projects / openwrt / openwrt.git / blob
? search:


410031b72ce5bc44bd3c3ddd656dba451882c730
[openwrt/openwrt.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 $(eval $(call KernelPackage,nf-conntrack))
105
106
107 define KernelPackage/nf-conntrack6
108 SUBMENU:=$(NF_MENU)
109 TITLE:=Netfilter IPv6 connection tracking
110 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
111 DEPENDS:=@IPV6 +kmod-nf-conntrack
112 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
113 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
114 endef
115
116 $(eval $(call KernelPackage,nf-conntrack6))
117
118
119 define KernelPackage/nf-nat
120 SUBMENU:=$(NF_MENU)
121 TITLE:=Netfilter NAT
122 KCONFIG:=$(KCONFIG_NF_NAT)
123 DEPENDS:=+kmod-nf-conntrack
124 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
126 endef
127
128 $(eval $(call KernelPackage,nf-nat))
129
130
131 define KernelPackage/nf-nat6
132 SUBMENU:=$(NF_MENU)
133 TITLE:=Netfilter IPV6-NAT
134 KCONFIG:=$(KCONFIG_NF_NAT6)
135 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
136 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
137 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
138 endef
139
140 $(eval $(call KernelPackage,nf-nat6))
141
142
143 define AddDepends/ipt
144 SUBMENU:=$(NF_MENU)
145 DEPENDS+= +kmod-ipt-core $(1)
146 endef
147
148
149 define KernelPackage/ipt-conntrack
150 TITLE:=Basic connection tracking modules
151 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
152 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
153 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
154 $(call AddDepends/ipt,+kmod-nf-conntrack)
155 endef
156
157 define KernelPackage/ipt-conntrack/description
158 Netfilter (IPv4) kernel modules for connection tracking
159 Includes:
160 - conntrack
161 - defrag
162 - iptables_raw
163 - NOTRACK
164 - state
165 endef
166
167 $(eval $(call KernelPackage,ipt-conntrack))
168
169
170 define KernelPackage/ipt-conntrack-extra
171 TITLE:=Extra connection tracking modules
172 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
173 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
174 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
175 $(call AddDepends/ipt,+kmod-ipt-conntrack)
176 endef
177
178 define KernelPackage/ipt-conntrack-extra/description
179 Netfilter (IPv4) extra kernel modules for connection tracking
180 Includes:
181 - connbytes
182 - connmark/CONNMARK
183 - conntrack
184 - helper
185 - recent
186 endef
187
188 $(eval $(call KernelPackage,ipt-conntrack-extra))
189
190
191 define KernelPackage/ipt-filter
192 TITLE:=Modules for packet content inspection
193 KCONFIG:=$(KCONFIG_IPT_FILTER)
194 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
195 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
196 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
197 endef
198
199 define KernelPackage/ipt-filter/description
200 Netfilter (IPv4) kernel modules for packet content inspection
201 Includes:
202 - string
203 endef
204
205 $(eval $(call KernelPackage,ipt-filter))
206
207
208 define KernelPackage/ipt-ipopt
209 TITLE:=Modules for matching/changing IP packet options
210 KCONFIG:=$(KCONFIG_IPT_IPOPT)
211 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
212 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
213 $(call AddDepends/ipt)
214 endef
215
216 define KernelPackage/ipt-ipopt/description
217 Netfilter (IPv4) modules for matching/changing IP packet options
218 Includes:
219 - CLASSIFY
220 - dscp/DSCP
221 - ecn/ECN
222 - hl/HL
223 - length
224 - mark/MARK
225 - statistic
226 - tcpmss
227 - time
228 - ttl/TTL
229 - unclean
230 endef
231
232 $(eval $(call KernelPackage,ipt-ipopt))
233
234
235 define KernelPackage/ipt-ipsec
236 TITLE:=Modules for matching IPSec packets
237 KCONFIG:=$(KCONFIG_IPT_IPSEC)
238 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
239 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
240 $(call AddDepends/ipt)
241 endef
242
243 define KernelPackage/ipt-ipsec/description
244 Netfilter (IPv4) modules for matching IPSec packets
245 Includes:
246 - ah
247 - esp
248 - policy
249 endef
250
251 $(eval $(call KernelPackage,ipt-ipsec))
252
253 IPSET_MODULES:= \
254 ipset/ip_set \
255 ipset/ip_set_bitmap_ip \
256 ipset/ip_set_bitmap_ipmac \
257 ipset/ip_set_bitmap_port \
258 ipset/ip_set_hash_ip \
259 ipset/ip_set_hash_ipmark \
260 ipset/ip_set_hash_ipport \
261 ipset/ip_set_hash_ipportip \
262 ipset/ip_set_hash_ipportnet \
263 ipset/ip_set_hash_mac \
264 ipset/ip_set_hash_netportnet \
265 ipset/ip_set_hash_net \
266 ipset/ip_set_hash_netnet \
267 ipset/ip_set_hash_netport \
268 ipset/ip_set_hash_netiface \
269 ipset/ip_set_list_set \
270 xt_set
271
272 define KernelPackage/ipt-ipset
273 SUBMENU:=Netfilter Extensions
274 TITLE:=IPset netfilter modules
275 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
276 KCONFIG:= \
277 CONFIG_IP_SET \
278 CONFIG_IP_SET_MAX=256 \
279 CONFIG_NETFILTER_XT_SET \
280 CONFIG_IP_SET_BITMAP_IP \
281 CONFIG_IP_SET_BITMAP_IPMAC \
282 CONFIG_IP_SET_BITMAP_PORT \
283 CONFIG_IP_SET_HASH_IP \
284 CONFIG_IP_SET_HASH_IPMARK \
285 CONFIG_IP_SET_HASH_IPPORT \
286 CONFIG_IP_SET_HASH_IPPORTIP \
287 CONFIG_IP_SET_HASH_IPPORTNET \
288 CONFIG_IP_SET_HASH_MAC \
289 CONFIG_IP_SET_HASH_NET \
290 CONFIG_IP_SET_HASH_NETNET \
291 CONFIG_IP_SET_HASH_NETIFACE \
292 CONFIG_IP_SET_HASH_NETPORT \
293 CONFIG_IP_SET_HASH_NETPORTNET \
294 CONFIG_IP_SET_LIST_SET \
295 CONFIG_NET_EMATCH_IPSET=n
296 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
297 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
298 endef
299 $(eval $(call KernelPackage,ipt-ipset))
300
301
302 define KernelPackage/ipt-nat
303 TITLE:=Basic NAT targets
304 KCONFIG:=$(KCONFIG_IPT_NAT)
305 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
306 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
307 $(call AddDepends/ipt,+kmod-nf-nat)
308 endef
309
310 define KernelPackage/ipt-nat/description
311 Netfilter (IPv4) kernel modules for basic NAT targets
312 Includes:
313 - MASQUERADE
314 endef
315
316 $(eval $(call KernelPackage,ipt-nat))
317
318
319 define KernelPackage/ipt-raw
320 TITLE:=Netfilter IPv4 raw table support
321 KCONFIG:=CONFIG_IP_NF_RAW
322 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
323 AUTOLOAD:=$(call AutoProbe,iptable_raw)
324 $(call AddDepends/ipt)
325 endef
326
327 $(eval $(call KernelPackage,ipt-raw))
328
329
330 define KernelPackage/ipt-raw6
331 TITLE:=Netfilter IPv6 raw table support
332 KCONFIG:=CONFIG_IP6_NF_RAW
333 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
334 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
335 $(call AddDepends/ipt,+kmod-ip6tables)
336 endef
337
338 $(eval $(call KernelPackage,ipt-raw6))
339
340
341 define KernelPackage/ipt-nat6
342 TITLE:=IPv6 NAT targets
343 KCONFIG:=$(KCONFIG_IPT_NAT6)
344 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
345 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
346 $(call AddDepends/ipt,+kmod-nf-nat6)
347 $(call AddDepends/ipt,+kmod-ipt-conntrack)
348 $(call AddDepends/ipt,+kmod-ipt-nat)
349 $(call AddDepends/ipt,+kmod-ip6tables)
350 endef
351
352 define KernelPackage/ipt-nat6/description
353 Netfilter (IPv6) kernel modules for NAT targets
354 endef
355
356 $(eval $(call KernelPackage,ipt-nat6))
357
358
359 define KernelPackage/ipt-nat-extra
360 TITLE:=Extra NAT targets
361 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
362 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
363 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
364 $(call AddDepends/ipt,+kmod-ipt-nat)
365 endef
366
367 define KernelPackage/ipt-nat-extra/description
368 Netfilter (IPv4) kernel modules for extra NAT targets
369 Includes:
370 - NETMAP
371 - REDIRECT
372 endef
373
374 $(eval $(call KernelPackage,ipt-nat-extra))
375
376
377 define KernelPackage/nf-nathelper
378 SUBMENU:=$(NF_MENU)
379 TITLE:=Basic Conntrack and NAT helpers
380 KCONFIG:=$(KCONFIG_NF_NATHELPER)
381 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
382 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
383 DEPENDS:=+kmod-nf-nat
384 endef
385
386 define KernelPackage/nf-nathelper/description
387 Default Netfilter (IPv4) Conntrack and NAT helpers
388 Includes:
389 - ftp
390 endef
391
392 $(eval $(call KernelPackage,nf-nathelper))
393
394
395 define KernelPackage/nf-nathelper-extra
396 SUBMENU:=$(NF_MENU)
397 TITLE:=Extra Conntrack and NAT helpers
398 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
399 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
400 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
401 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
402 endef
403
404 define KernelPackage/nf-nathelper-extra/description
405 Extra Netfilter (IPv4) Conntrack and NAT helpers
406 Includes:
407 - amanda
408 - h323
409 - irc
410 - mms
411 - pptp
412 - proto_gre
413 - sip
414 - snmp_basic
415 - tftp
416 - broadcast
417 endef
418
419 $(eval $(call KernelPackage,nf-nathelper-extra))
420
421
422 define KernelPackage/ipt-ulog
423 TITLE:=Module for user-space packet logging
424 KCONFIG:=$(KCONFIG_IPT_ULOG)
425 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
426 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
427 $(call AddDepends/ipt)
428 endef
429
430 define KernelPackage/ipt-ulog/description
431 Netfilter (IPv4) module for user-space packet logging
432 Includes:
433 - ULOG
434 endef
435
436 $(eval $(call KernelPackage,ipt-ulog))
437
438
439 define KernelPackage/ipt-nflog
440 TITLE:=Module for user-space packet logging
441 KCONFIG:=$(KCONFIG_IPT_NFLOG)
442 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
443 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
444 $(call AddDepends/ipt,+kmod-nfnetlink-log)
445 endef
446
447 define KernelPackage/ipt-nflog/description
448 Netfilter module for user-space packet logging
449 Includes:
450 - NFLOG
451 endef
452
453 $(eval $(call KernelPackage,ipt-nflog))
454
455
456 define KernelPackage/ipt-nfqueue
457 TITLE:=Module for user-space packet queuing
458 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
459 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
460 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
461 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
462 endef
463
464 define KernelPackage/ipt-nfqueue/description
465 Netfilter module for user-space packet queuing
466 Includes:
467 - NFQUEUE
468 endef
469
470 $(eval $(call KernelPackage,ipt-nfqueue))
471
472
473 define KernelPackage/ipt-debug
474 TITLE:=Module for debugging/development
475 KCONFIG:=$(KCONFIG_IPT_DEBUG)
476 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
477 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
478 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
479 endef
480
481 define KernelPackage/ipt-debug/description
482 Netfilter modules for debugging/development of the firewall
483 Includes:
484 - TRACE
485 endef
486
487 $(eval $(call KernelPackage,ipt-debug))
488
489
490 define KernelPackage/ipt-led
491 TITLE:=Module to trigger a LED with a Netfilter rule
492 KCONFIG:=$(KCONFIG_IPT_LED)
493 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
494 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
495 $(call AddDepends/ipt)
496 endef
497
498 define KernelPackage/ipt-led/description
499 Netfilter target to trigger a LED when a network packet is matched.
500 endef
501
502 $(eval $(call KernelPackage,ipt-led))
503
504 define KernelPackage/ipt-tproxy
505 TITLE:=Transparent proxying support
506 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables
507 KCONFIG:= \
508 CONFIG_NETFILTER_XT_MATCH_SOCKET \
509 CONFIG_NETFILTER_XT_TARGET_TPROXY
510 FILES:= \
511 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
512 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
513 $(call AddDepends/ipt)
514 endef
515
516 define KernelPackage/ipt-tproxy/description
517 Kernel modules for Transparent Proxying
518 endef
519
520 $(eval $(call KernelPackage,ipt-tproxy))
521
522 define KernelPackage/ipt-tee
523 TITLE:=TEE support
524 DEPENDS:=+kmod-ipt-conntrack
525 KCONFIG:= \
526 CONFIG_NETFILTER_XT_TARGET_TEE
527 FILES:= \
528 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
529 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
530 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
531 $(call AddDepends/ipt)
532 endef
533
534 define KernelPackage/ipt-tee/description
535 Kernel modules for TEE
536 endef
537
538 $(eval $(call KernelPackage,ipt-tee))
539
540
541 define KernelPackage/ipt-u32
542 TITLE:=U32 support
543 KCONFIG:= \
544 CONFIG_NETFILTER_XT_MATCH_U32
545 FILES:= \
546 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
547 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
548 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
549 $(call AddDepends/ipt)
550 endef
551
552 define KernelPackage/ipt-u32/description
553 Kernel modules for U32
554 endef
555
556 $(eval $(call KernelPackage,ipt-u32))
557
558 define KernelPackage/ipt-checksum
559 TITLE:=CHECKSUM support
560 KCONFIG:= \
561 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
562 FILES:= \
563 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
564 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
565 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
566 $(call AddDepends/ipt)
567 endef
568
569 define KernelPackage/ipt-checksum/description
570 Kernel modules for CHECKSUM fillin target
571 endef
572
573 $(eval $(call KernelPackage,ipt-checksum))
574
575
576 define KernelPackage/ipt-iprange
577 TITLE:=Module for matching ip ranges
578 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
579 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
580 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
581 $(call AddDepends/ipt)
582 endef
583
584 define KernelPackage/ipt-iprange/description
585 Netfilter (IPv4) module for matching ip ranges
586 Includes:
587 - iprange
588 endef
589
590 $(eval $(call KernelPackage,ipt-iprange))
591
592 define KernelPackage/ipt-cluster
593 TITLE:=Module for matching cluster
594 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
595 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
596 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
597 $(call AddDepends/ipt)
598 endef
599
600 define KernelPackage/ipt-cluster/description
601 Netfilter (IPv4/IPv6) module for matching cluster
602 This option allows you to build work-load-sharing clusters of
603 network servers/stateful firewalls without having a dedicated
604 load-balancing router/server/switch. Basically, this match returns
605 true when the packet must be handled by this cluster node. Thus,
606 all nodes see all packets and this match decides which node handles
607 what packets. The work-load sharing algorithm is based on source
608 address hashing.
609
610 This module is usable for ipv4 and ipv6.
611
612 To use it also enable iptables-mod-cluster
613
614 see `iptables -m cluster --help` for more information.
615 endef
616
617 $(eval $(call KernelPackage,ipt-cluster))
618
619 define KernelPackage/ipt-clusterip
620 TITLE:=Module for CLUSTERIP
621 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
622 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
623 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
624 $(call AddDepends/ipt,+kmod-nf-conntrack)
625 endef
626
627 define KernelPackage/ipt-clusterip/description
628 Netfilter (IPv4-only) module for CLUSTERIP
629 The CLUSTERIP target allows you to build load-balancing clusters of
630 network servers without having a dedicated load-balancing
631 router/server/switch.
632
633 To use it also enable iptables-mod-clusterip
634
635 see `iptables -j CLUSTERIP --help` for more information.
636 endef
637
638 $(eval $(call KernelPackage,ipt-clusterip))
639
640
641 define KernelPackage/ipt-extra
642 TITLE:=Extra modules
643 KCONFIG:=$(KCONFIG_IPT_EXTRA)
644 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
645 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
646 $(call AddDepends/ipt,+kmod-br-netfilter)
647 endef
648
649 define KernelPackage/ipt-extra/description
650 Other Netfilter (IPv4) kernel modules
651 Includes:
652 - addrtype
653 - owner
654 - physdev (if bridge support was enabled in kernel)
655 - pkttype
656 - quota
657 endef
658
659 $(eval $(call KernelPackage,ipt-extra))
660
661
662 define KernelPackage/ip6tables
663 SUBMENU:=$(NF_MENU)
664 TITLE:=IPv6 modules
665 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
666 KCONFIG:=$(KCONFIG_IPT_IPV6)
667 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
668 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
669 endef
670
671 define KernelPackage/ip6tables/description
672 Netfilter IPv6 firewalling support
673 endef
674
675 $(eval $(call KernelPackage,ip6tables))
676
677 define KernelPackage/ip6tables-extra
678 SUBMENU:=$(NF_MENU)
679 TITLE:=Extra IPv6 modules
680 DEPENDS:=+kmod-ip6tables
681 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
682 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
683 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
684 endef
685
686 define KernelPackage/ip6tables-extra/description
687 Netfilter IPv6 extra header matching modules
688 endef
689
690 $(eval $(call KernelPackage,ip6tables-extra))
691
692 ARP_MODULES = arp_tables arpt_mangle arptable_filter
693 define KernelPackage/arptables
694 SUBMENU:=$(NF_MENU)
695 TITLE:=ARP firewalling modules
696 DEPENDS:=+kmod-ipt-core
697 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
698 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
699 CONFIG_IP_NF_ARPFILTER \
700 CONFIG_IP_NF_ARP_MANGLE
701 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
702 endef
703
704 define KernelPackage/arptables/description
705 Kernel modules for ARP firewalling
706 endef
707
708 $(eval $(call KernelPackage,arptables))
709
710
711 define KernelPackage/br-netfilter
712 SUBMENU:=$(NF_MENU)
713 TITLE:=Bridge netfilter support modules
714 HIDDEN:=1
715 DEPENDS:=+kmod-ipt-core
716 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
717 KCONFIG:=CONFIG_BRIDGE_NETFILTER
718 AUTOLOAD:=$(call AutoProbe,br_netfilter)
719 endef
720
721 $(eval $(call KernelPackage,br-netfilter))
722
723
724 define KernelPackage/ebtables
725 SUBMENU:=$(NF_MENU)
726 TITLE:=Bridge firewalling modules
727 DEPENDS:=+kmod-ipt-core +kmod-br-netfilter
728 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
729 KCONFIG:=$(KCONFIG_EBTABLES)
730 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
731 endef
732
733 define KernelPackage/ebtables/description
734 ebtables is a general, extensible frame/packet identification
735 framework. It provides you to do Ethernet
736 filtering/NAT/brouting on the Ethernet bridge.
737 endef
738
739 $(eval $(call KernelPackage,ebtables))
740
741
742 define AddDepends/ebtables
743 SUBMENU:=$(NF_MENU)
744 DEPENDS+=kmod-ebtables $(1)
745 endef
746
747
748 define KernelPackage/ebtables-ipv4
749 TITLE:=ebtables: IPv4 support
750 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
751 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
752 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
753 $(call AddDepends/ebtables)
754 endef
755
756 define KernelPackage/ebtables-ipv4/description
757 This option adds the IPv4 support to ebtables, which allows basic
758 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
759 endef
760
761 $(eval $(call KernelPackage,ebtables-ipv4))
762
763
764 define KernelPackage/ebtables-ipv6
765 TITLE:=ebtables: IPv6 support
766 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
767 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
768 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
769 $(call AddDepends/ebtables)
770 endef
771
772 define KernelPackage/ebtables-ipv6/description
773 This option adds the IPv6 support to ebtables, which allows basic
774 IPv6 header field filtering and target support.
775 endef
776
777 $(eval $(call KernelPackage,ebtables-ipv6))
778
779
780 define KernelPackage/ebtables-watchers
781 TITLE:=ebtables: watchers support
782 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
783 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
784 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
785 $(call AddDepends/ebtables)
786 endef
787
788 define KernelPackage/ebtables-watchers/description
789 This option adds the log watchers, that you can use in any rule
790 in any ebtables table.
791 endef
792
793 $(eval $(call KernelPackage,ebtables-watchers))
794
795
796 define KernelPackage/nfnetlink
797 SUBMENU:=$(NF_MENU)
798 TITLE:=Netlink-based userspace interface
799 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
800 KCONFIG:=$(KCONFIG_NFNETLINK)
801 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
802 endef
803
804 define KernelPackage/nfnetlink/description
805 Kernel modules support for a netlink-based userspace interface
806 endef
807
808 $(eval $(call KernelPackage,nfnetlink))
809
810
811 define AddDepends/nfnetlink
812 SUBMENU:=$(NF_MENU)
813 DEPENDS+=+kmod-nfnetlink $(1)
814 endef
815
816
817 define KernelPackage/nfnetlink-log
818 TITLE:=Netfilter LOG over NFNETLINK interface
819 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
820 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
821 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
822 $(call AddDepends/nfnetlink)
823 endef
824
825 define KernelPackage/nfnetlink-log/description
826 Kernel modules support for logging packets via NFNETLINK
827 Includes:
828 - NFLOG
829 endef
830
831 $(eval $(call KernelPackage,nfnetlink-log))
832
833
834 define KernelPackage/nfnetlink-queue
835 TITLE:=Netfilter QUEUE over NFNETLINK interface
836 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
837 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
838 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
839 $(call AddDepends/nfnetlink)
840 endef
841
842 define KernelPackage/nfnetlink-queue/description
843 Kernel modules support for queueing packets via NFNETLINK
844 Includes:
845 - NFQUEUE
846 endef
847
848 $(eval $(call KernelPackage,nfnetlink-queue))
849
850
851 define KernelPackage/nf-conntrack-netlink
852 TITLE:=Connection tracking netlink interface
853 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
854 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
855 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
856 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
857 endef
858
859 define KernelPackage/nf-conntrack-netlink/description
860 Kernel modules support for a netlink-based connection tracking
861 userspace interface
862 endef
863
864 $(eval $(call KernelPackage,nf-conntrack-netlink))
865
866 define KernelPackage/ipt-hashlimit
867 SUBMENU:=$(NF_MENU)
868 TITLE:=Netfilter hashlimit match
869 DEPENDS:=+kmod-ipt-core
870 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
871 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
872 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
873 $(call KernelPackage/ipt)
874 endef
875
876 define KernelPackage/ipt-hashlimit/description
877 Kernel modules support for the hashlimit bucket match module
878 endef
879
880 $(eval $(call KernelPackage,ipt-hashlimit))
881
882 define KernelPackage/ipt-rpfilter
883 SUBMENU:=$(NF_MENU)
884 TITLE:=Netfilter rpfilter match
885 DEPENDS:=+kmod-ipt-core
886 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
887 FILES:=$(realpath \
888 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
889 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
890 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
891 $(call KernelPackage/ipt)
892 endef
893
894 define KernelPackage/ipt-rpfilter/description
895 Kernel modules support for the Netfilter rpfilter match
896 endef
897
898 $(eval $(call KernelPackage,ipt-rpfilter))
899
900
901 define KernelPackage/nft-core
902 SUBMENU:=$(NF_MENU)
903 TITLE:=Netfilter nf_tables support
904 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
905 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
906 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
907 KCONFIG:= \
908 CONFIG_NFT_COMPAT=n \
909 CONFIG_NFT_QUEUE=n \
910 CONFIG_NF_TABLES_ARP=n \
911 CONFIG_NF_TABLES_BRIDGE=n \
912 $(KCONFIG_NFT_CORE)
913 endef
914
915 define KernelPackage/nft-core/description
916 Kernel module support for nftables
917 endef
918
919 $(eval $(call KernelPackage,nft-core))
920
921
922 define KernelPackage/nft-nat
923 SUBMENU:=$(NF_MENU)
924 TITLE:=Netfilter nf_tables NAT support
925 DEPENDS:=+kmod-nft-core +kmod-nf-nat
926 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
927 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
928 KCONFIG:=$(KCONFIG_NFT_NAT)
929 endef
930
931 $(eval $(call KernelPackage,nft-nat))
932
933
934 define KernelPackage/nft-nat6
935 SUBMENU:=$(NF_MENU)
936 TITLE:=Netfilter nf_tables IPv6-NAT support
937 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
938 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
939 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
940 KCONFIG:=$(KCONFIG_NFT_NAT6)
941 endef
942
943 $(eval $(call KernelPackage,nft-nat6))
OpenWrt Source Repository