package ipset for use

SVN-Revision: 7517

diff --git a/include/netfilter.mk b/include/netfilter.mk
index a602f9d71fceac41be34fc779d6d89080342f834..531f8c7a736bfdc16b338e6da3e96bd440d90776 100644 (file)
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -88,6 +88,18 @@ IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += $(P_V4)ipt_ah $(P_V4)ipt_esp
 IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH) += $(P_V4)ipt_ah
 IPT_IPSEC-$(CONFIG_NETFILTER_XT_MATCH_ESP) += $(P_XT)xt_esp
 
+IPT_IPSET-m :=
+IPT_IPSET-$(CONFIG_IP_NF_SET) += $(P_V4)ip_set
+IPT_IPSET-$(CONFIG_IP_NF_MATCH_SET) += $(P_V4)ipt_set
+IPT_IPSET-$(CONFIG_IP_NF_SET_IPMAP) += $(P_V4)ip_set_ipmap
+IPT_IPSET-$(CONFIG_IP_NF_SET_MACIPMAP) += $(P_V4)ip_set_macipmap
+IPT_IPSET-$(CONFIG_IP_NF_SET_PORTMAP) += $(P_V4)ip_set_portmap
+IPT_IPSET-$(CONFIG_IP_NF_SET_IPHASH) += $(P_V4)ip_set_iphash
+IPT_IPSET-$(CONFIG_IP_NF_SET_NETHASH) += $(P_V4)ip_set_nethash
+IPT_IPSET-$(CONFIG_IP_NF_SET_IPPORTHASH) += $(P_V4)ip_set_ipporthash
+IPT_IPSET-$(CONFIG_IP_NF_SET_IPTREE) += $(P_V4)ip_set_iptree
+IPT_IPSET-$(CONFIG_IP_NF_TARGET_SET) += $(P_V4)ipt_SET
+
 IPT_NAT-m :=
 ifneq ($(NF_KMOD),1)
   IPT_NAT-$(CONFIG_IP_NF_NAT) += $(P_V4)ipt_SNAT $(P_V4)ipt_DNAT
@@ -139,5 +151,6 @@ IPT_BUILTIN += $(IPT_FILTER-y)
 IPT_BUILTIN += $(IPT_IMQ-y)
 IPT_BUILTIN += $(IPT_IPOPT-y)
 IPT_BUILTIN += $(IPT_IPSEC-y)
+IPT_BUILTIN += $(IPT_IPSET-y)
 IPT_BUILTIN += $(IPT_NAT-y)
 IPT_BUILTIN += $(IPT_ULOG-y)

diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index bd85322ff3945ee5e67027c815964bbfbc46228a..bfd28a16aa452375e66526549a84f86fde0c77c6 100644 (file)
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -160,6 +160,14 @@ define Package/iptables-mod-extra
        - libipt_NOTRACK
 endef
 
+define Package/iptables-mod-ipset
+  $(call Package/iptables/Default)
+  DEPENDS:=iptables +kmod-ipt-ipset
+  TITLE:=ipset iptables extension
+  DESCRIPTION:=\
+    ipset
+endef
+
 define Package/iptables-utils
   $(call Package/iptables/Default)
   DEPENDS:=iptables
@@ -263,6 +271,7 @@ $(eval $(call BuildPackage,iptables))
 $(eval $(call BuildPackage,iptables-utils))
 $(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
+$(eval $(call BuildPlugin,iptables-mod-ipset,$(IPT_IPSET-m)))
 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
 $(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))

diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk
index d3b3396e86f7b600315edef89dec405cbaf40b8a..ad6066fc86759db41c3cba6e95aa6806eb86b2ba 100644 (file)
--- a/package/kernel/modules/netfilter.mk
+++ b/package/kernel/modules/netfilter.mk
@@ -174,6 +174,17 @@ define KernelPackage/ipt-iprange
 endef
 $(eval $(call KernelPackage,ipt-iprange))
 
+define KernelPackage/ipt-ipset
+  TITLE:=IPSET Modules
+  DESCRIPTION:=\
+       Netfilter kernel modules for ipset
+  FILES:=$(foreach mod,$(IPT_IPSET-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
+  SUBMENU:=$(NFMENU)
+  AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPSET-m)))
+endef
+$(eval $(call KernelPackage,ipt-ipset))
+
+
 define KernelPackage/ipt-extra
   TITLE:=Extra modules
   DESCRIPTION:=\