3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU:=Netfilter Extensions
11 include $(INCLUDE_DIR)/netfilter.mk
14 define KernelPackage/nf-ipt
19 CONFIG_NETFILTER_ADVANCED=y \
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
25 $(eval $(call KernelPackage,nf-ipt))
28 define KernelPackage/nf-ipt6
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
37 $(eval $(call KernelPackage,nf-ipt6))
41 define KernelPackage/ipt-core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
62 $(eval $(call KernelPackage,ipt-core))
65 define KernelPackage/nf-conntrack
67 TITLE:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED=y \
71 $(KCONFIG_NF_CONNTRACK)
72 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
73 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
76 $(eval $(call KernelPackage,nf-conntrack))
79 define KernelPackage/nf-conntrack6
81 TITLE:=Netfilter IPv6 connection tracking
82 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
83 DEPENDS:=+kmod-ipv6 +kmod-nf-conntrack
84 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
85 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
88 $(eval $(call KernelPackage,nf-conntrack6))
91 define KernelPackage/nf-nat
94 KCONFIG:=$(KCONFIG_NF_NAT)
95 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
96 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
97 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
100 $(eval $(call KernelPackage,nf-nat))
103 define KernelPackage/nf-nat6
105 TITLE:=Netfilter IPV6-NAT
106 KCONFIG:=$(KCONFIG_NF_NAT6)
107 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
108 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
109 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
112 $(eval $(call KernelPackage,nf-nat6))
115 define AddDepends/ipt
117 DEPENDS+= +kmod-ipt-core $(1)
121 define KernelPackage/ipt-conntrack
122 TITLE:=Basic connection tracking modules
123 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
124 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
126 $(call AddDepends/ipt,+kmod-nf-conntrack)
129 define KernelPackage/ipt-conntrack/description
130 Netfilter (IPv4) kernel modules for connection tracking
139 $(eval $(call KernelPackage,ipt-conntrack))
142 define KernelPackage/ipt-conntrack-extra
143 TITLE:=Extra connection tracking modules
144 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
145 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
146 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
147 $(call AddDepends/ipt,+kmod-ipt-conntrack)
150 define KernelPackage/ipt-conntrack-extra/description
151 Netfilter (IPv4) extra kernel modules for connection tracking
160 $(eval $(call KernelPackage,ipt-conntrack-extra))
163 define KernelPackage/ipt-filter
164 TITLE:=Modules for packet content inspection
165 KCONFIG:=$(KCONFIG_IPT_FILTER)
166 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
167 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
168 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
171 define KernelPackage/ipt-filter/description
172 Netfilter (IPv4) kernel modules for packet content inspection
178 $(eval $(call KernelPackage,ipt-filter))
181 define KernelPackage/ipt-ipopt
182 TITLE:=Modules for matching/changing IP packet options
183 KCONFIG:=$(KCONFIG_IPT_IPOPT)
184 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
185 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
186 $(call AddDepends/ipt)
189 define KernelPackage/ipt-ipopt/description
190 Netfilter (IPv4) modules for matching/changing IP packet options
205 $(eval $(call KernelPackage,ipt-ipopt))
208 define KernelPackage/ipt-ipsec
209 TITLE:=Modules for matching IPSec packets
210 KCONFIG:=$(KCONFIG_IPT_IPSEC)
211 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
212 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
213 $(call AddDepends/ipt)
216 define KernelPackage/ipt-ipsec/description
217 Netfilter (IPv4) modules for matching IPSec packets
224 $(eval $(call KernelPackage,ipt-ipsec))
227 define KernelPackage/ipt-nat
228 TITLE:=Basic NAT targets
229 KCONFIG:=$(KCONFIG_IPT_NAT)
230 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
231 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
232 $(call AddDepends/ipt,+kmod-nf-nat)
235 define KernelPackage/ipt-nat/description
236 Netfilter (IPv4) kernel modules for basic NAT targets
241 $(eval $(call KernelPackage,ipt-nat))
244 define KernelPackage/ipt-nat6
245 TITLE:=IPv6 NAT targets
246 KCONFIG:=$(KCONFIG_IPT_NAT6)
247 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
248 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
249 $(call AddDepends/ipt,+kmod-nf-nat6)
250 $(call AddDepends/ipt,+kmod-ipt-conntrack)
251 $(call AddDepends/ipt,+kmod-ipt-nat)
252 $(call AddDepends/ipt,+kmod-ip6tables)
255 define KernelPackage/ipt-nat6/description
256 Netfilter (IPv6) kernel modules for NAT targets
259 $(eval $(call KernelPackage,ipt-nat6))
262 define KernelPackage/ipt-nat-extra
263 TITLE:=Extra NAT targets
264 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
265 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
266 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
267 $(call AddDepends/ipt,+kmod-ipt-nat)
270 define KernelPackage/ipt-nat-extra/description
271 Netfilter (IPv4) kernel modules for extra NAT targets
277 $(eval $(call KernelPackage,ipt-nat-extra))
280 define KernelPackage/nf-nathelper
282 TITLE:=Basic Conntrack and NAT helpers
283 KCONFIG:=$(KCONFIG_NF_NATHELPER)
284 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
285 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
286 DEPENDS:=+kmod-nf-nat
289 define KernelPackage/nf-nathelper/description
290 Default Netfilter (IPv4) Conntrack and NAT helpers
297 $(eval $(call KernelPackage,nf-nathelper))
300 define KernelPackage/nf-nathelper-extra
302 TITLE:=Extra Conntrack and NAT helpers
303 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
304 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
305 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
306 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
309 define KernelPackage/nf-nathelper-extra/description
310 Extra Netfilter (IPv4) Conntrack and NAT helpers
322 $(eval $(call KernelPackage,nf-nathelper-extra))
325 define KernelPackage/ipt-queue
326 TITLE:=Module for user-space packet queueing
327 KCONFIG:=$(KCONFIG_IPT_QUEUE)
329 FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
330 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_QUEUE-m)))
331 $(call AddDepends/ipt)
334 define KernelPackage/ipt-queue/description
335 Netfilter (IPv4) module for user-space packet queueing
340 $(eval $(call KernelPackage,ipt-queue))
343 define KernelPackage/ipt-ulog
344 TITLE:=Module for user-space packet logging
345 KCONFIG:=$(KCONFIG_IPT_ULOG)
346 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
347 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
348 $(call AddDepends/ipt)
351 define KernelPackage/ipt-ulog/description
352 Netfilter (IPv4) module for user-space packet logging
357 $(eval $(call KernelPackage,ipt-ulog))
360 define KernelPackage/ipt-nflog
361 TITLE:=Module for user-space packet logging
362 KCONFIG:=$(KCONFIG_IPT_NFLOG)
363 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
364 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
365 $(call AddDepends/ipt,+kmod-nfnetlink-log)
368 define KernelPackage/ipt-nflog/description
369 Netfilter module for user-space packet logging
374 $(eval $(call KernelPackage,ipt-nflog))
377 define KernelPackage/ipt-nfqueue
378 TITLE:=Module for user-space packet queuing
379 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
380 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
381 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
382 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
385 define KernelPackage/ipt-nfqueue/description
386 Netfilter module for user-space packet queuing
391 $(eval $(call KernelPackage,ipt-nfqueue))
394 define KernelPackage/ipt-debug
395 TITLE:=Module for debugging/development
396 KCONFIG:=$(KCONFIG_IPT_DEBUG)
398 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
399 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
400 $(call AddDepends/ipt)
403 define KernelPackage/ipt-debug/description
404 Netfilter modules for debugging/development of the firewall
409 $(eval $(call KernelPackage,ipt-debug))
412 define KernelPackage/ipt-led
413 TITLE:=Module to trigger a LED with a Netfilter rule
414 KCONFIG:=$(KCONFIG_IPT_LED)
415 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
416 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
417 $(call AddDepends/ipt)
420 define KernelPackage/ipt-led/description
421 Netfilter target to trigger a LED when a network packet is matched.
424 $(eval $(call KernelPackage,ipt-led))
426 define KernelPackage/ipt-tproxy
427 TITLE:=Transparent proxying support
428 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ipv6 +IPV6:kmod-ip6tables
430 CONFIG_NETFILTER_TPROXY \
431 CONFIG_NETFILTER_XT_MATCH_SOCKET \
432 CONFIG_NETFILTER_XT_TARGET_TPROXY
434 $(if $(call kernel_patchver_lt,3.12),$(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko) \
435 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
436 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
437 $(call AddDepends/ipt)
440 define KernelPackage/ipt-tproxy/description
441 Kernel modules for Transparent Proxying
444 $(eval $(call KernelPackage,ipt-tproxy))
446 define KernelPackage/ipt-tee
448 DEPENDS:=+kmod-ipt-conntrack +IPV6:kmod-ipv6
450 CONFIG_NETFILTER_XT_TARGET_TEE
452 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
453 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
454 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
455 $(call AddDepends/ipt)
458 define KernelPackage/ipt-tee/description
459 Kernel modules for TEE
462 $(eval $(call KernelPackage,ipt-tee))
465 define KernelPackage/ipt-u32
468 CONFIG_NETFILTER_XT_MATCH_U32
470 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
471 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
472 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
473 $(call AddDepends/ipt)
476 define KernelPackage/ipt-u32/description
477 Kernel modules for U32
480 $(eval $(call KernelPackage,ipt-u32))
483 define KernelPackage/ipt-iprange
484 TITLE:=Module for matching ip ranges
485 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
486 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
487 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
488 $(call AddDepends/ipt)
491 define KernelPackage/ipt-iprange/description
492 Netfilter (IPv4) module for matching ip ranges
497 $(eval $(call KernelPackage,ipt-iprange))
499 define KernelPackage/ipt-cluster
500 TITLE:=Module for matching cluster
501 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
502 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
503 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
504 $(call AddDepends/ipt)
507 define KernelPackage/ipt-cluster/description
508 Netfilter (IPv4/IPv6) module for matching cluster
509 This option allows you to build work-load-sharing clusters of
510 network servers/stateful firewalls without having a dedicated
511 load-balancing router/server/switch. Basically, this match returns
512 true when the packet must be handled by this cluster node. Thus,
513 all nodes see all packets and this match decides which node handles
514 what packets. The work-load sharing algorithm is based on source
517 This module is usable for ipv4 and ipv6.
519 To use it also enable iptables-mod-cluster
521 see `iptables -m cluster --help` for more information.
524 $(eval $(call KernelPackage,ipt-cluster))
526 define KernelPackage/ipt-clusterip
527 TITLE:=Module for CLUSTERIP
528 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
529 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
530 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
531 $(call AddDepends/ipt,+kmod-nf-conntrack)
534 define KernelPackage/ipt-clusterip/description
535 Netfilter (IPv4-only) module for CLUSTERIP
536 The CLUSTERIP target allows you to build load-balancing clusters of
537 network servers without having a dedicated load-balancing
538 router/server/switch.
540 To use it also enable iptables-mod-clusterip
542 see `iptables -j CLUSTERIP --help` for more information.
545 $(eval $(call KernelPackage,ipt-clusterip))
548 define KernelPackage/ipt-extra
550 KCONFIG:=$(KCONFIG_IPT_EXTRA)
551 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
552 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
553 $(call AddDepends/ipt)
556 define KernelPackage/ipt-extra/description
557 Other Netfilter (IPv4) kernel modules
561 - physdev (if bridge support was enabled in kernel)
566 $(eval $(call KernelPackage,ipt-extra))
569 define KernelPackage/ip6tables
572 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
573 KCONFIG:=$(KCONFIG_IPT_IPV6)
574 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
575 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
578 define KernelPackage/ip6tables/description
579 Netfilter IPv6 firewalling support
582 $(eval $(call KernelPackage,ip6tables))
584 define KernelPackage/ip6tables-extra
586 TITLE:=Extra IPv6 modules
587 DEPENDS:=+kmod-ip6tables
588 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
589 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
590 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
593 define KernelPackage/ip6tables-extra/description
594 Netfilter IPv6 extra header matching modules
597 $(eval $(call KernelPackage,ip6tables-extra))
599 ARP_MODULES = arp_tables arpt_mangle arptable_filter
600 define KernelPackage/arptables
602 TITLE:=ARP firewalling modules
603 DEPENDS:=+kmod-ipt-core
604 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
605 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
606 CONFIG_IP_NF_ARPFILTER \
607 CONFIG_IP_NF_ARP_MANGLE
608 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
611 define KernelPackage/arptables/description
612 Kernel modules for ARP firewalling
615 $(eval $(call KernelPackage,arptables))
618 define KernelPackage/ebtables
620 TITLE:=Bridge firewalling modules
621 DEPENDS:=+kmod-ipt-core +kmod-bridge
622 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
623 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
625 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
628 define KernelPackage/ebtables/description
629 ebtables is a general, extensible frame/packet identification
630 framework. It provides you to do Ethernet
631 filtering/NAT/brouting on the Ethernet bridge.
634 $(eval $(call KernelPackage,ebtables))
637 define AddDepends/ebtables
639 DEPENDS+=kmod-ebtables $(1)
643 define KernelPackage/ebtables-ipv4
644 TITLE:=ebtables: IPv4 support
645 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
646 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
647 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
648 $(call AddDepends/ebtables)
651 define KernelPackage/ebtables-ipv4/description
652 This option adds the IPv4 support to ebtables, which allows basic
653 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
656 $(eval $(call KernelPackage,ebtables-ipv4))
659 define KernelPackage/ebtables-ipv6
660 TITLE:=ebtables: IPv6 support
661 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
662 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
663 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
664 $(call AddDepends/ebtables)
667 define KernelPackage/ebtables-ipv6/description
668 This option adds the IPv6 support to ebtables, which allows basic
669 IPv6 header field filtering and target support.
672 $(eval $(call KernelPackage,ebtables-ipv6))
675 define KernelPackage/ebtables-watchers
676 TITLE:=ebtables: watchers support
677 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
678 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
679 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
680 $(call AddDepends/ebtables)
683 define KernelPackage/ebtables-watchers/description
684 This option adds the log watchers, that you can use in any rule
685 in any ebtables table.
688 $(eval $(call KernelPackage,ebtables-watchers))
691 define KernelPackage/nfnetlink
693 TITLE:=Netlink-based userspace interface
694 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
695 KCONFIG:=$(KCONFIG_NFNETLINK)
696 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
699 define KernelPackage/nfnetlink/description
700 Kernel modules support for a netlink-based userspace interface
703 $(eval $(call KernelPackage,nfnetlink))
706 define AddDepends/nfnetlink
708 DEPENDS+=+kmod-nfnetlink $(1)
712 define KernelPackage/nfnetlink-log
713 TITLE:=Netfilter LOG over NFNETLINK interface
714 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
715 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
716 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
717 $(call AddDepends/nfnetlink)
720 define KernelPackage/nfnetlink-log/description
721 Kernel modules support for logging packets via NFNETLINK
726 $(eval $(call KernelPackage,nfnetlink-log))
729 define KernelPackage/nfnetlink-queue
730 TITLE:=Netfilter QUEUE over NFNETLINK interface
731 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
732 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
733 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
734 $(call AddDepends/nfnetlink)
737 define KernelPackage/nfnetlink-queue/description
738 Kernel modules support for queueing packets via NFNETLINK
743 $(eval $(call KernelPackage,nfnetlink-queue))
746 define KernelPackage/nf-conntrack-netlink
747 TITLE:=Connection tracking netlink interface
748 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
749 KCONFIG:=CONFIG_NF_CT_NETLINK
750 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
751 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
754 define KernelPackage/nf-conntrack-netlink/description
755 Kernel modules support for a netlink-based connection tracking
759 $(eval $(call KernelPackage,nf-conntrack-netlink))
761 define KernelPackage/ipt-hashlimit
763 TITLE:=Netfilter hashlimit match
764 DEPENDS:=+kmod-ipt-core
765 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
766 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
767 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
768 $(call KernelPackage/ipt)
771 define KernelPackage/ipt-hashlimit/description
772 Kernel modules support for the hashlimit bucket match module
775 $(eval $(call KernelPackage,ipt-hashlimit))
778 define KernelPackage/nft-core
780 TITLE:=Netfilter nf_tables support
781 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
782 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
783 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
786 CONFIG_NETFILTER_ADVANCED=y \
787 CONFIG_NFT_COMPAT=n \
789 CONFIG_NF_TABLES_ARP=n \
790 CONFIG_NF_TABLES_BRIDGE=n \
794 define KernelPackage/nft-core/description
795 Kernel module support for nftables
798 $(eval $(call KernelPackage,nft-core))
801 define KernelPackage/nft-nat
803 TITLE:=Netfilter nf_tables NAT support
804 DEPENDS:=+kmod-nft-core +kmod-nf-nat
805 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
806 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
807 KCONFIG:=$(KCONFIG_NFT_NAT)
810 $(eval $(call KernelPackage,nft-nat))
813 define KernelPackage/nft-nat6
815 TITLE:=Netfilter nf_tables IPv6-NAT support
816 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
817 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
818 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
819 KCONFIG:=$(KCONFIG_NFT_NAT6)
822 $(eval $(call KernelPackage,nft-nat6))