENDS
:=+kmod-ipt-conntrack
574 CONFIG_NETFILTER_XT_TARGET_TEE
576 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
577 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
578 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
579 $(call AddDepends
/ipt
)
582 define KernelPackage
/ipt-tee
/description
583 Kernel modules for TEE
586 $(eval
$(call KernelPackage
,ipt-tee
))
589 define KernelPackage
/ipt-u32
592 CONFIG_NETFILTER_XT_MATCH_U32
594 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
595 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
596 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
597 $(call AddDepends
/ipt
)
600 define KernelPackage
/ipt-u32
/description
601 Kernel modules for U32
604 $(eval
$(call KernelPackage
,ipt-u32
))
606 define KernelPackage
/ipt-checksum
607 TITLE
:=CHECKSUM support
609 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
611 $(LINUX_DIR
)/net
/netfilter
/xt_CHECKSUM.ko \
612 $(foreach mod
,$(IPT_CHECKSUM-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
613 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CHECKSUM-m
)))
614 $(call AddDepends
/ipt
)
617 define KernelPackage
/ipt-checksum
/description
618 Kernel modules for CHECKSUM fillin target
621 $(eval
$(call KernelPackage
,ipt-checksum
))
624 define KernelPackage
/ipt-iprange
625 TITLE
:=Module for matching ip ranges
626 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
627 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
628 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
629 $(call AddDepends
/ipt
)
632 define KernelPackage
/ipt-iprange
/description
633 Netfilter
(IPv4
) module for matching ip ranges
638 $(eval
$(call KernelPackage
,ipt-iprange
))
640 define KernelPackage
/ipt-cluster
641 TITLE
:=Module for matching cluster
642 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
643 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
644 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
645 $(call AddDepends
/ipt
)
648 define KernelPackage
/ipt-cluster
/description
649 Netfilter
(IPv4
/IPv6
) module for matching cluster
650 This option allows you to build work-load-sharing clusters of
651 network servers
/stateful firewalls without having a dedicated
652 load-balancing router
/server
/switch. Basically
, this match returns
653 true when the packet must be handled by this cluster node. Thus
,
654 all nodes see
all packets and this match decides which node handles
655 what packets. The work-load sharing algorithm is based on source
658 This module is usable for ipv4 and ipv6.
660 To use it also enable iptables-mod-cluster
662 see
`iptables -m cluster --help` for more information.
665 $(eval
$(call KernelPackage
,ipt-cluster
))
667 define KernelPackage
/ipt-clusterip
668 TITLE
:=Module for CLUSTERIP
669 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
670 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
671 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
672 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
675 define KernelPackage
/ipt-clusterip
/description
676 Netfilter
(IPv4-only
) module for CLUSTERIP
677 The CLUSTERIP target allows you to build load-balancing clusters of
678 network servers without having a dedicated load-balancing
679 router
/server
/switch.
681 To use it also enable iptables-mod-clusterip
683 see
`iptables -j CLUSTERIP --help` for more information.
686 $(eval
$(call KernelPackage
,ipt-clusterip
))
689 define KernelPackage
/ipt-extra
691 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
692 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
693 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
694 $(call AddDepends
/ipt
)
697 define KernelPackage
/ipt-extra
/description
698 Other Netfilter
(IPv4
) kernel modules
706 $(eval
$(call KernelPackage
,ipt-extra
))
709 define KernelPackage
/ipt-physdev
710 TITLE
:=physdev module
711 KCONFIG
:=$(KCONFIG_IPT_PHYSDEV
)
712 FILES
:=$(foreach mod
,$(IPT_PHYSDEV-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
713 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_PHYSDEV-m
)))
714 $(call AddDepends
/ipt
,+kmod-br-netfilter
)
717 define KernelPackage
/ipt-physdev
/description
718 The iptables physdev kernel module
721 $(eval
$(call KernelPackage
,ipt-physdev
))
724 define KernelPackage
/ip6tables
727 DEPENDS
:=+kmod-nf-reject6
+kmod-nf-ipt6
+kmod-ipt-core
728 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
729 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
730 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
733 define KernelPackage
/ip6tables
/description
734 Netfilter IPv6 firewalling support
737 $(eval
$(call KernelPackage
,ip6tables
))
739 define KernelPackage
/ip6tables-extra
741 TITLE
:=Extra IPv6 modules
742 DEPENDS
:=+kmod-ip6tables
743 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
744 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
745 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
748 define KernelPackage
/ip6tables-extra
/description
749 Netfilter IPv6 extra header matching modules
752 $(eval
$(call KernelPackage
,ip6tables-extra
))
754 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
755 define KernelPackage
/arptables
757 TITLE
:=ARP firewalling modules
758 DEPENDS
:=+kmod-ipt-core
759 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
760 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
761 CONFIG_IP_NF_ARPFILTER \
762 CONFIG_IP_NF_ARP_MANGLE
763 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
766 define KernelPackage
/arptables
/description
767 Kernel modules for ARP firewalling
770 $(eval
$(call KernelPackage
,arptables
))
773 define KernelPackage
/br-netfilter
775 TITLE
:=Bridge netfilter support modules
776 DEPENDS
:=+kmod-ipt-core
777 FILES
:=$(LINUX_DIR
)/net
/bridge
/br_netfilter.ko
778 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
779 AUTOLOAD
:=$(call AutoProbe
,br_netfilter
)
782 define KernelPackage
/br-netfilter
/install
783 $(INSTALL_DIR
) $(1)/etc
/sysctl.d
784 $(INSTALL_DATA
) .
/files
/sysctl-br-netfilter.conf
$(1)/etc
/sysctl.d
/11-br-netfilter.conf
787 $(eval
$(call KernelPackage
,br-netfilter
))
790 define KernelPackage
/ebtables
792 TITLE
:=Bridge firewalling modules
793 DEPENDS
:=+kmod-ipt-core
794 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
795 KCONFIG
:=$(KCONFIG_EBTABLES
)
796 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
799 define KernelPackage
/ebtables
/description
800 ebtables is a general
, extensible frame
/packet identification
801 framework. It provides you to do Ethernet
802 filtering
/NAT
/brouting on the Ethernet bridge.
805 $(eval
$(call KernelPackage
,ebtables
))
808 define AddDepends
/ebtables
810 DEPENDS
+= +kmod-ebtables
$(1)
814 define KernelPackage
/ebtables-ipv4
815 TITLE
:=ebtables
: IPv4 support
816 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
817 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
818 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
819 $(call AddDepends
/ebtables
)
822 define KernelPackage
/ebtables-ipv4
/description
823 This option adds the IPv4 support to ebtables
, which allows basic
824 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
827 $(eval
$(call KernelPackage
,ebtables-ipv4
))
830 define KernelPackage
/ebtables-ipv6
831 TITLE
:=ebtables
: IPv6 support
832 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
833 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
834 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
835 $(call AddDepends
/ebtables
)
838 define KernelPackage
/ebtables-ipv6
/description
839 This option adds the IPv6 support to ebtables
, which allows basic
840 IPv6 header field filtering and target support.
843 $(eval
$(call KernelPackage
,ebtables-ipv6
))
846 define KernelPackage
/ebtables-watchers
847 TITLE
:=ebtables
: watchers support
848 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
849 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
850 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
851 $(call AddDepends
/ebtables
)
854 define KernelPackage
/ebtables-watchers
/description
855 This option adds the log watchers
, that you can use in any rule
856 in any ebtables table.
859 $(eval
$(call KernelPackage
,ebtables-watchers
))
862 define KernelPackage
/nfnetlink
864 TITLE
:=Netlink-based userspace interface
865 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
866 KCONFIG
:=$(KCONFIG_NFNETLINK
)
867 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
870 define KernelPackage
/nfnetlink
/description
871 Kernel modules support for a netlink-based userspace interface
874 $(eval
$(call KernelPackage
,nfnetlink
))
877 define AddDepends
/nfnetlink
879 DEPENDS
+=+kmod-nfnetlink
$(1)
883 define KernelPackage
/nfnetlink-log
884 TITLE
:=Netfilter LOG over NFNETLINK interface
885 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
886 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
887 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
888 $(call AddDepends
/nfnetlink
)
891 define KernelPackage
/nfnetlink-log
/description
892 Kernel modules support for logging packets via NFNETLINK
897 $(eval
$(call KernelPackage
,nfnetlink-log
))
900 define KernelPackage
/nfnetlink-queue
901 TITLE
:=Netfilter QUEUE over NFNETLINK interface
902 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
903 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
904 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
905 $(call AddDepends
/nfnetlink
)
908 define KernelPackage
/nfnetlink-queue
/description
909 Kernel modules support for queueing packets via NFNETLINK
914 $(eval
$(call KernelPackage
,nfnetlink-queue
))
917 define KernelPackage
/nf-conntrack-netlink
918 TITLE
:=Connection tracking netlink interface
919 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
920 KCONFIG
:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS
=y
921 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
922 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
925 define KernelPackage
/nf-conntrack-netlink
/description
926 Kernel modules support for a netlink-based connection tracking
930 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
932 define KernelPackage
/ipt-hashlimit
934 TITLE
:=Netfilter hashlimit match
935 DEPENDS
:=+kmod-ipt-core
936 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
937 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
938 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
939 $(call KernelPackage
/ipt
)
942 define KernelPackage
/ipt-hashlimit
/description
943 Kernel modules support for the hashlimit bucket match module
946 $(eval
$(call KernelPackage
,ipt-hashlimit
))
948 define KernelPackage
/ipt-rpfilter
950 TITLE
:=Netfilter rpfilter match
951 DEPENDS
:=+kmod-ipt-core
952 KCONFIG
:=$(KCONFIG_IPT_RPFILTER
)
954 $(LINUX_DIR
)/net
/ipv4
/netfilter
/ipt_rpfilter.ko \
955 $(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6t_rpfilter.ko
)
956 AUTOLOAD
:=$(call AutoProbe
,ipt_rpfilter ip6t_rpfilter
)
957 $(call KernelPackage
/ipt
)
960 define KernelPackage
/ipt-rpfilter
/description
961 Kernel modules support for the Netfilter rpfilter match
964 $(eval
$(call KernelPackage
,ipt-rpfilter
))
967 define KernelPackage
/nft-core
969 TITLE
:=Netfilter nf_tables support
970 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-reject
+kmod-nf-reject6
+kmod-nf-conntrack6
971 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
972 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
974 CONFIG_NFT_COMPAT
=n \
979 define KernelPackage
/nft-core
/description
980 Kernel module support for nftables
983 $(eval
$(call KernelPackage
,nft-core
))
986 define KernelPackage
/nft-arp
988 TITLE
:=Netfilter nf_tables ARP table support
989 DEPENDS
:=+kmod-nft-core
990 FILES
:=$(foreach mod
,$(NFT_ARP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
991 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_ARP-m
)))
992 KCONFIG
:=$(KCONFIG_NFT_ARP
)
995 $(eval
$(call KernelPackage
,nft-arp
))
998 define KernelPackage
/nft-bridge
1000 TITLE
:=Netfilter nf_tables bridge table support
1001 DEPENDS
:=+kmod-nft-core
1002 FILES
:=$(foreach mod
,$(NFT_BRIDGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1003 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_BRIDGE-m
)))
1005 CONFIG_NF_LOG_BRIDGE
=n \
1006 $(KCONFIG_NFT_BRIDGE
)
1009 $(eval
$(call KernelPackage
,nft-bridge
))
1012 define KernelPackage
/nft-nat
1014 TITLE
:=Netfilter nf_tables NAT support
1015 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
1016 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1017 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
1018 KCONFIG
:=$(KCONFIG_NFT_NAT
)
1021 $(eval
$(call KernelPackage
,nft-nat
))
1024 define KernelPackage
/nft-offload
1026 TITLE
:=Netfilter nf_tables routing
/NAT offload support
1027 DEPENDS
:=+kmod-nf-flow
+kmod-nft-nat
1029 CONFIG_NF_FLOW_TABLE_INET \
1030 CONFIG_NF_FLOW_TABLE_IPV4 \
1031 CONFIG_NF_FLOW_TABLE_IPV6 \
1032 CONFIG_NFT_FLOW_OFFLOAD
1034 $(LINUX_DIR
)/net
/netfilter
/nf_flow_table_inet.ko \
1035 $(LINUX_DIR
)/net
/ipv4
/netfilter
/nf_flow_table_ipv4.ko \
1036 $(LINUX_DIR
)/net
/ipv6
/netfilter
/nf_flow_table_ipv6.ko \
1037 $(LINUX_DIR
)/net
/netfilter
/nft_flow_offload.ko
1038 AUTOLOAD
:=$(call AutoProbe
,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload
)
1041 $(eval
$(call KernelPackage
,nft-offload
))
1044 define KernelPackage
/nft-nat6
1046 TITLE
:=Netfilter nf_tables IPv6-NAT support
1047 DEPENDS
:=+kmod-nft-nat
+kmod-nf-nat6
1048 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
1049 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
1050 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
1053 $(eval
$(call KernelPackage
,nft-nat6
))