From 3c66ac7e22a385eefe84c0e1deef26a12bcf9fc6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Thu, 9 Feb 2023 13:29:37 +0100 Subject: [PATCH] iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages iptable_raw.ko According to kernel's net/netfilter/Kconfig there are only 3 kernel symbols that depend on the IP_NF_RAW: 1. NETFILTER_XT_TARGET_CT (xt_CT.ko) 2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!) 3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko) Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko xt_recent.ko and xt_connbytes.ko (none of them seems to require iptable_raw.ko). It seems there is no explicit reason for iptables-mod-conntrack-extra to require kmod-ipt-raw (iptables_raw.ko). Signed-off-by: Rafał Miłecki --- package/network/utils/iptables/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index dc57bb55d0..e96cfa0b16 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -150,7 +150,7 @@ Extra iptables nftables nft binaries. endef define Package/iptables-mod-conntrack-extra -$(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw) +$(call Package/iptables/Module, +kmod-ipt-conntrack-extra) TITLE:=Extra connection tracking extensions endef -- 2.30.2