3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
14 define KernelPackage
/nf-ipt
19 CONFIG_NETFILTER_ADVANCED
=y \
21 FILES
:=$(foreach mod
,$(NF_IPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
22 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT-m
)))
25 $(eval
$(call KernelPackage
,nf-ipt
))
28 define KernelPackage
/nf-ipt6
31 KCONFIG
:=$(KCONFIG_NF_IPT6
)
32 FILES
:=$(foreach mod
,$(NF_IPT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
33 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_IPT6-m
)))
34 DEPENDS
:=+kmod-nf-ipt
+kmod-nf-conntrack6
37 $(eval
$(call KernelPackage
,nf-ipt6
))
41 define KernelPackage
/ipt-core
44 KCONFIG
:=$(KCONFIG_IPT_CORE
)
45 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
46 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CORE-m
)))
50 define KernelPackage
/ipt-core
/description
51 Netfilter core kernel modules
62 $(eval
$(call KernelPackage
,ipt-core
))
65 define KernelPackage
/nf-conntrack
67 TITLE
:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED
=y \
71 $(KCONFIG_NF_CONNTRACK
)
72 FILES
:=$(foreach mod
,$(NF_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
73 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK-m
)))
76 $(eval
$(call KernelPackage
,nf-conntrack
))
79 define KernelPackage
/nf-conntrack6
81 TITLE
:=Netfilter IPv6 connection tracking
82 KCONFIG
:=$(KCONFIG_NF_CONNTRACK6
)
83 DEPENDS
:=@IPV6
+kmod-nf-conntrack
84 FILES
:=$(foreach mod
,$(NF_CONNTRACK6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
85 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_CONNTRACK6-m
)))
88 $(eval
$(call KernelPackage
,nf-conntrack6
))
91 define KernelPackage
/nf-nat
94 KCONFIG
:=$(KCONFIG_NF_NAT
)
95 DEPENDS
:=+kmod-nf-conntrack
+kmod-nf-ipt
96 FILES
:=$(foreach mod
,$(NF_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
97 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT-m
)))
100 $(eval
$(call KernelPackage
,nf-nat
))
103 define KernelPackage
/nf-nat6
105 TITLE
:=Netfilter IPV6-NAT
106 KCONFIG
:=$(KCONFIG_NF_NAT6
)
107 DEPENDS
:=+kmod-nf-conntrack6
+kmod-nf-ipt6
+kmod-nf-nat
108 FILES
:=$(foreach mod
,$(NF_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
109 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NAT6-m
)))
112 $(eval
$(call KernelPackage
,nf-nat6
))
115 define AddDepends
/ipt
117 DEPENDS
+= +kmod-ipt-core
$(1)
121 define KernelPackage
/ipt-conntrack
122 TITLE
:=Basic connection tracking modules
123 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
124 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
125 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK-m
)))
126 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
129 define KernelPackage
/ipt-conntrack
/description
130 Netfilter
(IPv4
) kernel modules for connection tracking
139 $(eval
$(call KernelPackage
,ipt-conntrack
))
142 define KernelPackage
/ipt-conntrack-extra
143 TITLE
:=Extra connection tracking modules
144 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
145 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
146 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
147 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
150 define KernelPackage
/ipt-conntrack-extra
/description
151 Netfilter
(IPv4
) extra kernel modules for connection tracking
160 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
163 define KernelPackage
/ipt-filter
164 TITLE
:=Modules for packet content inspection
165 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
166 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
167 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_FILTER-m
)))
168 $(call AddDepends
/ipt
,+kmod-lib-textsearch
+kmod-ipt-conntrack
)
171 define KernelPackage
/ipt-filter
/description
172 Netfilter
(IPv4
) kernel modules for packet content inspection
177 $(eval
$(call KernelPackage
,ipt-filter
))
180 define KernelPackage
/ipt-ipopt
181 TITLE
:=Modules for matching
/changing IP packet options
182 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
183 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
184 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPOPT-m
)))
185 $(call AddDepends
/ipt
)
188 define KernelPackage
/ipt-ipopt
/description
189 Netfilter
(IPv4
) modules for matching
/changing IP packet options
204 $(eval
$(call KernelPackage
,ipt-ipopt
))
207 define KernelPackage
/ipt-ipsec
208 TITLE
:=Modules for matching IPSec packets
209 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
210 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
211 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPSEC-m
)))
212 $(call AddDepends
/ipt
)
215 define KernelPackage
/ipt-ipsec
/description
216 Netfilter
(IPv4
) modules for matching IPSec packets
223 $(eval
$(call KernelPackage
,ipt-ipsec
))
227 ipset
/ip_set_bitmap_ip \
228 ipset
/ip_set_bitmap_ipmac \
229 ipset
/ip_set_bitmap_port \
230 ipset
/ip_set_hash_ip \
231 ipset
/ip_set_hash_ipmark \
232 ipset
/ip_set_hash_ipport \
233 ipset
/ip_set_hash_ipportip \
234 ipset
/ip_set_hash_ipportnet \
235 ipset
/ip_set_hash_mac \
236 ipset
/ip_set_hash_netportnet \
237 ipset
/ip_set_hash_net \
238 ipset
/ip_set_hash_netnet \
239 ipset
/ip_set_hash_netport \
240 ipset
/ip_set_hash_netiface \
241 ipset
/ip_set_list_set \
244 define KernelPackage
/ipt-ipset
245 SUBMENU
:=Netfilter Extensions
246 TITLE
:=IPset netfilter modules
247 DEPENDS
+= +kmod-ipt-core
+kmod-nfnetlink
250 CONFIG_IP_SET_MAX
=256 \
251 CONFIG_NETFILTER_XT_SET \
252 CONFIG_IP_SET_BITMAP_IP \
253 CONFIG_IP_SET_BITMAP_IPMAC \
254 CONFIG_IP_SET_BITMAP_PORT \
255 CONFIG_IP_SET_HASH_IP \
256 CONFIG_IP_SET_HASH_IPMARK \
257 CONFIG_IP_SET_HASH_IPPORT \
258 CONFIG_IP_SET_HASH_IPPORTIP \
259 CONFIG_IP_SET_HASH_IPPORTNET \
260 CONFIG_IP_SET_HASH_MAC \
261 CONFIG_IP_SET_HASH_NET \
262 CONFIG_IP_SET_HASH_NETNET \
263 CONFIG_IP_SET_HASH_NETIFACE \
264 CONFIG_IP_SET_HASH_NETPORT \
265 CONFIG_IP_SET_HASH_NETPORTNET \
266 CONFIG_IP_SET_LIST_SET \
267 CONFIG_NET_EMATCH_IPSET
=n
268 FILES
:=$(foreach mod
,$(IPSET_MODULES
),$(LINUX_DIR
)/net
/netfilter
/$(mod
).ko
)
269 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPSET_MODULES
)))
271 $(eval
$(call KernelPackage
,ipt-ipset
))
287 define KernelPackage
/nf-ipvs
288 SUBMENU
:=Netfilter Extensions
289 TITLE
:=IP Virtual Server modules
290 DEPENDS
:=+kmod-lib-crc32c
293 CONFIG_IP_VS_IPV6
=y \
294 CONFIG_IP_VS_DEBUG
=n \
295 CONFIG_IP_VS_PROTO_TCP
=y \
296 CONFIG_IP_VS_PROTO_UDP
=y \
297 CONFIG_IP_VS_PROTO_AH_ESP
=y \
298 CONFIG_IP_VS_PROTO_ESP
=y \
299 CONFIG_IP_VS_PROTO_AH
=y \
300 CONFIG_IP_VS_PROTO_SCTP
=y \
301 CONFIG_IP_VS_TAB_BITS
=12 \
314 CONFIG_IP_VS_SH_TAB_BITS
=8 \
315 CONFIG_IP_VS_NFCT
=n \
316 CONFIG_NETFILTER_XT_MATCH_IPVS
=n
318 FILES
:=$(foreach mod
,$(IPVS_MODULES
),$(LINUX_DIR
)/net
/netfilter
/ipvs
/$(mod
).ko
)
319 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
321 $(eval
$(call KernelPackage
,nf-ipvs
))
323 define KernelPackage
/nf-ipvs
/description
324 IPVS
(IP Virtual Server
) implements transport-layer load balancing inside the Linux kernel
325 so called Layer-4 switching.
328 define KernelPackage
/ipt-nat
329 TITLE
:=Basic NAT targets
330 KCONFIG
:=$(KCONFIG_IPT_NAT
)
331 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
332 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT-m
)))
333 $(call AddDepends
/ipt
,+kmod-nf-nat
)
336 define KernelPackage
/ipt-nat
/description
337 Netfilter
(IPv4
) kernel modules for basic NAT targets
342 $(eval
$(call KernelPackage
,ipt-nat
))
345 define KernelPackage
/ipt-nat6
346 TITLE
:=IPv6 NAT targets
347 KCONFIG
:=$(KCONFIG_IPT_NAT6
)
348 FILES
:=$(foreach mod
,$(IPT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
349 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT6-m
)))
350 $(call AddDepends
/ipt
,+kmod-nf-nat6
)
351 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
352 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
353 $(call AddDepends
/ipt
,+kmod-ip6tables
)
356 define KernelPackage
/ipt-nat6
/description
357 Netfilter
(IPv6
) kernel modules for NAT targets
360 $(eval
$(call KernelPackage
,ipt-nat6
))
363 define KernelPackage
/ipt-nat-extra
364 TITLE
:=Extra NAT targets
365 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
366 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
367 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NAT_EXTRA-m
)))
368 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
371 define KernelPackage
/ipt-nat-extra
/description
372 Netfilter
(IPv4
) kernel modules for extra NAT targets
378 $(eval
$(call KernelPackage
,ipt-nat-extra
))
381 define KernelPackage
/nf-nathelper
383 TITLE
:=Basic Conntrack and NAT helpers
384 KCONFIG
:=$(KCONFIG_NF_NATHELPER
)
385 FILES
:=$(foreach mod
,$(NF_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
386 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER-m
)))
387 DEPENDS
:=+kmod-nf-nat
390 define KernelPackage
/nf-nathelper
/description
391 Default Netfilter
(IPv4
) Conntrack and NAT helpers
398 $(eval
$(call KernelPackage
,nf-nathelper
))
401 define KernelPackage
/nf-nathelper-extra
403 TITLE
:=Extra Conntrack and NAT helpers
404 KCONFIG
:=$(KCONFIG_NF_NATHELPER_EXTRA
)
405 FILES
:=$(foreach mod
,$(NF_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
406 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NF_NATHELPER_EXTRA-m
)))
407 DEPENDS
:=+kmod-nf-nat
+kmod-lib-textsearch
410 define KernelPackage
/nf-nathelper-extra
/description
411 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
423 $(eval
$(call KernelPackage
,nf-nathelper-extra
))
426 define KernelPackage
/ipt-ulog
427 TITLE
:=Module for user-space packet logging
428 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
429 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
430 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_ULOG-m
)))
431 $(call AddDepends
/ipt
)
434 define KernelPackage
/ipt-ulog
/description
435 Netfilter
(IPv4
) module for user-space packet logging
440 $(eval
$(call KernelPackage
,ipt-ulog
))
443 define KernelPackage
/ipt-nflog
444 TITLE
:=Module for user-space packet logging
445 KCONFIG
:=$(KCONFIG_IPT_NFLOG
)
446 FILES
:=$(foreach mod
,$(IPT_NFLOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
447 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFLOG-m
)))
448 $(call AddDepends
/ipt
,+kmod-nfnetlink-log
)
451 define KernelPackage
/ipt-nflog
/description
452 Netfilter module for user-space packet logging
457 $(eval
$(call KernelPackage
,ipt-nflog
))
460 define KernelPackage
/ipt-nfqueue
461 TITLE
:=Module for user-space packet queuing
462 KCONFIG
:=$(KCONFIG_IPT_NFQUEUE
)
463 FILES
:=$(foreach mod
,$(IPT_NFQUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
464 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_NFQUEUE-m
)))
465 $(call AddDepends
/ipt
,+kmod-nfnetlink-queue
)
468 define KernelPackage
/ipt-nfqueue
/description
469 Netfilter module for user-space packet queuing
474 $(eval
$(call KernelPackage
,ipt-nfqueue
))
477 define KernelPackage
/ipt-debug
478 TITLE
:=Module for debugging
/development
479 KCONFIG
:=$(KCONFIG_IPT_DEBUG
)
481 FILES
:=$(foreach mod
,$(IPT_DEBUG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
482 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_DEBUG-m
)))
483 $(call AddDepends
/ipt
)
486 define KernelPackage
/ipt-debug
/description
487 Netfilter modules for debugging
/development of the firewall
492 $(eval
$(call KernelPackage
,ipt-debug
))
495 define KernelPackage
/ipt-led
496 TITLE
:=Module to trigger a LED with a Netfilter rule
497 KCONFIG
:=$(KCONFIG_IPT_LED
)
498 FILES
:=$(foreach mod
,$(IPT_LED-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
499 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_LED-m
)))
500 $(call AddDepends
/ipt
)
503 define KernelPackage
/ipt-led
/description
504 Netfilter target to trigger a LED when a network packet is matched.
507 $(eval
$(call KernelPackage
,ipt-led
))
509 define KernelPackage
/ipt-tproxy
510 TITLE
:=Transparent proxying support
511 DEPENDS
+=+kmod-ipt-conntrack
+IPV6
:kmod-ip6tables
513 CONFIG_NETFILTER_TPROXY \
514 CONFIG_NETFILTER_XT_MATCH_SOCKET \
515 CONFIG_NETFILTER_XT_TARGET_TPROXY
517 $(foreach mod
,$(IPT_TPROXY-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
518 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tproxy_core
$(IPT_TPROXY-m
)))
519 $(call AddDepends
/ipt
)
522 define KernelPackage
/ipt-tproxy
/description
523 Kernel modules for Transparent Proxying
526 $(eval
$(call KernelPackage
,ipt-tproxy
))
528 define KernelPackage
/ipt-tee
530 DEPENDS
:=+kmod-ipt-conntrack @
!LINUX_4_4
532 CONFIG_NETFILTER_XT_TARGET_TEE
534 $(LINUX_DIR
)/net
/netfilter
/xt_TEE.ko \
535 $(foreach mod
,$(IPT_TEE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
536 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_TEE-m
)))
537 $(call AddDepends
/ipt
)
540 define KernelPackage
/ipt-tee
/description
541 Kernel modules for TEE
544 $(eval
$(call KernelPackage
,ipt-tee
))
547 define KernelPackage
/ipt-u32
550 CONFIG_NETFILTER_XT_MATCH_U32
552 $(LINUX_DIR
)/net
/netfilter
/xt_u32.ko \
553 $(foreach mod
,$(IPT_U32-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
554 AUTOLOAD
:=$(call AutoProbe
,$(notdir nf_tee
$(IPT_U32-m
)))
555 $(call AddDepends
/ipt
)
558 define KernelPackage
/ipt-u32
/description
559 Kernel modules for U32
562 $(eval
$(call KernelPackage
,ipt-u32
))
565 define KernelPackage
/ipt-iprange
566 TITLE
:=Module for matching ip ranges
567 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
568 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
569 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_IPRANGE-m
)))
570 $(call AddDepends
/ipt
)
573 define KernelPackage
/ipt-iprange
/description
574 Netfilter
(IPv4
) module for matching ip ranges
579 $(eval
$(call KernelPackage
,ipt-iprange
))
581 define KernelPackage
/ipt-cluster
582 TITLE
:=Module for matching cluster
583 KCONFIG
:=$(KCONFIG_IPT_CLUSTER
)
584 FILES
:=$(foreach mod
,$(IPT_CLUSTER-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
585 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTER-m
)))
586 $(call AddDepends
/ipt
)
589 define KernelPackage
/ipt-cluster
/description
590 Netfilter
(IPv4
/IPv6
) module for matching cluster
591 This option allows you to build work-load-sharing clusters of
592 network servers
/stateful firewalls without having a dedicated
593 load-balancing router
/server
/switch. Basically
, this match returns
594 true when the packet must be handled by this cluster node. Thus
,
595 all nodes see
all packets and this match decides which node handles
596 what packets. The work-load sharing algorithm is based on source
599 This module is usable for ipv4 and ipv6.
601 To use it also enable iptables-mod-cluster
603 see
`iptables -m cluster --help` for more information.
606 $(eval
$(call KernelPackage
,ipt-cluster
))
608 define KernelPackage
/ipt-clusterip
609 TITLE
:=Module for CLUSTERIP
610 KCONFIG
:=$(KCONFIG_IPT_CLUSTERIP
)
611 FILES
:=$(foreach mod
,$(IPT_CLUSTERIP-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
612 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_CLUSTERIP-m
)))
613 $(call AddDepends
/ipt
,+kmod-nf-conntrack
)
616 define KernelPackage
/ipt-clusterip
/description
617 Netfilter
(IPv4-only
) module for CLUSTERIP
618 The CLUSTERIP target allows you to build load-balancing clusters of
619 network servers without having a dedicated load-balancing
620 router
/server
/switch.
622 To use it also enable iptables-mod-clusterip
624 see
`iptables -j CLUSTERIP --help` for more information.
627 $(eval
$(call KernelPackage
,ipt-clusterip
))
630 define KernelPackage
/ipt-extra
632 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
633 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
634 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(IPT_EXTRA-m
)))
635 $(call AddDepends
/ipt
)
638 define KernelPackage
/ipt-extra
/description
639 Other Netfilter
(IPv4
) kernel modules
643 - physdev
(if bridge support was enabled in kernel
)
648 $(eval
$(call KernelPackage
,ipt-extra
))
651 define KernelPackage
/ip6tables
654 DEPENDS
:=+kmod-nf-ipt6
+kmod-ipt-core
+kmod-ipt-conntrack
655 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
656 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
657 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_IPV6-m
)))
660 define KernelPackage
/ip6tables
/description
661 Netfilter IPv6 firewalling support
664 $(eval
$(call KernelPackage
,ip6tables
))
666 define KernelPackage
/ip6tables-extra
668 TITLE
:=Extra IPv6 modules
669 DEPENDS
:=+kmod-ip6tables
670 KCONFIG
:=$(KCONFIG_IPT_IPV6_EXTRA
)
671 FILES
:=$(foreach mod
,$(IPT_IPV6_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
672 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_IPV6_EXTRA-m
)))
675 define KernelPackage
/ip6tables-extra
/description
676 Netfilter IPv6 extra header matching modules
679 $(eval
$(call KernelPackage
,ip6tables-extra
))
681 ARP_MODULES
= arp_tables arpt_mangle arptable_filter
682 define KernelPackage
/arptables
684 TITLE
:=ARP firewalling modules
685 DEPENDS
:=+kmod-ipt-core
686 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.ko
687 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
688 CONFIG_IP_NF_ARPFILTER \
689 CONFIG_IP_NF_ARP_MANGLE
690 AUTOLOAD
:=$(call AutoProbe
,$(ARP_MODULES
))
693 define KernelPackage
/arptables
/description
694 Kernel modules for ARP firewalling
697 $(eval
$(call KernelPackage
,arptables
))
700 define KernelPackage
/ebtables
702 TITLE
:=Bridge firewalling modules
703 DEPENDS
:=+kmod-ipt-core
+kmod-bridge
704 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
705 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
=y \
707 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES-m
)))
710 define KernelPackage
/ebtables
/description
711 ebtables is a general
, extensible frame
/packet identification
712 framework. It provides you to do Ethernet
713 filtering
/NAT
/brouting on the Ethernet bridge.
716 $(eval
$(call KernelPackage
,ebtables
))
719 define AddDepends
/ebtables
721 DEPENDS
+=kmod-ebtables
$(1)
725 define KernelPackage
/ebtables-ipv4
726 TITLE
:=ebtables
: IPv4 support
727 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
728 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
729 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP4-m
)))
730 $(call AddDepends
/ebtables
)
733 define KernelPackage
/ebtables-ipv4
/description
734 This option adds the IPv4 support to ebtables
, which allows basic
735 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
738 $(eval
$(call KernelPackage
,ebtables-ipv4
))
741 define KernelPackage
/ebtables-ipv6
742 TITLE
:=ebtables
: IPv6 support
743 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
744 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
745 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_IP6-m
)))
746 $(call AddDepends
/ebtables
)
749 define KernelPackage
/ebtables-ipv6
/description
750 This option adds the IPv6 support to ebtables
, which allows basic
751 IPv6 header field filtering and target support.
754 $(eval
$(call KernelPackage
,ebtables-ipv6
))
757 define KernelPackage
/ebtables-watchers
758 TITLE
:=ebtables
: watchers support
759 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
760 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
761 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(EBTABLES_WATCHERS-m
)))
762 $(call AddDepends
/ebtables
)
765 define KernelPackage
/ebtables-watchers
/description
766 This option adds the log watchers
, that you can use in any rule
767 in any ebtables table.
770 $(eval
$(call KernelPackage
,ebtables-watchers
))
773 define KernelPackage
/nfnetlink
775 TITLE
:=Netlink-based userspace interface
776 FILES
:=$(foreach mod
,$(NFNETLINK-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
777 KCONFIG
:=$(KCONFIG_NFNETLINK
)
778 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK-m
)))
781 define KernelPackage
/nfnetlink
/description
782 Kernel modules support for a netlink-based userspace interface
785 $(eval
$(call KernelPackage
,nfnetlink
))
788 define AddDepends
/nfnetlink
790 DEPENDS
+=+kmod-nfnetlink
$(1)
794 define KernelPackage
/nfnetlink-log
795 TITLE
:=Netfilter LOG over NFNETLINK interface
796 FILES
:=$(foreach mod
,$(NFNETLINK_LOG-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
797 KCONFIG
:=$(KCONFIG_NFNETLINK_LOG
)
798 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_LOG-m
)))
799 $(call AddDepends
/nfnetlink
)
802 define KernelPackage
/nfnetlink-log
/description
803 Kernel modules support for logging packets via NFNETLINK
808 $(eval
$(call KernelPackage
,nfnetlink-log
))
811 define KernelPackage
/nfnetlink-queue
812 TITLE
:=Netfilter QUEUE over NFNETLINK interface
813 FILES
:=$(foreach mod
,$(NFNETLINK_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
814 KCONFIG
:=$(KCONFIG_NFNETLINK_QUEUE
)
815 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFNETLINK_QUEUE-m
)))
816 $(call AddDepends
/nfnetlink
)
819 define KernelPackage
/nfnetlink-queue
/description
820 Kernel modules support for queueing packets via NFNETLINK
825 $(eval
$(call KernelPackage
,nfnetlink-queue
))
828 define KernelPackage
/nf-conntrack-netlink
829 TITLE
:=Connection tracking netlink interface
830 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.ko
831 KCONFIG
:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS
=y
832 AUTOLOAD
:=$(call AutoProbe
,nf_conntrack_netlink
)
833 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
836 define KernelPackage
/nf-conntrack-netlink
/description
837 Kernel modules support for a netlink-based connection tracking
841 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))
843 define KernelPackage
/ipt-hashlimit
845 TITLE
:=Netfilter hashlimit match
846 DEPENDS
:=+kmod-ipt-core
847 KCONFIG
:=$(KCONFIG_IPT_HASHLIMIT
)
848 FILES
:=$(LINUX_DIR
)/net
/netfilter
/xt_hashlimit.ko
849 AUTOLOAD
:=$(call AutoProbe
,xt_hashlimit
)
850 $(call KernelPackage
/ipt
)
853 define KernelPackage
/ipt-hashlimit
/description
854 Kernel modules support for the hashlimit bucket match module
857 $(eval
$(call KernelPackage
,ipt-hashlimit
))
860 define KernelPackage
/nft-core
862 TITLE
:=Netfilter nf_tables support
863 DEPENDS
:=+kmod-nfnetlink
+kmod-nf-conntrack6
864 FILES
:=$(foreach mod
,$(NFT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
865 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_CORE-m
)))
868 CONFIG_NETFILTER_ADVANCED
=y \
869 CONFIG_NFT_COMPAT
=n \
871 CONFIG_NF_TABLES_ARP
=n \
872 CONFIG_NF_TABLES_BRIDGE
=n \
876 define KernelPackage
/nft-core
/description
877 Kernel module support for nftables
880 $(eval
$(call KernelPackage
,nft-core
))
883 define KernelPackage
/nft-nat
885 TITLE
:=Netfilter nf_tables NAT support
886 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat
887 FILES
:=$(foreach mod
,$(NFT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
888 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT-m
)))
889 KCONFIG
:=$(KCONFIG_NFT_NAT
)
892 $(eval
$(call KernelPackage
,nft-nat
))
895 define KernelPackage
/nft-nat6
897 TITLE
:=Netfilter nf_tables IPv6-NAT support
898 DEPENDS
:=+kmod-nft-core
+kmod-nf-nat6
899 FILES
:=$(foreach mod
,$(NFT_NAT6-m
),$(LINUX_DIR
)/net
/$(mod
).ko
)
900 AUTOLOAD
:=$(call AutoProbe
,$(notdir $(NFT_NAT6-m
)))
901 KCONFIG
:=$(KCONFIG_NFT_NAT6
)
904 $(eval
$(call KernelPackage
,nft-nat6
))