3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-ipt
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
25 $(eval
$(call KernelPackage
,nf-ipt
))
28 define KernelPackage
/nf-ipt6
31 KCONFIG
:=$(KCONFIG_NF_IPT6
)
32 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
33 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
34 DEPENDS
:=+kmod-nf-ipt
+kmod-nf-conntrack6
37 $(eval
$(call KernelPackage
,nf-ipt6
))
41 define KernelPackage
/ipt-core
44 KCONFIG
:=$(KCONFIG_IPT_CORE
)
45 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
46 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
50 define KernelPackage
/ipt-core
/description
51 Netfilter core kernel modules
62 $(eval
$(call KernelPackage
,ipt-core
))
65 define KernelPackage
/nf-conntrack
67 TITLE
:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED
=y \
71 CONFIG_NF_CONNTRACK_MARK
=y \
72 CONFIG_NF_CONNTRACK_ZONES
=y \
73 $(KCONFIG_NF_CONNTRACK
)
74 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
75 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
78 $(eval
$(call KernelPackage
,nf-conntrack
))
81 define KernelPackage
/nf-conntrack6
83 TITLE
:=Netfilter IPv6 connection tracking
84 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
85 DEPENDS
:=@IPV6
+kmod-nf-conntrack
86 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
87 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
90 $(eval
$(call KernelPackage
,nf-conntrack6
))
93 define KernelPackage
/nf-nat
96 KCONFIG
:=$(KCONFIG_NF_NAT
)
97 DEPENDS
:=+kmod-nf-conntrack
+kmod-nf-ipt
98 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
99 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
102 $(eval
$(call KernelPackage
,nf-nat
))
105 define KernelPackage
/nf-nat6
107 TITLE
:=Netfilter IPV6-NAT
108 KCONFIG
:=$(KCONFIG_NF_NAT6
)
109 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-ipt6
+kmod-nf-nat
110 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
111 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
114 $(eval
$(call KernelPackage
,nf-nat6
))
117 define AddDepends
/ipt
119 DEPENDS
+= +kmod-ipt-core
$(1)
123 define KernelPackage
/ipt-conntrack
124 TITLE
:=Basic connection tracking modules
125 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
126 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
127 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
128 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
131 define KernelPackage
/ipt-conntrack
/description
132 Netfilter
(IPv4
) kernel modules for connection tracking
141 $(eval
$(call KernelPackage
,ipt-conntrack
))
144 define KernelPackage
/ipt-conntrack-extra
145 TITLE
:=Extra connection tracking modules
146 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
147 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
148 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
149 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
152 define KernelPackage
/ipt-conntrack-extra
/description
153 Netfilter
(IPv4
) extra kernel modules for connection tracking
162 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
165 define KernelPackage
/ipt-filter
166 TITLE
:=Modules for packet content inspection
167 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
168 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
169 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
170 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
173 define KernelPackage
/ipt-filter
/description
174 Netfilter
(IPv4
) kernel modules for packet content inspection
179 $(eval
$(call KernelPackage
,ipt-filter
))
182 define KernelPackage
/ipt-ipopt
183 TITLE
:=Modules for matching
/changing IP packet options
184 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
185 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
186 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
187 $(call AddDepends
/ipt
)
190 define KernelPackage
/ipt-ipopt
/description
191 Netfilter
(IPv4
) modules for matching
/changing IP packet options
206 $(eval
$(call KernelPackage
,ipt-ipopt
))
209 define KernelPackage
/ipt-ipsec
210 TITLE
:=Modules for matching IPSec packets
211 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
212 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
213 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
214 $(call AddDepends
/ipt
)
217 define KernelPackage
/ipt-ipsec
/description
218 Netfilter
(IPv4
) modules for matching IPSec packets
225 $(eval
$(call KernelPackage
,ipt-ipsec
))
229 ipset
/ip_set_bitmap_ip \
230 ipset
/ip_set_bitmap_ipmac \
231 ipset
/ip_set_bitmap_port \
232 ipset
/ip_set_hash_ip \
233 ipset
/ip_set_hash_ipmark \
234 ipset
/ip_set_hash_ipport \
235 ipset
/ip_set_hash_ipportip \
236 ipset
/ip_set_hash_ipportnet \
237 ipset
/ip_set_hash_mac \
238 ipset
/ip_set_hash_netportnet \
239 ipset
/ip_set_hash_net \
240 ipset
/ip_set_hash_netnet \
241 ipset
/ip_set_hash_netport \
242 ipset
/ip_set_hash_netiface \
243 ipset
/ip_set_list_set \
246 define KernelPackage
/ipt-ipset
247 SUBMENU
:=Netfilter Extensions
248 TITLE
:=IPset netfilter modules
249 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
252 CONFIG_IP_SET_MAX
=256 \
253 CONFIG_NETFILTER_XT_SET \
254 CONFIG_IP_SET_BITMAP_IP \
255 CONFIG_IP_SET_BITMAP_IPMAC \
256 CONFIG_IP_SET_BITMAP_PORT \
257 CONFIG_IP_SET_HASH_IP \
258 CONFIG_IP_SET_HASH_IPMARK \
259 CONFIG_IP_SET_HASH_IPPORT \
260 CONFIG_IP_SET_HASH_IPPORTIP \
261 CONFIG_IP_SET_HASH_IPPORTNET \
262 CONFIG_IP_SET_HASH_MAC \
263 CONFIG_IP_SET_HASH_NET \
264 CONFIG_IP_SET_HASH_NETNET \
265 CONFIG_IP_SET_HASH_NETIFACE \
266 CONFIG_IP_SET_HASH_NETPORT \
267 CONFIG_IP_SET_HASH_NETPORTNET \
268 CONFIG_IP_SET_LIST_SET \
269 CONFIG_NET_EMATCH_IPSET
=n
270 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
271 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
273 $(eval
$(call KernelPackage
,ipt-ipset
))
276 define KernelPackage
/ipt-nat
277 TITLE
:=Basic NAT targets
278 KCONFIG
:=$(KCONFIG_IPT_NAT
)
279 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
280 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
281 $(call AddDepends
/ipt
,+kmod-nf-nat
)
284 define KernelPackage
/ipt-nat
/description
285 Netfilter
(IPv4
) kernel modules for basic NAT targets
290 $(eval
$(call KernelPackage
,ipt-nat
))
293 define KernelPackage
/ipt-raw
294 TITLE
:=Netfilter IPv4 raw table support
295 KCONFIG
:=CONFIG_IP_NF_RAW
296 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/iptable_raw.ko
297 AUTOLOAD
:=$(call AutoProbe
,iptable_raw
)
298 $(call AddDepends
/ipt
)
301 $(eval
$(call KernelPackage
,ipt-raw
))
304 define KernelPackage
/ipt-raw6
305 TITLE
:=Netfilter IPv6 raw table support
306 KCONFIG
:=CONFIG_IP6_NF_RAW
307 FILES
:=$(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6table_raw.ko
308 AUTOLOAD
:=$(call AutoProbe
,ip6table_raw
)
309 $(call AddDepends
/ipt
,+kmod-ip6tables
)
312 $(eval
$(call KernelPackage
,ipt-raw6
))
315 define KernelPackage
/ipt-nat6
316 TITLE
:=IPv6 NAT targets
317 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
318 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
319 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
320 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
321 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
322 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
323 $(call AddDepends
/ipt
,+kmod-ip6tables
)
326 define KernelPackage
/ipt-nat6
/description
327 Netfilter
(IPv6
) kernel modules for NAT targets
330 $(eval
$(call KernelPackage
,ipt-nat6
))
333 define KernelPackage
/ipt-nat-extra
334 TITLE
:=Extra NAT targets
335 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
336 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
337 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
338 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
341 define KernelPackage
/ipt-nat-extra
/description
342 Netfilter
(IPv4
) kernel modules for extra NAT targets
348 $(eval
$(call KernelPackage
,ipt-nat-extra
))
351 define KernelPackage
/nf-nathelper
353 TITLE
:=Basic Conntrack and NAT helpers
354 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
355 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
356 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
357 DEPENDS
:=+kmod-nf-nat
360 define KernelPackage
/nf-nathelper
/description
361 Default Netfilter
(IPv4
) Conntrack and NAT helpers
366 $(eval
$(call KernelPackage
,nf-nathelper
))
369 define KernelPackage
/nf-nathelper-extra
371 TITLE
:=Extra Conntrack and NAT helpers
372 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
373 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
374 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
375 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
378 define KernelPackage
/nf-nathelper-extra
/description
379 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
393 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
396 define KernelPackage
/ipt-ulog
397 TITLE
:=Module for user-space packet logging
398 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
399 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
400 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
401 $(call AddDepends
/ipt
)
404 define KernelPackage
/ipt-ulog
/description
405 Netfilter
(IPv4
) module for user-space packet logging
410 $(eval
$(call KernelPackage
,ipt-ulog
))
413 define KernelPackage
/ipt-nflog
414 TITLE
:=Module for user-space packet logging
415 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
416 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
417 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
418 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
421 define KernelPackage
/ipt-nflog
/description
422 Netfilter module for user-space packet logging
427 $(eval
$(call KernelPackage
,ipt-nflog
))
430 define KernelPackage
/ipt-nfqueue
431 TITLE
:=Module for user-space packet queuing
432 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
433 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
434 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
435 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
438 define KernelPackage
/ipt-nfqueue
/description
439 Netfilter module for user-space packet queuing
444 $(eval
$(call KernelPackage
,ipt-nfqueue
))
447 define KernelPackage
/ipt-debug
448 TITLE
:=Module for debugging
/development
449 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
451 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
452 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
453 $(call AddDepends
/ipt
)
456 define KernelPackage
/ipt-debug
/description
457 Netfilter modules for debugging
/development of the firewall
462 $(eval
$(call KernelPackage
,ipt-debug
))
465 define KernelPackage
/ipt-led
466 TITLE
:=Module to trigger a LED with a Netfilter rule
467 KCONFIG
:=$(KCONFIG_IPT_LED
)
468 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
469 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
470 $(call AddDepends
/ipt
)
473 define KernelPackage
/ipt-led
/description
474 Netfilter target to trigger a LED when a network packet is matched.
477 $(eval
$(call KernelPackage
,ipt-led
))
479 define KernelPackage
/ipt-tproxy
480 TITLE
:=Transparent proxying support
481 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-ip6tables
483 CONFIG_NETFILTER_XT_MATCH_SOCKET \
484 CONFIG_NETFILTER_XT_TARGET_TPROXY
486 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
487 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_TPROXY-m
)))
488 $(call AddDepends
/ipt
)
491 define KernelPackage
/ipt-tproxy
/description
492 Kernel modules for Transparent Proxying
495 $(eval
$(call KernelPackage
,ipt-tproxy
))
497 define KernelPackage
/ipt-tee
499 DEPENDS
:=+kmod-ipt-conntrack
501 CONFIG_NETFILTER_XT_TARGET_TEE
503 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
504 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
505 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
506 $(call AddDepends
/ipt
)
509 define KernelPackage
/ipt-tee
/description
510 Kernel modules for TEE
513 $(eval
$(call KernelPackage
,ipt-tee
))
516 define KernelPackage
/ipt-u32
519 CONFIG_NETFILTER_XT_MATCH_U32
521 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
522 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
523 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
524 $(call AddDepends
/ipt
)
527 define KernelPackage
/ipt-u32
/description
528 Kernel modules for U32
531 $(eval
$(call KernelPackage
,ipt-u32
))
533 define KernelPackage
/ipt-checksum
534 TITLE
:=CHECKSUM support
536 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
538 $(LINUX_DIR
)/net
/netfilter
/xt_CHECKSUM.ko \
539 $(foreach mod
,$(IPT_CHECKSUM-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
540 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CHECKSUM-m
)))
541 $(call AddDepends
/ipt
)
544 define KernelPackage
/ipt-checksum
/description
545 Kernel modules for CHECKSUM fillin target
548 $(eval
$(call KernelPackage
,ipt-checksum
))
551 define KernelPackage
/ipt-iprange
552 TITLE
:=Module for matching ip ranges
553 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
554 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
555 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
556 $(call AddDepends
/ipt
)
559 define KernelPackage
/ipt-iprange
/description
560 Netfilter
(IPv4
) module for matching ip ranges
565 $(eval
$(call KernelPackage
,ipt-iprange
))
567 define KernelPackage
/ipt-cluster
568 TITLE
:=Module for matching cluster
569 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
570 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
571 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
572 $(call AddDepends
/ipt
)
575 define KernelPackage
/ipt-cluster
/description
576 Netfilter
(IPv4
/IPv6
) module for matching cluster
577 This option allows you to build work-load-sharing clusters of
578 network servers
/stateful firewalls without having a dedicated
579 load-balancing router
/server
/switch. Basically
, this match returns
580 true when the packet must be handled by this cluster node. Thus
,
581 all nodes see
all packets and this match decides which node handles
582 what packets. The work-load sharing algorithm is based on source
585 This module is usable for ipv4 and ipv6.
587 To use it also enable iptables-mod-cluster
589 see
`iptables -m cluster --help` for more information.
592 $(eval
$(call KernelPackage
,ipt-cluster
))
594 define KernelPackage
/ipt-clusterip
595 TITLE
:=Module for CLUSTERIP
596 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
597 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
598 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
599 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
602 define KernelPackage
/ipt-clusterip
/description
603 Netfilter
(IPv4-only
) module for CLUSTERIP
604 The CLUSTERIP target allows you to build load-balancing clusters of
605 network servers without having a dedicated load-balancing
606 router
/server
/switch.
608 To use it also enable iptables-mod-clusterip
610 see
`iptables -j CLUSTERIP --help` for more information.
613 $(eval
$(call KernelPackage
,ipt-clusterip
))
616 define KernelPackage
/ipt-extra
618 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
619 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
620 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
621 $(call AddDepends
/ipt
,+kmod-br-netfilter
)
624 define KernelPackage
/ipt-extra
/description
625 Other Netfilter
(IPv4
) kernel modules
629 - physdev
(if bridge support was enabled in kernel
)
634 $(eval
$(call KernelPackage
,ipt-extra
))
637 define KernelPackage
/ip6tables
640 DEPENDS
:=+kmod-nf-ipt6
+kmod-ipt-core
+kmod-ipt-conntrack
641 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
642 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
643 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
646 define KernelPackage
/ip6tables
/description
647 Netfilter IPv6 firewalling support
650 $(eval
$(call KernelPackage
,ip6tables
))
652 define KernelPackage
/ip6tables-extra
654 TITLE
:=Extra IPv6 modules
655 DEPENDS
:=+kmod-ip6tables
656 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
657 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
658 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
661 define KernelPackage
/ip6tables-extra
/description
662 Netfilter IPv6 extra header matching modules
665 $(eval
$(call KernelPackage
,ip6tables-extra
))
667 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
668 define KernelPackage
/arptables
670 TITLE
:=ARP firewalling modules
671 DEPENDS
:=+kmod-ipt-core
672 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
673 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
674 CONFIG_IP_NF_ARPFILTER \
675 CONFIG_IP_NF_ARP_MANGLE
676 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
679 define KernelPackage
/arptables
/description
680 Kernel modules for ARP firewalling
683 $(eval
$(call KernelPackage
,arptables
))
686 define KernelPackage
/br-netfilter
688 TITLE
:=Bridge netfilter support modules
690 DEPENDS
:=+kmod-ipt-core
691 FILES
:=$(LINUX_DIR
)/net
/bridge
/br_netfilter.ko
692 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
693 AUTOLOAD
:=$(call AutoProbe
,br_netfilter
)
696 $(eval
$(call KernelPackage
,br-netfilter
))
699 define KernelPackage
/ebtables
701 TITLE
:=Bridge firewalling modules
702 DEPENDS
:=+kmod-ipt-core
+kmod-br-netfilter
703 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
704 KCONFIG
:=$(KCONFIG_EBTABLES
)
705 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
708 define KernelPackage
/ebtables
/description
709 ebtables is a general
, extensible frame
/packet identification
710 framework. It provides you to do Ethernet
711 filtering
/NAT
/brouting on the Ethernet bridge.
714 $(eval
$(call KernelPackage
,ebtables
))
717 define AddDepends
/ebtables
719 DEPENDS
+=kmod-ebtables
$(1)
723 define KernelPackage
/ebtables-ipv4
724 TITLE
:=ebtables
: IPv4 support
725 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
726 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
727 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
728 $(call AddDepends
/ebtables
)
731 define KernelPackage
/ebtables-ipv4
/description
732 This option adds the IPv4 support to ebtables
, which allows basic
733 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
736 $(eval
$(call KernelPackage
,ebtables-ipv4
))
739 define KernelPackage
/ebtables-ipv6
740 TITLE
:=ebtables
: IPv6 support
741 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
742 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
743 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
744 $(call AddDepends
/ebtables
)
747 define KernelPackage
/ebtables-ipv6
/description
748 This option adds the IPv6 support to ebtables
, which allows basic
749 IPv6 header field filtering and target support.
752 $(eval
$(call KernelPackage
,ebtables-ipv6
))
755 define KernelPackage
/ebtables-watchers
756 TITLE
:=ebtables
: watchers support
757 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
758 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
759 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
760 $(call AddDepends
/ebtables
)
763 define KernelPackage
/ebtables-watchers
/description
764 This option adds the log watchers
, that you can use in any rule
765 in any ebtables table.
768 $(eval
$(call KernelPackage
,ebtables-watchers
))
771 define KernelPackage
/nfnetlink
773 TITLE
:=Netlink-based userspace interface
774 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
775 KCONFIG
:=$(KCONFIG_NFNETLINK
)
776 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
779 define KernelPackage
/nfnetlink
/description
780 Kernel modules support for a netlink-based userspace interface
783 $(eval
$(call KernelPackage
,nfnetlink
))
786 define AddDepends
/nfnetlink
788 DEPENDS
+=+kmod-nfnetlink
$(1)
792 define KernelPackage
/nfnetlink-log
793 TITLE
:=Netfilter LOG over NFNETLINK interface
794 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
795 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
796 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
797 $(call AddDepends
/nfnetlink
)
800 define KernelPackage
/nfnetlink-log
/description
801 Kernel modules support for logging packets via NFNETLINK
806 $(eval
$(call KernelPackage
,nfnetlink-log
))
809 define KernelPackage
/nfnetlink-queue
810 TITLE
:=Netfilter QUEUE over NFNETLINK interface
811 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
812 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
813 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
814 $(call AddDepends
/nfnetlink
)
817 define KernelPackage
/nfnetlink-queue
/description
818 Kernel modules support for queueing packets via NFNETLINK
823 $(eval
$(call KernelPackage
,nfnetlink-queue
))
826 define KernelPackage
/nf-conntrack-netlink
827 TITLE
:=Connection tracking netlink interface
828 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
829 KCONFIG
:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS
=y
830 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
831 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
834 define KernelPackage
/nf-conntrack-netlink
/description
835 Kernel modules support for a netlink-based connection tracking
839 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
841 define KernelPackage
/ipt-hashlimit
843 TITLE
:=Netfilter hashlimit match
844 DEPENDS
:=+kmod-ipt-core
845 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
846 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
847 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
848 $(call KernelPackage
/ipt
)
851 define KernelPackage
/ipt-hashlimit
/description
852 Kernel modules support for the hashlimit bucket match module
855 $(eval
$(call KernelPackage
,ipt-hashlimit
))
857 define KernelPackage
/ipt-rpfilter
859 TITLE
:=Netfilter rpfilter match
860 DEPENDS
:=+kmod-ipt-core
861 KCONFIG
:=$(KCONFIG_IPT_RPFILTER
)
863 $(LINUX_DIR
)/net
/ipv4
/netfilter
/ipt_rpfilter.ko \
864 $(LINUX_DIR
)/net
/ipv6
/netfilter
/ip6t_rpfilter.ko
)
865 AUTOLOAD
:=$(call AutoProbe
,ipt_rpfilter ip6t_rpfilter
)
866 $(call KernelPackage
/ipt
)
869 define KernelPackage
/ipt-rpfilter
/description
870 Kernel modules support for the Netfilter rpfilter match
873 $(eval
$(call KernelPackage
,ipt-rpfilter
))
876 define KernelPackage
/nft-core
878 TITLE
:=Netfilter nf_tables support
879 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-conntrack6
+kmod-nf-ipt
+kmod-nf-ipt6
880 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
881 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
884 CONFIG_NETFILTER_ADVANCED
=y \
885 CONFIG_NFT_COMPAT
=n \
887 CONFIG_NF_TABLES_ARP
=n \
888 CONFIG_NF_TABLES_BRIDGE
=n \
892 define KernelPackage
/nft-core
/description
893 Kernel module support for nftables
896 $(eval
$(call KernelPackage
,nft-core
))
899 define KernelPackage
/nft-nat
901 TITLE
:=Netfilter nf_tables NAT support
902 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
+kmod-nf-nat6
903 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
904 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
905 KCONFIG
:=$(KCONFIG_NFT_NAT
)
908 $(eval
$(call KernelPackage
,nft-nat
))
911 define KernelPackage
/nft-nat6
913 TITLE
:=Netfilter nf_tables IPv6-NAT support
914 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat6
915 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
916 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
917 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
920 $(eval
$(call KernelPackage
,nft-nat6
))