3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU:=Netfilter Extensions
11 include $(INCLUDE_DIR)/netfilter.mk
14 define KernelPackage/nf-reject
16 TITLE:=Netfilter IPv4 reject support
19 CONFIG_NETFILTER_ADVANCED=y \
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
25 $(eval $(call KernelPackage,nf-reject))
28 define KernelPackage/nf-reject6
30 TITLE:=Netfilter IPv6 reject support
33 CONFIG_NETFILTER_ADVANCED=y \
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
40 $(eval $(call KernelPackage,nf-reject6))
43 define KernelPackage/nf-ipt
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
51 $(eval $(call KernelPackage,nf-ipt))
54 define KernelPackage/nf-ipt6
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
63 $(eval $(call KernelPackage,nf-ipt6))
67 define KernelPackage/ipt-core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
88 $(eval $(call KernelPackage,ipt-core))
91 define KernelPackage/nf-conntrack
93 TITLE:=Netfilter connection tracking
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
109 $(eval $(call KernelPackage,nf-conntrack))
112 define KernelPackage/nf-conntrack6
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
121 $(eval $(call KernelPackage,nf-conntrack6))
124 define KernelPackage/nf-nat
127 KCONFIG:=$(KCONFIG_NF_NAT)
128 DEPENDS:=+kmod-nf-conntrack
129 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
133 $(eval $(call KernelPackage,nf-nat))
136 define KernelPackage/nf-nat6
138 TITLE:=Netfilter IPV6-NAT
139 KCONFIG:=$(KCONFIG_NF_NAT6)
140 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
141 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
142 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
145 $(eval $(call KernelPackage,nf-nat6))
148 define KernelPackage/nf-flow
150 TITLE:=Netfilter flowtable support
152 CONFIG_NETFILTER_INGRESS=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9
157 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
158 $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
159 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
162 $(eval $(call KernelPackage,nf-flow))
165 define AddDepends/ipt
167 DEPENDS+= +kmod-ipt-core $(1)
171 define KernelPackage/ipt-conntrack
172 TITLE:=Basic connection tracking modules
173 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
174 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
175 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
176 $(call AddDepends/ipt,+kmod-nf-conntrack)
179 define KernelPackage/ipt-conntrack/description
180 Netfilter (IPv4) kernel modules for connection tracking
189 $(eval $(call KernelPackage,ipt-conntrack))
192 define KernelPackage/ipt-conntrack-extra
193 TITLE:=Extra connection tracking modules
194 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
195 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
196 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
197 $(call AddDepends/ipt,+kmod-ipt-conntrack)
200 define KernelPackage/ipt-conntrack-extra/description
201 Netfilter (IPv4) extra kernel modules for connection tracking
210 $(eval $(call KernelPackage,ipt-conntrack-extra))
212 define KernelPackage/ipt-conntrack-label
213 TITLE:=Module for handling connection tracking labels
214 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
215 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
216 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
217 $(call AddDepends/ipt,+kmod-ipt-conntrack)
220 define KernelPackage/ipt-conntrack-label/description
221 Netfilter (IPv4) module for handling connection tracking labels
226 $(eval $(call KernelPackage,ipt-conntrack-label))
228 define KernelPackage/ipt-filter
229 TITLE:=Modules for packet content inspection
230 KCONFIG:=$(KCONFIG_IPT_FILTER)
231 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
232 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
233 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
236 define KernelPackage/ipt-filter/description
237 Netfilter (IPv4) kernel modules for packet content inspection
242 $(eval $(call KernelPackage,ipt-filter))
245 define KernelPackage/ipt-offload
246 TITLE:=Netfilter routing/NAT offload support
247 KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
248 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
249 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
250 $(call AddDepends/ipt,+kmod-nf-flow)
253 $(eval $(call KernelPackage,ipt-offload))
256 define KernelPackage/ipt-ipopt
257 TITLE:=Modules for matching/changing IP packet options
258 KCONFIG:=$(KCONFIG_IPT_IPOPT)
259 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
260 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
261 $(call AddDepends/ipt)
264 define KernelPackage/ipt-ipopt/description
265 Netfilter (IPv4) modules for matching/changing IP packet options
280 $(eval $(call KernelPackage,ipt-ipopt))
283 define KernelPackage/ipt-ipsec
284 TITLE:=Modules for matching IPSec packets
285 KCONFIG:=$(KCONFIG_IPT_IPSEC)
286 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
287 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
288 $(call AddDepends/ipt)
291 define KernelPackage/ipt-ipsec/description
292 Netfilter (IPv4) modules for matching IPSec packets
299 $(eval $(call KernelPackage,ipt-ipsec))
303 ipset/ip_set_bitmap_ip \
304 ipset/ip_set_bitmap_ipmac \
305 ipset/ip_set_bitmap_port \
306 ipset/ip_set_hash_ip \
307 ipset/ip_set_hash_ipmark \
308 ipset/ip_set_hash_ipport \
309 ipset/ip_set_hash_ipportip \
310 ipset/ip_set_hash_ipportnet \
311 ipset/ip_set_hash_mac \
312 ipset/ip_set_hash_netportnet \
313 ipset/ip_set_hash_net \
314 ipset/ip_set_hash_netnet \
315 ipset/ip_set_hash_netport \
316 ipset/ip_set_hash_netiface \
317 ipset/ip_set_list_set \
320 define KernelPackage/ipt-ipset
321 SUBMENU:=Netfilter Extensions
322 TITLE:=IPset netfilter modules
323 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
326 CONFIG_IP_SET_MAX=256 \
327 CONFIG_NETFILTER_XT_SET \
328 CONFIG_IP_SET_BITMAP_IP \
329 CONFIG_IP_SET_BITMAP_IPMAC \
330 CONFIG_IP_SET_BITMAP_PORT \
331 CONFIG_IP_SET_HASH_IP \
332 CONFIG_IP_SET_HASH_IPMARK \
333 CONFIG_IP_SET_HASH_IPPORT \
334 CONFIG_IP_SET_HASH_IPPORTIP \
335 CONFIG_IP_SET_HASH_IPPORTNET \
336 CONFIG_IP_SET_HASH_MAC \
337 CONFIG_IP_SET_HASH_NET \
338 CONFIG_IP_SET_HASH_NETNET \
339 CONFIG_IP_SET_HASH_NETIFACE \
340 CONFIG_IP_SET_HASH_NETPORT \
341 CONFIG_IP_SET_HASH_NETPORTNET \
342 CONFIG_IP_SET_LIST_SET \
343 CONFIG_NET_EMATCH_IPSET=n
344 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
345 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
347 $(eval $(call KernelPackage,ipt-ipset))
350 define KernelPackage/ipt-nat
351 TITLE:=Basic NAT targets
352 KCONFIG:=$(KCONFIG_IPT_NAT)
353 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
354 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
355 $(call AddDepends/ipt,+kmod-nf-nat)
358 define KernelPackage/ipt-nat/description
359 Netfilter (IPv4) kernel modules for basic NAT targets
364 $(eval $(call KernelPackage,ipt-nat))
367 define KernelPackage/ipt-raw
368 TITLE:=Netfilter IPv4 raw table support
369 KCONFIG:=CONFIG_IP_NF_RAW
370 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
371 AUTOLOAD:=$(call AutoProbe,iptable_raw)
372 $(call AddDepends/ipt)
375 $(eval $(call KernelPackage,ipt-raw))
378 define KernelPackage/ipt-raw6
379 TITLE:=Netfilter IPv6 raw table support
380 KCONFIG:=CONFIG_IP6_NF_RAW
381 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
382 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
383 $(call AddDepends/ipt,+kmod-ip6tables)
386 $(eval $(call KernelPackage,ipt-raw6))
389 define KernelPackage/ipt-nat6
390 TITLE:=IPv6 NAT targets
391 KCONFIG:=$(KCONFIG_IPT_NAT6)
392 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
393 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
394 $(call AddDepends/ipt,+kmod-nf-nat6)
395 $(call AddDepends/ipt,+kmod-ipt-conntrack)
396 $(call AddDepends/ipt,+kmod-ipt-nat)
397 $(call AddDepends/ipt,+kmod-ip6tables)
400 define KernelPackage/ipt-nat6/description
401 Netfilter (IPv6) kernel modules for NAT targets
404 $(eval $(call KernelPackage,ipt-nat6))
407 define KernelPackage/ipt-nat-extra
408 TITLE:=Extra NAT targets
409 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
410 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
411 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
412 $(call AddDepends/ipt,+kmod-ipt-nat)
415 define KernelPackage/ipt-nat-extra/description
416 Netfilter (IPv4) kernel modules for extra NAT targets
422 $(eval $(call KernelPackage,ipt-nat-extra))
425 define KernelPackage/nf-nathelper
427 TITLE:=Basic Conntrack and NAT helpers
428 KCONFIG:=$(KCONFIG_NF_NATHELPER)
429 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
430 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
431 DEPENDS:=+kmod-nf-nat
434 define KernelPackage/nf-nathelper/description
435 Default Netfilter (IPv4) Conntrack and NAT helpers
440 $(eval $(call KernelPackage,nf-nathelper))
443 define KernelPackage/nf-nathelper-extra
445 TITLE:=Extra Conntrack and NAT helpers
446 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
447 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
448 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
449 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
452 define KernelPackage/nf-nathelper-extra/description
453 Extra Netfilter (IPv4) Conntrack and NAT helpers
467 $(eval $(call KernelPackage,nf-nathelper-extra))
470 define KernelPackage/ipt-ulog
471 TITLE:=Module for user-space packet logging
472 KCONFIG:=$(KCONFIG_IPT_ULOG)
473 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
474 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
475 $(call AddDepends/ipt)
478 define KernelPackage/ipt-ulog/description
479 Netfilter (IPv4) module for user-space packet logging
484 $(eval $(call KernelPackage,ipt-ulog))
487 define KernelPackage/ipt-nflog
488 TITLE:=Module for user-space packet logging
489 KCONFIG:=$(KCONFIG_IPT_NFLOG)
490 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
491 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
492 $(call AddDepends/ipt,+kmod-nfnetlink-log)
495 define KernelPackage/ipt-nflog/description
496 Netfilter module for user-space packet logging
501 $(eval $(call KernelPackage,ipt-nflog))
504 define KernelPackage/ipt-nfqueue
505 TITLE:=Module for user-space packet queuing
506 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
507 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
508 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
509 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
512 define KernelPackage/ipt-nfqueue/description
513 Netfilter module for user-space packet queuing
518 $(eval $(call KernelPackage,ipt-nfqueue))
521 define KernelPackage/ipt-debug
522 TITLE:=Module for debugging/development
523 KCONFIG:=$(KCONFIG_IPT_DEBUG)
524 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
525 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
526 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
529 define KernelPackage/ipt-debug/description
530 Netfilter modules for debugging/development of the firewall
535 $(eval $(call KernelPackage,ipt-debug))
538 define KernelPackage/ipt-led
539 TITLE:=Module to trigger a LED with a Netfilter rule
540 KCONFIG:=$(KCONFIG_IPT_LED)
541 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
542 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
543 $(call AddDepends/ipt)
546 define KernelPackage/ipt-led/description
547 Netfilter target to trigger a LED when a network packet is matched.
550 $(eval $(call KernelPackage,ipt-led))
552 define KernelPackage/ipt-tproxy
553 TITLE:=Transparent proxying support
554 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
556 CONFIG_NETFILTER_XT_MATCH_SOCKET \
557 CONFIG_NETFILTER_XT_TARGET_TPROXY
559 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
560 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
561 $(call AddDepends/ipt)
564 define KernelPackage/ipt-tproxy/description
565 Kernel modules for Transparent Proxying
568 $(eval $(call KernelPackage,ipt-tproxy))
570 define KernelPackage/ipt-tee
572 DEPENDS:=+kmod-ipt-conntrack
574 CONFIG_NETFILTER_XT_TARGET_TEE
576 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
577 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
578 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
579 $(call AddDepends/ipt)
582 define KernelPackage/ipt-tee/description
583 Kernel modules for TEE
586 $(eval $(call KernelPackage,ipt-tee))
589 define KernelPackage/ipt-u32
592 CONFIG_NETFILTER_XT_MATCH_U32
594 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
595 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
596 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
597 $(call AddDepends/ipt)
600 define KernelPackage/ipt-u32/description
601 Kernel modules for U32
604 $(eval $(call KernelPackage,ipt-u32))
606 define KernelPackage/ipt-checksum
607 TITLE:=CHECKSUM support
609 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
611 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
612 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
613 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
614 $(call AddDepends/ipt)
617 define KernelPackage/ipt-checksum/description
618 Kernel modules for CHECKSUM fillin target
621 $(eval $(call KernelPackage,ipt-checksum))
624 define KernelPackage/ipt-iprange
625 TITLE:=Module for matching ip ranges
626 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
627 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
628 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
629 $(call AddDepends/ipt)
632 define KernelPackage/ipt-iprange/description
633 Netfilter (IPv4) module for matching ip ranges
638 $(eval $(call KernelPackage,ipt-iprange))
640 define KernelPackage/ipt-cluster
641 TITLE:=Module for matching cluster
642 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
643 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
644 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
645 $(call AddDepends/ipt)
648 define KernelPackage/ipt-cluster/description
649 Netfilter (IPv4/IPv6) module for matching cluster
650 This option allows you to build work-load-sharing clusters of
651 network servers/stateful firewalls without having a dedicated
652 load-balancing router/server/switch. Basically, this match returns
653 true when the packet must be handled by this cluster node. Thus,
654 all nodes see all packets and this match decides which node handles
655 what packets. The work-load sharing algorithm is based on source
658 This module is usable for ipv4 and ipv6.
660 To use it also enable iptables-mod-cluster
662 see `iptables -m cluster --help` for more information.
665 $(eval $(call KernelPackage,ipt-cluster))
667 define KernelPackage/ipt-clusterip
668 TITLE:=Module for CLUSTERIP
669 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
670 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
671 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
672 $(call AddDepends/ipt,+kmod-nf-conntrack)
675 define KernelPackage/ipt-clusterip/description
676 Netfilter (IPv4-only) module for CLUSTERIP
677 The CLUSTERIP target allows you to build load-balancing clusters of
678 network servers without having a dedicated load-balancing
679 router/server/switch.
681 To use it also enable iptables-mod-clusterip
683 see `iptables -j CLUSTERIP --help` for more information.
686 $(eval $(call KernelPackage,ipt-clusterip))
689 define KernelPackage/ipt-extra
691 KCONFIG:=$(KCONFIG_IPT_EXTRA)
692 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
693 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
694 $(call AddDepends/ipt)
697 define KernelPackage/ipt-extra/description
698 Other Netfilter (IPv4) kernel modules
706 $(eval $(call KernelPackage,ipt-extra))
709 define KernelPackage/ipt-physdev
710 TITLE:=physdev module
711 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
712 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
713 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
714 $(call AddDepends/ipt,+kmod-br-netfilter)
717 define KernelPackage/ipt-physdev/description
718 The iptables physdev kernel module
721 $(eval $(call KernelPackage,ipt-physdev))
724 define KernelPackage/ip6tables
727 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
728 KCONFIG:=$(KCONFIG_IPT_IPV6)
729 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
730 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
733 define KernelPackage/ip6tables/description
734 Netfilter IPv6 firewalling support
737 $(eval $(call KernelPackage,ip6tables))
739 define KernelPackage/ip6tables-extra
741 TITLE:=Extra IPv6 modules
742 DEPENDS:=+kmod-ip6tables
743 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
744 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
745 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
748 define KernelPackage/ip6tables-extra/description
749 Netfilter IPv6 extra header matching modules
752 $(eval $(call KernelPackage,ip6tables-extra))
754 ARP_MODULES = arp_tables arpt_mangle arptable_filter
755 define KernelPackage/arptables
757 TITLE:=ARP firewalling modules
758 DEPENDS:=+kmod-ipt-core
759 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
760 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
761 CONFIG_IP_NF_ARPFILTER \
762 CONFIG_IP_NF_ARP_MANGLE
763 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
766 define KernelPackage/arptables/description
767 Kernel modules for ARP firewalling
770 $(eval $(call KernelPackage,arptables))
773 define KernelPackage/br-netfilter
775 TITLE:=Bridge netfilter support modules
776 DEPENDS:=+kmod-ipt-core
777 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
778 KCONFIG:=CONFIG_BRIDGE_NETFILTER
779 AUTOLOAD:=$(call AutoProbe,br_netfilter)
782 define KernelPackage/br-netfilter/install
783 $(INSTALL_DIR) $(1)/etc/sysctl.d
784 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
787 $(eval $(call KernelPackage,br-netfilter))
790 define KernelPackage/ebtables
792 TITLE:=Bridge firewalling modules
793 DEPENDS:=+kmod-ipt-core
794 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
795 KCONFIG:=$(KCONFIG_EBTABLES)
796 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
799 define KernelPackage/ebtables/description
800 ebtables is a general, extensible frame/packet identification
801 framework. It provides you to do Ethernet
802 filtering/NAT/brouting on the Ethernet bridge.
805 $(eval $(call KernelPackage,ebtables))
808 define AddDepends/ebtables
810 DEPENDS+= +kmod-ebtables $(1)
814 define KernelPackage/ebtables-ipv4
815 TITLE:=ebtables: IPv4 support
816 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
817 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
818 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
819 $(call AddDepends/ebtables)
822 define KernelPackage/ebtables-ipv4/description
823 This option adds the IPv4 support to ebtables, which allows basic
824 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
827 $(eval $(call KernelPackage,ebtables-ipv4))
830 define KernelPackage/ebtables-ipv6
831 TITLE:=ebtables: IPv6 support
832 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
833 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
834 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
835 $(call AddDepends/ebtables)
838 define KernelPackage/ebtables-ipv6/description
839 This option adds the IPv6 support to ebtables, which allows basic
840 IPv6 header field filtering and target support.
843 $(eval $(call KernelPackage,ebtables-ipv6))
846 define KernelPackage/ebtables-watchers
847 TITLE:=ebtables: watchers support
848 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
849 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
850 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
851 $(call AddDepends/ebtables)
854 define KernelPackage/ebtables-watchers/description
855 This option adds the log watchers, that you can use in any rule
856 in any ebtables table.
859 $(eval $(call KernelPackage,ebtables-watchers))
862 define KernelPackage/nfnetlink
864 TITLE:=Netlink-based userspace interface
865 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
866 KCONFIG:=$(KCONFIG_NFNETLINK)
867 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
870 define KernelPackage/nfnetlink/description
871 Kernel modules support for a netlink-based userspace interface
874 $(eval $(call KernelPackage,nfnetlink))
877 define AddDepends/nfnetlink
879 DEPENDS+=+kmod-nfnetlink $(1)
883 define KernelPackage/nfnetlink-log
884 TITLE:=Netfilter LOG over NFNETLINK interface
885 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
886 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
887 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
888 $(call AddDepends/nfnetlink)
891 define KernelPackage/nfnetlink-log/description
892 Kernel modules support for logging packets via NFNETLINK
897 $(eval $(call KernelPackage,nfnetlink-log))
900 define KernelPackage/nfnetlink-queue
901 TITLE:=Netfilter QUEUE over NFNETLINK interface
902 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
903 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
904 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
905 $(call AddDepends/nfnetlink)
908 define KernelPackage/nfnetlink-queue/description
909 Kernel modules support for queueing packets via NFNETLINK
914 $(eval $(call KernelPackage,nfnetlink-queue))
917 define KernelPackage/nf-conntrack-netlink
918 TITLE:=Connection tracking netlink interface
919 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
920 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
921 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
922 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
925 define KernelPackage/nf-conntrack-netlink/description
926 Kernel modules support for a netlink-based connection tracking
930 $(eval $(call KernelPackage,nf-conntrack-netlink))
932 define KernelPackage/ipt-hashlimit
934 TITLE:=Netfilter hashlimit match
935 DEPENDS:=+kmod-ipt-core
936 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
937 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
938 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
939 $(call KernelPackage/ipt)
942 define KernelPackage/ipt-hashlimit/description
943 Kernel modules support for the hashlimit bucket match module
946 $(eval $(call KernelPackage,ipt-hashlimit))
948 define KernelPackage/ipt-rpfilter
950 TITLE:=Netfilter rpfilter match
951 DEPENDS:=+kmod-ipt-core
952 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
954 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
955 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
956 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
957 $(call KernelPackage/ipt)
960 define KernelPackage/ipt-rpfilter/description
961 Kernel modules support for the Netfilter rpfilter match
964 $(eval $(call KernelPackage,ipt-rpfilter))
967 define KernelPackage/nft-core
969 TITLE:=Netfilter nf_tables support
970 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
971 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
972 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
974 CONFIG_NFT_COMPAT=n \
979 define KernelPackage/nft-core/description
980 Kernel module support for nftables
983 $(eval $(call KernelPackage,nft-core))
986 define KernelPackage/nft-arp
988 TITLE:=Netfilter nf_tables ARP table support
989 DEPENDS:=+kmod-nft-core
990 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
991 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
992 KCONFIG:=$(KCONFIG_NFT_ARP)
995 $(eval $(call KernelPackage,nft-arp))
998 define KernelPackage/nft-bridge
1000 TITLE:=Netfilter nf_tables bridge table support
1001 DEPENDS:=+kmod-nft-core
1002 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1003 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1005 CONFIG_NF_LOG_BRIDGE=n \
1006 $(KCONFIG_NFT_BRIDGE)
1009 $(eval $(call KernelPackage,nft-bridge))
1012 define KernelPackage/nft-nat
1014 TITLE:=Netfilter nf_tables NAT support
1015 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1016 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1017 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1018 KCONFIG:=$(KCONFIG_NFT_NAT)
1021 $(eval $(call KernelPackage,nft-nat))
1024 define KernelPackage/nft-offload
1026 TITLE:=Netfilter nf_tables routing/NAT offload support
1027 DEPENDS:=+kmod-nf-flow +kmod-nft-nat
1029 CONFIG_NF_FLOW_TABLE_INET \
1030 CONFIG_NF_FLOW_TABLE_IPV4 \
1031 CONFIG_NF_FLOW_TABLE_IPV6 \
1032 CONFIG_NFT_FLOW_OFFLOAD
1034 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1035 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1036 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1037 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1038 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1041 $(eval $(call KernelPackage,nft-offload))
1044 define KernelPackage/nft-nat6
1046 TITLE:=Netfilter nf_tables IPv6-NAT support
1047 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1048 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1049 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1050 KCONFIG:=$(KCONFIG_NFT_NAT6)
1053 $(eval $(call KernelPackage,nft-nat6))