add TARPIT support to netfilter/iptables
[openwrt/svn-archive/archive.git] / package / kernel / modules / netfilter.mk
1 #
2 # Copyright (C) 2006 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7 # $Id$
8
9 NF_MENU:=Netfilter Extensions
10 include $(INCLUDE_DIR)/netfilter.mk
11
12 define KernelPackage/ipt-conntrack
13 SUBMENU:=$(NF_MENU)
14 TITLE:=Modules for connection tracking
15 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
16 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
17 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CONNTRACK-m)))
18 endef
19
20 define KernelPackage/ipt-conntrack/description
21 Netfilter (IPv4) kernel modules for connection tracking
22 Includes:
23 - ipt_conntrack
24 - ipt_helper
25 - ipt_connmark/CONNMARK
26 endef
27
28 $(eval $(call KernelPackage,ipt-conntrack))
29
30
31 define KernelPackage/ipt-filter
32 SUBMENU:=$(NF_MENU)
33 TITLE:=Modules for packet content inspection
34 KCONFIG:=$(KCONFIG_IPT_FILTER)
35 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
36 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_FILTER-m)))
37 endef
38
39 define KernelPackage/ipt-filter/description
40 Netfilter (IPv4) kernel modules for packet content inspection
41 Includes:
42 - ipt_ipp2p
43 - ipt_layer7
44 endef
45
46 $(eval $(call KernelPackage,ipt-filter))
47
48
49 define KernelPackage/ipt-ipopt
50 SUBMENU:=$(NF_MENU)
51 TITLE:=Modules for matching/changing IP packet options
52 KCONFIG:=$(KCONFIG_IPT_IPOPT)
53 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
54 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPOPT-m)))
55 endef
56
57 define KernelPackage/ipt-ipopt/description
58 Netfilter (IPv4) modules for matching/changing IP packet options
59 Includes:
60 - ipt_CLASSIFY
61 - ipt_dscp/DSCP
62 - ipt_ecn/ECN
63 - ipt_length
64 - ipt_mac
65 - ipt_tos/TOS
66 - ipt_tcpmms
67 - ipt_ttl/TTL
68 - ipt_unclean
69 endef
70
71 $(eval $(call KernelPackage,ipt-ipopt))
72
73
74 define KernelPackage/ipt-ipsec
75 SUBMENU:=$(NF_MENU)
76 TITLE:=Modules for matching IPSec packets
77 KCONFIG:=$(KCONFIG_IPT_IPSEC)
78 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
79 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPSEC-m)))
80 endef
81
82 define KernelPackage/ipt-ipsec/description
83 Netfilter (IPv4) modules for matching IPSec packets
84 Includes:
85 - ipt_ah
86 - ipt_esp
87 endef
88
89 $(eval $(call KernelPackage,ipt-ipsec))
90
91
92 define KernelPackage/ipt-nat
93 SUBMENU:=$(NF_MENU)
94 TITLE:=Modules for extra NAT targets
95 KCONFIG:=$(KCONFIG_IPT_NAT)
96 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
97 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_NAT-m)))
98 endef
99
100 define KernelPackage/ipt-nat/description
101 Netfilter (IPv4) modules for extra NAT targets
102 Includes:
103 - ipt_REDIRECT
104 - ipt_NETMAP
105 endef
106
107 $(eval $(call KernelPackage,ipt-nat))
108
109
110 define KernelPackage/ipt-nathelper
111 SUBMENU:=$(NF_MENU)
112 TITLE:=Default Conntrack and NAT helpers
113 KCONFIG:=$(KCONFIG_IPT_NAT_DEFAULT)
114 FILES:=$(foreach mod,$(IPT_NAT_DEFAULT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
115 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_NAT_DEFAULT-m)))
116 endef
117
118 define KernelPackage/ipt-nathelper/description
119 Default Netfilter (IPv4) Conntrack and NAT helpers
120 Includes:
121 - ip_conntrack_ftp
122 - ip_nat_ftp
123 - ip_conntrack_irc
124 - ip_nat_irc
125 - ip_conntrack_tftp
126 endef
127
128 $(eval $(call KernelPackage,ipt-nathelper))
129
130
131 define KernelPackage/ipt-nathelper-extra
132 SUBMENU:=$(NF_MENU)
133 TITLE:=Extra Conntrack and NAT helpers
134 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
135 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
136 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_NAT_EXTRA-m)))
137 endef
138
139 define KernelPackage/ipt-nathelper-extra/description
140 Extra Netfilter (IPv4) Conntrack and NAT helpers
141 Includes:
142 - ip_conntrack_amanda
143 - ip_conntrack_proto_gre
144 - ip_nat_proto_gre
145 - ip_conntrack_pptp
146 - ip_nat_pptp
147 - ip_conntrack_sip
148 - ip_nat_sip
149 - ip_nat_snmp_basic
150 endef
151
152 $(eval $(call KernelPackage,ipt-nathelper-extra))
153
154
155 define KernelPackage/ipt-imq
156 SUBMENU:=$(NF_MENU)
157 TITLE:=Intermediate Queueing support
158 KCONFIG:=CONFIG_IP_NF_TARGET_IMQ
159 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/*IMQ*.$(LINUX_KMOD_SUFFIX) $(LINUX_DIR)/drivers/net/imq.$(LINUX_KMOD_SUFFIX)
160 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/*IMQ*.$(LINUX_KMOD_SUFFIX) $(LINUX_DIR)/drivers/net/imq.$(LINUX_KMOD_SUFFIX)))))
161 endef
162
163 define KernelPackage/ipt-imq/description
164 Kernel support for Intermediate Queueing devices
165 endef
166
167 $(eval $(call KernelPackage,ipt-imq))
168
169
170 define KernelPackage/ipt-queue
171 SUBMENU:=$(NF_MENU)
172 TITLE:=Module for user-space packet queueing
173 KCONFIG:=$(KCONFIG_IPT_QUEUE)
174 FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
175 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_QUEUE-m)))
176 endef
177
178 define KernelPackage/ipt-queue/description
179 Netfilter (IPv4) module for user-space packet queueing
180 Includes:
181 - ipt_QUEUE
182 endef
183
184 $(eval $(call KernelPackage,ipt-queue))
185
186
187 define KernelPackage/ipt-ulog
188 SUBMENU:=$(NF_MENU)
189 TITLE:=Module for user-space packet logging
190 KCONFIG:=$(KCONFIG_IPT_ULOG)
191 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
192 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_ULOG-m)))
193 endef
194
195 define KernelPackage/ipt-ulog/description
196 Netfilter (IPv4) module for user-space packet logging
197 Includes:
198 - ipt_ULOG
199 endef
200
201 $(eval $(call KernelPackage,ipt-ulog))
202
203
204 define KernelPackage/ipt-iprange
205 SUBMENU:=$(NF_MENU)
206 TITLE:=Module for matching ip ranges
207 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/ipt_iprange.$(LINUX_KMOD_SUFFIX)
208 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPRANGE-m)))
209 endef
210
211 define KernelPackage/ipt-iprange/description
212 Netfilter (IPv4) module for matching ip ranges
213 Includes:
214 - ipt_IPRANGE
215 endef
216
217 $(eval $(call KernelPackage,ipt-iprange))
218
219
220 define KernelPackage/ipt-ipset
221 SUBMENU:=$(NF_MENU)
222 TITLE:=IPSET Modules
223 KCONFIG:=$(KCONFIG_IPT_IPSET)
224 FILES:=$(foreach mod,$(IPT_IPSET-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
225 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPSET-m)))
226 endef
227
228 define KernelPackage/ipt-ipset/description
229 Netfilter kernel modules for ipset
230 endef
231
232 $(eval $(call KernelPackage,ipt-ipset))
233
234
235 define KernelPackage/ipt-extra
236 SUBMENU:=$(NF_MENU)
237 TITLE:=Extra modules
238 KCONFIG:=$(KCONFIG_IPT_EXTRA)
239 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
240 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_EXTRA-m)))
241 endef
242
243 define KernelPackage/ipt-extra/description
244 Other Netfilter (IPv4) kernel modules
245 Includes:
246 - ipt_limit
247 - ipt_owner
248 - ipt_physdev
249 - ipt_pkttype
250 - ipt_recent
251 - iptable_raw
252 - xt_NOTRACK
253 - xt_TARPIT
254 - xt_DELUDE
255 - xt_CHAOS
256 endef
257
258 $(eval $(call KernelPackage,ipt-extra))
259
260
261 define KernelPackage/ip6tables
262 SUBMENU:=$(NF_MENU)
263 TITLE:=IPv6 modules
264 KCONFIG:=CONFIG_IP6_NF_IPTABLES
265 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
266 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPV6-m)))
267 endef
268
269 define KernelPackage/ip6tables/description
270 Netfilter IPv6 firewalling support
271 endef
272
273 $(eval $(call KernelPackage,ip6tables))
274
275
276 define KernelPackage/arptables
277 SUBMENU:=$(NF_MENU)
278 TITLE:=ARP firewalling modules
279 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)
280 KCONFIG:=CONFIG_IP_NF_ARPTABLES
281 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)))))
282 endef
283
284 define KernelPackage/arptables/description
285 Kernel modules for ARP firewalling
286 endef
287
288 $(eval $(call KernelPackage,arptables))
289
290
291 define KernelPackage/ebtables
292 SUBMENU:=$(NF_MENU)
293 TITLE:=Bridge firewalling modules
294 DEPENDS:=@LINUX_2_6
295 FILES:=$(LINUX_DIR)/net/bridge/netfilter/*.$(LINUX_KMOD_SUFFIX)
296 KCONFIG:=CONFIG_BRIDGE_NF_EBTABLES
297 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(patsubst %.ko,%,ebtables.ko $(wildcard $(LINUX_DIR)/net/bridge/netfilter/ebtable_*.$(LINUX_KMOD_SUFFIX)) $(wildcard $(LINUX_DIR)/net/bridge/netfilter/ebt_*.$(LINUX_KMOD_SUFFIX)))))
298 endef
299
300 define KernelPackage/ebtables/description
301 Kernel modules for Ethernet Bridge firewalling
302 endef
303
304 $(eval $(call KernelPackage,ebtables))