OpenWrt – Rev 3
?pathlinks?
#
# Copyright (C) 2006-2010 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
NF_MENU:=Netfilter Extensions
NF_KMOD:=1
include $(INCLUDE_DIR)/netfilter.mk
define KernelPackage/nf-reject
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter IPv4 reject support
KCONFIG:= \
CONFIG_NETFILTER=y \
CONFIG_NETFILTER_ADVANCED=y \
$(KCONFIG_NF_REJECT)
FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
endef
$(eval $(call KernelPackage,nf-reject))
define KernelPackage/nf-reject6
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter IPv6 reject support
KCONFIG:= \
CONFIG_NETFILTER=y \
CONFIG_NETFILTER_ADVANCED=y \
$(KCONFIG_NF_REJECT6)
DEPENDS:=@IPV6
FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
endef
$(eval $(call KernelPackage,nf-reject6))
define KernelPackage/nf-ipt
SUBMENU:=$(NF_MENU)
TITLE:=Iptables core
KCONFIG:=$(KCONFIG_NF_IPT)
FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
endef
$(eval $(call KernelPackage,nf-ipt))
define KernelPackage/nf-ipt6
SUBMENU:=$(NF_MENU)
TITLE:=Ip6tables core
KCONFIG:=$(KCONFIG_NF_IPT6)
FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
DEPENDS:=+kmod-nf-ipt
endef
$(eval $(call KernelPackage,nf-ipt6))
define KernelPackage/ipt-core
SUBMENU:=$(NF_MENU)
TITLE:=Iptables core
KCONFIG:=$(KCONFIG_IPT_CORE)
FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
endef
define KernelPackage/ipt-core/description
Netfilter core kernel modules
Includes:
- comment
- limit
- LOG
- mac
- multiport
- REJECT
- TCPMSS
endef
$(eval $(call KernelPackage,ipt-core))
define KernelPackage/nf-conntrack
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter connection tracking
KCONFIG:= \
CONFIG_NETFILTER=y \
CONFIG_NETFILTER_ADVANCED=y \
CONFIG_NF_CONNTRACK_MARK=y \
CONFIG_NF_CONNTRACK_ZONES=y \
$(KCONFIG_NF_CONNTRACK)
FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
endef
define KernelPackage/nf-conntrack/install
$(INSTALL_DIR) $(1)/etc/sysctl.d
$(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
endef
$(eval $(call KernelPackage,nf-conntrack))
define KernelPackage/nf-conntrack6
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter IPv6 connection tracking
KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
DEPENDS:=@IPV6 +kmod-nf-conntrack
FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
endef
$(eval $(call KernelPackage,nf-conntrack6))
define KernelPackage/nf-nat
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter NAT
KCONFIG:=$(KCONFIG_NF_NAT)
DEPENDS:=+kmod-nf-conntrack
FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
endef
$(eval $(call KernelPackage,nf-nat))
define KernelPackage/nf-nat6
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter IPV6-NAT
KCONFIG:=$(KCONFIG_NF_NAT6)
DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
endef
$(eval $(call KernelPackage,nf-nat6))
define KernelPackage/nf-flow
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter flowtable support
KCONFIG:= \
CONFIG_NETFILTER_INGRESS=y \
CONFIG_NF_FLOW_TABLE \
CONFIG_NF_FLOW_TABLE_HW
DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9
FILES:= \
$(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
$(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
endef
$(eval $(call KernelPackage,nf-flow))
define AddDepends/ipt
SUBMENU:=$(NF_MENU)
DEPENDS+= +kmod-ipt-core $(1)
endef
define KernelPackage/ipt-conntrack
TITLE:=Basic connection tracking modules
KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
$(call AddDepends/ipt,+kmod-nf-conntrack)
endef
define KernelPackage/ipt-conntrack/description
Netfilter (IPv4) kernel modules for connection tracking
Includes:
- conntrack
- defrag
- iptables_raw
- NOTRACK
- state
endef
$(eval $(call KernelPackage,ipt-conntrack))
define KernelPackage/ipt-conntrack-extra
TITLE:=Extra connection tracking modules
KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
$(call AddDepends/ipt,+kmod-ipt-conntrack)
endef
define KernelPackage/ipt-conntrack-extra/description
Netfilter (IPv4) extra kernel modules for connection tracking
Includes:
- connbytes
- connmark/CONNMARK
- conntrack
- helper
- recent
endef
$(eval $(call KernelPackage,ipt-conntrack-extra))
define KernelPackage/ipt-conntrack-label
TITLE:=Module for handling connection tracking labels
KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
$(call AddDepends/ipt,+kmod-ipt-conntrack)
endef
define KernelPackage/ipt-conntrack-label/description
Netfilter (IPv4) module for handling connection tracking labels
Includes:
- connlabel
endef
$(eval $(call KernelPackage,ipt-conntrack-label))
define KernelPackage/ipt-filter
TITLE:=Modules for packet content inspection
KCONFIG:=$(KCONFIG_IPT_FILTER)
FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
$(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
endef
define KernelPackage/ipt-filter/description
Netfilter (IPv4) kernel modules for packet content inspection
Includes:
- string
endef
$(eval $(call KernelPackage,ipt-filter))
define KernelPackage/ipt-offload
TITLE:=Netfilter routing/NAT offload support
KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
$(call AddDepends/ipt,+kmod-nf-flow)
endef
$(eval $(call KernelPackage,ipt-offload))
define KernelPackage/ipt-ipopt
TITLE:=Modules for matching/changing IP packet options
KCONFIG:=$(KCONFIG_IPT_IPOPT)
FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-ipopt/description
Netfilter (IPv4) modules for matching/changing IP packet options
Includes:
- CLASSIFY
- dscp/DSCP
- ecn/ECN
- hl/HL
- length
- mark/MARK
- statistic
- tcpmss
- time
- ttl/TTL
- unclean
endef
$(eval $(call KernelPackage,ipt-ipopt))
define KernelPackage/ipt-ipsec
TITLE:=Modules for matching IPSec packets
KCONFIG:=$(KCONFIG_IPT_IPSEC)
FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-ipsec/description
Netfilter (IPv4) modules for matching IPSec packets
Includes:
- ah
- esp
- policy
endef
$(eval $(call KernelPackage,ipt-ipsec))
IPSET_MODULES:= \
ipset/ip_set \
ipset/ip_set_bitmap_ip \
ipset/ip_set_bitmap_ipmac \
ipset/ip_set_bitmap_port \
ipset/ip_set_hash_ip \
ipset/ip_set_hash_ipmark \
ipset/ip_set_hash_ipport \
ipset/ip_set_hash_ipportip \
ipset/ip_set_hash_ipportnet \
ipset/ip_set_hash_mac \
ipset/ip_set_hash_netportnet \
ipset/ip_set_hash_net \
ipset/ip_set_hash_netnet \
ipset/ip_set_hash_netport \
ipset/ip_set_hash_netiface \
ipset/ip_set_list_set \
xt_set
define KernelPackage/ipt-ipset
SUBMENU:=Netfilter Extensions
TITLE:=IPset netfilter modules
DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
KCONFIG:= \
CONFIG_IP_SET \
CONFIG_IP_SET_MAX=256 \
CONFIG_NETFILTER_XT_SET \
CONFIG_IP_SET_BITMAP_IP \
CONFIG_IP_SET_BITMAP_IPMAC \
CONFIG_IP_SET_BITMAP_PORT \
CONFIG_IP_SET_HASH_IP \
CONFIG_IP_SET_HASH_IPMARK \
CONFIG_IP_SET_HASH_IPPORT \
CONFIG_IP_SET_HASH_IPPORTIP \
CONFIG_IP_SET_HASH_IPPORTNET \
CONFIG_IP_SET_HASH_MAC \
CONFIG_IP_SET_HASH_NET \
CONFIG_IP_SET_HASH_NETNET \
CONFIG_IP_SET_HASH_NETIFACE \
CONFIG_IP_SET_HASH_NETPORT \
CONFIG_IP_SET_HASH_NETPORTNET \
CONFIG_IP_SET_LIST_SET \
CONFIG_NET_EMATCH_IPSET=n
FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
endef
$(eval $(call KernelPackage,ipt-ipset))
define KernelPackage/ipt-nat
TITLE:=Basic NAT targets
KCONFIG:=$(KCONFIG_IPT_NAT)
FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
$(call AddDepends/ipt,+kmod-nf-nat)
endef
define KernelPackage/ipt-nat/description
Netfilter (IPv4) kernel modules for basic NAT targets
Includes:
- MASQUERADE
endef
$(eval $(call KernelPackage,ipt-nat))
define KernelPackage/ipt-raw
TITLE:=Netfilter IPv4 raw table support
KCONFIG:=CONFIG_IP_NF_RAW
FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
AUTOLOAD:=$(call AutoProbe,iptable_raw)
$(call AddDepends/ipt)
endef
$(eval $(call KernelPackage,ipt-raw))
define KernelPackage/ipt-raw6
TITLE:=Netfilter IPv6 raw table support
KCONFIG:=CONFIG_IP6_NF_RAW
FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
AUTOLOAD:=$(call AutoProbe,ip6table_raw)
$(call AddDepends/ipt,+kmod-ip6tables)
endef
$(eval $(call KernelPackage,ipt-raw6))
define KernelPackage/ipt-nat6
TITLE:=IPv6 NAT targets
KCONFIG:=$(KCONFIG_IPT_NAT6)
FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
$(call AddDepends/ipt,+kmod-nf-nat6)
$(call AddDepends/ipt,+kmod-ipt-conntrack)
$(call AddDepends/ipt,+kmod-ipt-nat)
$(call AddDepends/ipt,+kmod-ip6tables)
endef
define KernelPackage/ipt-nat6/description
Netfilter (IPv6) kernel modules for NAT targets
endef
$(eval $(call KernelPackage,ipt-nat6))
define KernelPackage/ipt-nat-extra
TITLE:=Extra NAT targets
KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
$(call AddDepends/ipt,+kmod-ipt-nat)
endef
define KernelPackage/ipt-nat-extra/description
Netfilter (IPv4) kernel modules for extra NAT targets
Includes:
- NETMAP
- REDIRECT
endef
$(eval $(call KernelPackage,ipt-nat-extra))
define KernelPackage/nf-nathelper
SUBMENU:=$(NF_MENU)
TITLE:=Basic Conntrack and NAT helpers
KCONFIG:=$(KCONFIG_NF_NATHELPER)
FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
DEPENDS:=+kmod-nf-nat
endef
define KernelPackage/nf-nathelper/description
Default Netfilter (IPv4) Conntrack and NAT helpers
Includes:
- ftp
endef
$(eval $(call KernelPackage,nf-nathelper))
define KernelPackage/nf-nathelper-extra
SUBMENU:=$(NF_MENU)
TITLE:=Extra Conntrack and NAT helpers
KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
endef
define KernelPackage/nf-nathelper-extra/description
Extra Netfilter (IPv4) Conntrack and NAT helpers
Includes:
- amanda
- h323
- irc
- mms
- pptp
- proto_gre
- sip
- snmp_basic
- tftp
- broadcast
endef
$(eval $(call KernelPackage,nf-nathelper-extra))
define KernelPackage/ipt-ulog
TITLE:=Module for user-space packet logging
KCONFIG:=$(KCONFIG_IPT_ULOG)
FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-ulog/description
Netfilter (IPv4) module for user-space packet logging
Includes:
- ULOG
endef
$(eval $(call KernelPackage,ipt-ulog))
define KernelPackage/ipt-nflog
TITLE:=Module for user-space packet logging
KCONFIG:=$(KCONFIG_IPT_NFLOG)
FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
$(call AddDepends/ipt,+kmod-nfnetlink-log)
endef
define KernelPackage/ipt-nflog/description
Netfilter module for user-space packet logging
Includes:
- NFLOG
endef
$(eval $(call KernelPackage,ipt-nflog))
define KernelPackage/ipt-nfqueue
TITLE:=Module for user-space packet queuing
KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
$(call AddDepends/ipt,+kmod-nfnetlink-queue)
endef
define KernelPackage/ipt-nfqueue/description
Netfilter module for user-space packet queuing
Includes:
- NFQUEUE
endef
$(eval $(call KernelPackage,ipt-nfqueue))
define KernelPackage/ipt-debug
TITLE:=Module for debugging/development
KCONFIG:=$(KCONFIG_IPT_DEBUG)
FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
$(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
endef
define KernelPackage/ipt-debug/description
Netfilter modules for debugging/development of the firewall
Includes:
- TRACE
endef
$(eval $(call KernelPackage,ipt-debug))
define KernelPackage/ipt-led
TITLE:=Module to trigger a LED with a Netfilter rule
KCONFIG:=$(KCONFIG_IPT_LED)
FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-led/description
Netfilter target to trigger a LED when a network packet is matched.
endef
$(eval $(call KernelPackage,ipt-led))
define KernelPackage/ipt-tproxy
TITLE:=Transparent proxying support
DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
KCONFIG:= \
CONFIG_NETFILTER_XT_MATCH_SOCKET \
CONFIG_NETFILTER_XT_TARGET_TPROXY
FILES:= \
$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-tproxy/description
Kernel modules for Transparent Proxying
endef
$(eval $(call KernelPackage,ipt-tproxy))
define KernelPackage/ipt-tee
TITLE:=TEE support
DEPENDS:=+kmod-ipt-conntrack
KCONFIG:= \
CONFIG_NETFILTER_XT_TARGET_TEE
FILES:= \
$(LINUX_DIR)/net/netfilter/xt_TEE.ko \
$(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-tee/description
Kernel modules for TEE
endef
$(eval $(call KernelPackage,ipt-tee))
define KernelPackage/ipt-u32
TITLE:=U32 support
KCONFIG:= \
CONFIG_NETFILTER_XT_MATCH_U32
FILES:= \
$(LINUX_DIR)/net/netfilter/xt_u32.ko \
$(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-u32/description
Kernel modules for U32
endef
$(eval $(call KernelPackage,ipt-u32))
define KernelPackage/ipt-checksum
TITLE:=CHECKSUM support
KCONFIG:= \
CONFIG_NETFILTER_XT_TARGET_CHECKSUM
FILES:= \
$(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
$(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-checksum/description
Kernel modules for CHECKSUM fillin target
endef
$(eval $(call KernelPackage,ipt-checksum))
define KernelPackage/ipt-iprange
TITLE:=Module for matching ip ranges
KCONFIG:=$(KCONFIG_IPT_IPRANGE)
FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-iprange/description
Netfilter (IPv4) module for matching ip ranges
Includes:
- iprange
endef
$(eval $(call KernelPackage,ipt-iprange))
define KernelPackage/ipt-cluster
TITLE:=Module for matching cluster
KCONFIG:=$(KCONFIG_IPT_CLUSTER)
FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-cluster/description
Netfilter (IPv4/IPv6) module for matching cluster
This option allows you to build work-load-sharing clusters of
network servers/stateful firewalls without having a dedicated
load-balancing router/server/switch. Basically, this match returns
true when the packet must be handled by this cluster node. Thus,
all nodes see all packets and this match decides which node handles
what packets. The work-load sharing algorithm is based on source
address hashing.
This module is usable for ipv4 and ipv6.
To use it also enable iptables-mod-cluster
see `iptables -m cluster --help` for more information.
endef
$(eval $(call KernelPackage,ipt-cluster))
define KernelPackage/ipt-clusterip
TITLE:=Module for CLUSTERIP
KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
$(call AddDepends/ipt,+kmod-nf-conntrack)
endef
define KernelPackage/ipt-clusterip/description
Netfilter (IPv4-only) module for CLUSTERIP
The CLUSTERIP target allows you to build load-balancing clusters of
network servers without having a dedicated load-balancing
router/server/switch.
To use it also enable iptables-mod-clusterip
see `iptables -j CLUSTERIP --help` for more information.
endef
$(eval $(call KernelPackage,ipt-clusterip))
define KernelPackage/ipt-extra
TITLE:=Extra modules
KCONFIG:=$(KCONFIG_IPT_EXTRA)
FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-extra/description
Other Netfilter (IPv4) kernel modules
Includes:
- addrtype
- owner
- pkttype
- quota
endef
$(eval $(call KernelPackage,ipt-extra))
define KernelPackage/ipt-physdev
TITLE:=physdev module
KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
$(call AddDepends/ipt,+kmod-br-netfilter)
endef
define KernelPackage/ipt-physdev/description
The iptables physdev kernel module
endef
$(eval $(call KernelPackage,ipt-physdev))
define KernelPackage/ip6tables
SUBMENU:=$(NF_MENU)
TITLE:=IPv6 modules
DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
KCONFIG:=$(KCONFIG_IPT_IPV6)
FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
endef
define KernelPackage/ip6tables/description
Netfilter IPv6 firewalling support
endef
$(eval $(call KernelPackage,ip6tables))
define KernelPackage/ip6tables-extra
SUBMENU:=$(NF_MENU)
TITLE:=Extra IPv6 modules
DEPENDS:=+kmod-ip6tables
KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
endef
define KernelPackage/ip6tables-extra/description
Netfilter IPv6 extra header matching modules
endef
$(eval $(call KernelPackage,ip6tables-extra))
ARP_MODULES = arp_tables arpt_mangle arptable_filter
define KernelPackage/arptables
SUBMENU:=$(NF_MENU)
TITLE:=ARP firewalling modules
DEPENDS:=+kmod-ipt-core
FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
KCONFIG:=CONFIG_IP_NF_ARPTABLES \
CONFIG_IP_NF_ARPFILTER \
CONFIG_IP_NF_ARP_MANGLE
AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
endef
define KernelPackage/arptables/description
Kernel modules for ARP firewalling
endef
$(eval $(call KernelPackage,arptables))
define KernelPackage/br-netfilter
SUBMENU:=$(NF_MENU)
TITLE:=Bridge netfilter support modules
DEPENDS:=+kmod-ipt-core
FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
KCONFIG:=CONFIG_BRIDGE_NETFILTER
AUTOLOAD:=$(call AutoProbe,br_netfilter)
endef
define KernelPackage/br-netfilter/install
$(INSTALL_DIR) $(1)/etc/sysctl.d
$(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
endef
$(eval $(call KernelPackage,br-netfilter))
define KernelPackage/ebtables
SUBMENU:=$(NF_MENU)
TITLE:=Bridge firewalling modules
DEPENDS:=+kmod-ipt-core
FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
KCONFIG:=$(KCONFIG_EBTABLES)
AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
endef
define KernelPackage/ebtables/description
ebtables is a general, extensible frame/packet identification
framework. It provides you to do Ethernet
filtering/NAT/brouting on the Ethernet bridge.
endef
$(eval $(call KernelPackage,ebtables))
define AddDepends/ebtables
SUBMENU:=$(NF_MENU)
DEPENDS+= +kmod-ebtables $(1)
endef
define KernelPackage/ebtables-ipv4
TITLE:=ebtables: IPv4 support
FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
KCONFIG:=$(KCONFIG_EBTABLES_IP4)
AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
$(call AddDepends/ebtables)
endef
define KernelPackage/ebtables-ipv4/description
This option adds the IPv4 support to ebtables, which allows basic
IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
endef
$(eval $(call KernelPackage,ebtables-ipv4))
define KernelPackage/ebtables-ipv6
TITLE:=ebtables: IPv6 support
FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
KCONFIG:=$(KCONFIG_EBTABLES_IP6)
AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
$(call AddDepends/ebtables)
endef
define KernelPackage/ebtables-ipv6/description
This option adds the IPv6 support to ebtables, which allows basic
IPv6 header field filtering and target support.
endef
$(eval $(call KernelPackage,ebtables-ipv6))
define KernelPackage/ebtables-watchers
TITLE:=ebtables: watchers support
FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
$(call AddDepends/ebtables)
endef
define KernelPackage/ebtables-watchers/description
This option adds the log watchers, that you can use in any rule
in any ebtables table.
endef
$(eval $(call KernelPackage,ebtables-watchers))
define KernelPackage/nfnetlink
SUBMENU:=$(NF_MENU)
TITLE:=Netlink-based userspace interface
FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
KCONFIG:=$(KCONFIG_NFNETLINK)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
endef
define KernelPackage/nfnetlink/description
Kernel modules support for a netlink-based userspace interface
endef
$(eval $(call KernelPackage,nfnetlink))
define AddDepends/nfnetlink
SUBMENU:=$(NF_MENU)
DEPENDS+=+kmod-nfnetlink $(1)
endef
define KernelPackage/nfnetlink-log
TITLE:=Netfilter LOG over NFNETLINK interface
FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
$(call AddDepends/nfnetlink)
endef
define KernelPackage/nfnetlink-log/description
Kernel modules support for logging packets via NFNETLINK
Includes:
- NFLOG
endef
$(eval $(call KernelPackage,nfnetlink-log))
define KernelPackage/nfnetlink-queue
TITLE:=Netfilter QUEUE over NFNETLINK interface
FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
$(call AddDepends/nfnetlink)
endef
define KernelPackage/nfnetlink-queue/description
Kernel modules support for queueing packets via NFNETLINK
Includes:
- NFQUEUE
endef
$(eval $(call KernelPackage,nfnetlink-queue))
define KernelPackage/nf-conntrack-netlink
TITLE:=Connection tracking netlink interface
FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
$(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
endef
define KernelPackage/nf-conntrack-netlink/description
Kernel modules support for a netlink-based connection tracking
userspace interface
endef
$(eval $(call KernelPackage,nf-conntrack-netlink))
define KernelPackage/ipt-hashlimit
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter hashlimit match
DEPENDS:=+kmod-ipt-core
KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
$(call KernelPackage/ipt)
endef
define KernelPackage/ipt-hashlimit/description
Kernel modules support for the hashlimit bucket match module
endef
$(eval $(call KernelPackage,ipt-hashlimit))
define KernelPackage/ipt-rpfilter
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter rpfilter match
DEPENDS:=+kmod-ipt-core
KCONFIG:=$(KCONFIG_IPT_RPFILTER)
FILES:=$(realpath \
$(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
$(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
$(call KernelPackage/ipt)
endef
define KernelPackage/ipt-rpfilter/description
Kernel modules support for the Netfilter rpfilter match
endef
$(eval $(call KernelPackage,ipt-rpfilter))
define KernelPackage/nft-core
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables support
DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
KCONFIG:= \
CONFIG_NFT_COMPAT=n \
CONFIG_NFT_QUEUE=n \
$(KCONFIG_NFT_CORE)
endef
define KernelPackage/nft-core/description
Kernel module support for nftables
endef
$(eval $(call KernelPackage,nft-core))
define KernelPackage/nft-arp
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables ARP table support
DEPENDS:=+kmod-nft-core
FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
KCONFIG:=$(KCONFIG_NFT_ARP)
endef
$(eval $(call KernelPackage,nft-arp))
define KernelPackage/nft-bridge
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables bridge table support
DEPENDS:=+kmod-nft-core
FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
KCONFIG:= \
CONFIG_NF_LOG_BRIDGE=n \
$(KCONFIG_NFT_BRIDGE)
endef
$(eval $(call KernelPackage,nft-bridge))
define KernelPackage/nft-nat
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables NAT support
DEPENDS:=+kmod-nft-core +kmod-nf-nat
FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
KCONFIG:=$(KCONFIG_NFT_NAT)
endef
$(eval $(call KernelPackage,nft-nat))
define KernelPackage/nft-offload
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables routing/NAT offload support
DEPENDS:=+kmod-nf-flow +kmod-nft-nat
KCONFIG:= \
CONFIG_NF_FLOW_TABLE_INET \
CONFIG_NF_FLOW_TABLE_IPV4 \
CONFIG_NF_FLOW_TABLE_IPV6 \
CONFIG_NFT_FLOW_OFFLOAD
FILES:= \
$(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
$(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
$(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
$(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
endef
$(eval $(call KernelPackage,nft-offload))
define KernelPackage/nft-nat6
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables IPv6-NAT support
DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
KCONFIG:=$(KCONFIG_NFT_NAT6)
endef
$(eval $(call KernelPackage,nft-nat6))