$(MODULES_DIR)/kernel/net/ipv4/ip_gre.o \
,CONFIG_NET_IPGRE))
-$(eval $(call KMOD_template,IMQ,imq,\
- $(MODULES_DIR)/kernel/net/ipv4/netfilter/*IMQ*.o \
- $(MODULES_DIR)/kernel/drivers/net/imq.o \
-))
$(eval $(call KMOD_template,IPIP,ipip,\
$(MODULES_DIR)/kernel/net/ipv4/ipip.o \
,CONFIG_NET_IPIP,,60,ipip))
$(MODULES_DIR)/kernel/drivers/net/tun.o \
,CONFIG_TUN,,20,tun))
-# Filtering / Firewalling
-
-$(eval $(call KMOD_template,ARPTABLES,arptables,\
- $(MODULES_DIR)/kernel/net/ipv4/netfilter/arp*.o \
-,CONFIG_IP_NF_ARPTABLES))
-
-$(eval $(call KMOD_template,EBTABLES,ebtables,\
- $(MODULES_DIR)/kernel/net/bridge/netfilter/*.o \
-,CONFIG_BRIDGE_NF_EBTABLES))
-
-# metapackage for compatibility ...
-$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\
-,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd))
-
-$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
- $(foreach mod,$(IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
-
-$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
- $(foreach mod,$(IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
-
-$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
- $(foreach mod,$(IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
-
-$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
- $(foreach mod,$(IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
-
-$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
- $(foreach mod,$(IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
-
-$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\
- $(foreach mod,$(IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
-
-$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\
- $(foreach mod,$(IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-,,,40,$(IPT_NAT_EXTRA-m)))
-
-$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\
- $(foreach mod,$(IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
-
-$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\
- $(foreach mod,$(IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
-
-$(eval $(call KMOD_template,IP6TABLES,ip6tables,\
- $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \
-,CONFIG_IP6_NF_IPTABLES,kmod-ipv6))
-
-
# Block devices
$(eval $(call KMOD_template,LOOP,loop,\
$(MODULES_DIR)/kernel/net/ipv4/ip_gre.ko \
,CONFIG_NET_IPGRE))
-$(eval $(call KMOD_template,IMQ,imq,\
- $(MODULES_DIR)/kernel/net/ipv4/netfilter/*IMQ*.ko \
- $(MODULES_DIR)/kernel/drivers/net/imq.ko \
-,CONFIG_IMQ))
-
$(eval $(call KMOD_template,IPIP,ipip,\
$(MODULES_DIR)/kernel/net/ipv4/ipip.ko \
,CONFIG_NET_IPIP,,60,ipip))
$(MODULES_DIR)/kernel/drivers/net/tun.ko \
,CONFIG_TUN,,20,tun))
-
-# Filtering / Firewalling
-
-$(eval $(call KMOD_template,ARPTABLES,arptables,\
- $(MODULES_DIR)/kernel/net/ipv4/netfilter/arp*.ko \
-,CONFIG_IP_NF_ARPTABLES))
-
-$(eval $(call KMOD_template,EBTABLES,ebtables,\
- $(MODULES_DIR)/kernel/net/bridge/netfilter/*.ko \
-,CONFIG_BRIDGE_NF_EBTABLES))
-
-# metapackage for compatibility ...
-$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\
-,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd))
-
-$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
- $(foreach mod,$(IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-))
-
-$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
- $(foreach mod,$(IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-))
-
-$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
- $(foreach mod,$(IPT_FILTER-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-))
-
-$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
- $(foreach mod,$(IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-))
-
-$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
- $(foreach mod,$(IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-))
-
-$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\
- $(foreach mod,$(IPT_NAT-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-))
-
-$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\
- $(foreach mod,$(IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-,,,40,$(IPT_NAT_EXTRA-m)))
-
-$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\
- $(foreach mod,$(IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-))
-
-$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\
- $(foreach mod,$(IPT_ULOG-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \
-))
-
-$(eval $(call KMOD_template,IP6TABLES,ip6tables,\
- $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.ko \
-,CONFIG_IP6_NF_IPTABLES,kmod-ipv6))
-
-
# Block devices
$(eval $(call KMOD_template,LOOP,loop,\
#
# $Id: netfilter.mk 2411 2005-11-11 03:41:43Z nico $
-ifeq ($(NF_2_6),1)
+ifeq ($(NF_KMOD),1)
P_V4:=ipv4/netfilter/
P_XT:=netfilter/
-else
-P_V4:=
-P_XT:=
endif
IPT_CONNTRACK-m :=
IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += $(P_V4)ipt_MASQUERADE
IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += $(P_V4)ipt_MIRROR
IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += $(P_V4)ipt_REDIRECT
+IPT_NAT-$(CONFIG_IP_NF_TARGET_NETMAP) += $(P_V4)ipt_NETMAP
IPT_NAT_EXTRA-m :=
IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += $(P_V4)ip_conntrack_amanda
define Package/iptables-mod-conntrack
SECTION:=net
CATEGORY:=Base system
-DEPENDS:=iptables
+DEPENDS:=iptables +kmod-ipt-conntrack
TITLE:=connection tracking modules
DESCRIPTION:=iptables extensions for connection tracking \\\
Includes: \\\
define Package/iptables-mod-filter
SECTION:=net
CATEGORY:=Base system
-DEPENDS:=iptables
+DEPENDS:=iptables +kmod-ipt-filter
TITLE:=filter modules
DESCRIPTION:=iptables extensions for packet content inspection\\\
Includes: \\\
SECTION:=net
CATEGORY:=Base system
DEPENDS:=iptables
-TITLE:=IMQ support
+TITLE:=IMQ support +kmod-imq
DESCRIPTION:=iptables extension for IMQ support\\\
Includes: \\\
* libipt_IMQ
define Package/iptables-mod-ipopt
SECTION:=net
CATEGORY:=Base system
-DEPENDS:=iptables
+DEPENDS:=iptables +kmod-ipt-ipopt
TITLE:=IP/Packet option modules
DESCRIPTION:=iptables extensions for matching/changing IP packet options\\\
Includes: \\\
define Package/iptables-mod-ipsec
SECTION:=net
CATEGORY:=Base system
-DEPENDS:=iptables
+DEPENDS:=iptables +kmod-ipt-ipsec
TITLE:=IPSec extensions
DESCRIPTION:=iptables extensions for matching ipsec traffic\\\
Includes: \\\
define Package/iptables-mod-nat
SECTION:=net
CATEGORY:=Base system
-DEPENDS:=iptables
+DEPENDS:=iptables +kmod-ipt-nat
TITLE:=extra NAT targets
DESCRIPTION:=iptables extensions for different NAT targets\\\
Includes: \\\
define Package/iptables-mod-ulog
SECTION:=net
CATEGORY:=Base system
-DEPENDS:=iptables
+DEPENDS:=iptables +kmod-ipt-ulog
TITLE:=user-space packet logging
DESCRIPTION:=iptables extensions for user-space packet logging\\\
Includes: \\\
define Package/iptables-mod-extra
SECTION:=net
CATEGORY:=Base system
-DEPENDS:=iptables
+DEPENDS:=iptables +kmod-ipt-extra
TITLE:=other extra iptables extensions
DESCRIPTION:=other extra iptables extensions\\\
Includes: \\\
include $(INCLUDE_DIR)/package.mk
ifeq ($(DUMP),)
-include $(LINUX_DIR)/.config
+NF_KMOD:=1
include $(INCLUDE_DIR)/netfilter.mk
endif
endef
$(eval $(call KernelPackage,ide-pdc202xx))
+NFMENU:=Netfilter Extensions
+
+define KernelPackage/ipt-conntrack
+TITLE:=Modules for connection tracking
+DESCRIPTION:=Netfilter (IPv4) kernel modules for connection tracking\\\
+Includes: \\\
+ * ipt_conntrack \\\
+ * ipt_helper \\\
+ * ipt_connmark/CONNMARK
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-conntrack))
+
+
+define KernelPackage/ipt-filter
+TITLE:=Modules for packet content inspection
+DESCRIPTION:=Netfilter (IPv4) kernel modules for packet content inspection \\\
+Includes: \\\
+ * ipt_ipp2p \\\
+ * ipt_layer7
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_FILTER-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-filter))
+
+
+define KernelPackage/ipt-ipopt
+TITLE:=Modules for matching/changing IP packet options
+DESCRIPTION:=Netfilter (IPv4) modules for matching/changing IP packet options \\\
+Includes: \\\
+ * ipt_dscp/DSCP \\\
+ * ipt_ecn/ECN \\\
+ * ipt_length \\\
+ * ipt_mac \\\
+ * ipt_tos/TOS \\\
+ * ipt_tcpmms \\\
+ * ipt_ttl/TTL \\\
+ * ipt_unclean
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-ipopt))
+
+
+define KernelPackage/ipt-ipsec
+TITLE:=Modules for matching IPSec packets
+DESCRIPTION:=Netfilter (IPv4) modules for matching IPSec packets \\\
+Includes: \\\
+ * ipt_ah \\\
+ * ipt_esp
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-ipsec))
+
+
+define KernelPackage/ipt-nat
+TITLE:=Modules for extra NAT targets
+DESCRIPTION:=Netfilter (IPv4) modules for extra NAT targets \\\
+Includes: \\\
+ * ipt_REDIRECT \\\
+ * ipt_NETMAP
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_NAT-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-nat))
+
+define KernelPackage/ipt-nathelper
+TITLE:=Extra Conntrack and NAT helpers
+DESCRIPTION:=Extra Conntrack and NAT helpers (IPv4) \\\
+Includes: \\\
+ * ip_conntrack_amanda \\\
+ * ip_conntrack_proto_gre \\\
+ * ip_nat_proto_gre \\\
+ * ip_conntrack_pptp \\\
+ * ip_nat_pptp \\\
+ * ip_conntrack_sip \\\
+ * ip_nat_sip \\\
+ * ip_nat_snmp_basic \\\
+ * ip_conntrack_tftp
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-nathelper))
+
+define KernelPackage/ipt-imq
+TITLE:=Intermediate Queueing support
+DESCRIPTION:=Kernel support for Intermediate Queueing devices
+KCONFIG:=$(CONFIG_IMQ)
+SUBMENU:=$(NFMENU)
+FILES:= \
+ $(MODULES_DIR)/kernel/net/ipv4/netfilter/*IMQ*.$(LINUX_KMOD_SUFFIX) \
+ $(MODULES_DIR)/kernel/drivers/net/imq.$(LINUX_KMOD_SUFFIX)
+endef
+$(eval $(call KernelPackage,imq))
+
+
+define KernelPackage/ipt-queue
+TITLE:=Module for user-space packet queueing
+DESCRIPTION:=Netfilter (IPv4) module for user-space packet queueing \\\
+Includes: \\\
+ * ipt_QUEUE
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-queue))
+
+define KernelPackage/ipt-ulog
+TITLE:=Module for user-space packet logging
+DESCRIPTION:=Netfilter (IPv4) module for user-space packet logging \\\
+Includes: \\\
+ * ipt_ULOG
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_ULOG-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-ulog))
+
+define KernelPackage/ipt-extra
+TITLE:=Extra modules
+DESCRIPTION:=Other Netfilter (IPv4) kernel modules\\\
+Includes: \\\
+ * ipt_limit \\\
+ * ipt_owner \\\
+ * ipt_physdev \\\
+ * ipt_pkttype \\\
+ * ipt_recent
+SUBMENU:=$(NFMENU)
+FILES:=$(foreach mod,$(IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+endef
+$(eval $(call KernelPackage,ipt-extra))
+
+define KernelPackage/ip6tables
+TITLE:=IPv6 modules
+DESCRIPTION:=Netfilter IPv6 firewalling support
+SUBMENU:=$(NFMENU)
+FILES:=$(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.$(LINUX_KMOD_SUFFIX)
+endef
+$(eval $(call KernelPackage,ip6tables))
+
+
+define KernelPackage/arptables
+TITLE:=ARP firewalling modules
+DESCRIPTION:=Kernel modules for ARP firewalling
+SUBMENU:=$(NFMENU)
+FILES:=$(MODULES_DIR)/kernel/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)
+KCONFIG:=$(CONFIG_IP_NF_ARPTABLES)
+endef
+$(eval $(call KernelPackage,arptables))
+
+
+define KernelPackage/ebtables
+TITLE:=Bridge firewalling modules
+DESCRIPTION:=Kernel modules for Ethernet Bridge firewalling
+SUBMENU:=$(NFMENU)
+FILES:=$(MODULES_DIR)/kernel/net/bridge/netfilter/*.$(LINUX_KMOD_SUFFIX)
+KCONFIG:=$(CONFIG_BRIDGE_NF_EBTABLES)
+endef
+$(eval $(call KernelPackage,ebtables))
+
help
Kernel support for GRE tunnels
-config PACKAGE_KMOD_IMQ
- prompt "kmod-imq.......................... Intermediate Queueing device"
- tristate
- default m
- help
- Kernel support for the Intermediate Queueing device
-
config PACKAGE_KMOD_IPIP
prompt "kmod-ipip......................... IP in IP encapsulation support"
tristate
endmenu
-menu "Filtering/Firewalling"
-
-config PACKAGE_KMOD_ARPTABLES
- prompt "kmod-arptables.................... ARP firewalling support"
- tristate
- default m
- help
- Kernel modules for ARP firewalling
-
-config PACKAGE_KMOD_EBTABLES
- prompt "kmod-ebtables..................... Ethernet Bridge firewalling support"
- tristate
- default m
- help
- Kernel modules for bridge firewalling
-
-config PACKAGE_KMOD_IPTABLES
- prompt "kmod-iptables..................... Core Netfilter modules for IPv4 firewalling"
- tristate
- default y
- help
- Kernel modules for IPv4 firewalling
-
-config PACKAGE_KMOD_IPTABLES_EXTRA
- prompt "kmod-iptables-extra............... Extra Netfilter modules for IPv4 firewalling (meta-package)"
- tristate
- default m
- select PACKAGE_KMOD_IPT_CONNTRACK
- select PACKAGE_KMOD_IPT_FILTER
- select PACKAGE_KMOD_IPT_IPOPT
- select PACKAGE_KMOD_IPT_IPSEC
- select PACKAGE_KMOD_IPT_NAT
- select PACKAGE_KMOD_IPT_NAT_EXTRA
- select PACKAGE_KMOD_IPT_QUEUE
- select PACKAGE_KMOD_IPT_ULOG
- select PACKAGE_KMOD_IPT_EXTRA
- help
- Extra Netfilter kernel modules for IPv4 firewalling (meta-package)
-
-config PACKAGE_KMOD_IPT_CONNTRACK
- prompt "kmod-ipt-conntrack................ Netfilter modules for connection tracking"
- tristate
- default m
- help
- Netfilter (IPv4) kernel modules for connection tracking
-
- Includes:
- * ipt_conntrack
- * ipt_helper
- * ipt_connmark/CONNMARK
-
-config PACKAGE_KMOD_IPT_FILTER
- prompt "kmod-ipt-filter................... Netfilter modules for packet content inspection"
- tristate
- default m
- help
- Netfilter (IPv4) kernel modules for packet content inspection
-
- Includes:
- * ipt_ipp2p
- * ipt_layer7
-
-config PACKAGE_KMOD_IPT_IPOPT
- prompt "kmod-ipt-ipopt.................... Netfilter modules for matching/changing IP packet options"
- tristate
- default m
- help
- Netfilter (IPv4) kernel modules for matching/changing IP packet options
-
- Includes:
- * ipt_dscp/DSCP
- * ipt_ecn/ECN
- * ipt_length
- * ipt_mac
- * ipt_tos/TOS
- * ipt_tcpmms
- * ipt_ttl/TTL
- * ipt_unclean
-
-config PACKAGE_KMOD_IPT_IPSEC
- prompt "kmod-ipt-ipsec.................... Netfilter modules for matching IPsec packets"
- tristate
- default m
- help
- Netfilter (IPv4) kernel modules for matching IPsec packets
-
- Includes:
- * ipt_ah
- * ipt_esp
-
-config PACKAGE_KMOD_IPT_NAT
- prompt "kmod-ipt-nat...................... Netfilter modules for different NAT targets"
- tristate
- default m
- help
- Netfilter (IPv4) kernel modules for different NAT targets
-
- Includes:
- * ipt_REDIRECT
-
-config PACKAGE_KMOD_IPT_NAT_EXTRA
- prompt "kmod-ipt-nat-extra................ Extra Netfilter NAT modules for special protocols"
- tristate
- default m
- help
- Extra Netfilter (IPv4) NAT kernel modules for special protocols
-
- Includes:
- * ip_conntrack_amanda
- * ip_conntrack_proto_gre
- * ip_nat_proto_gre
- * ip_conntrack_pptp
- * ip_nat_pptp
- * ip_conntrack_sip
- * ip_nat_sip
- * ip_nat_snmp_basic
- * ip_conntrack_tftp
-
-config PACKAGE_KMOD_IPT_QUEUE
- prompt "kmod-ipt-queue.................... Netfilter module for user-space packet queueing"
- tristate
- default m
- help
- Netfilter (IPv4) module for user-space packet queueing
-
- Includes:
- * ipt_QUEUE
-
-config PACKAGE_KMOD_IPT_ULOG
- prompt "kmod-ipt-ulog..................... Netfilter module for user-space packet logging"
- tristate
- default m
- help
- Netfilter (IPv4) module for user-space packet logging
-
- Includes:
- * ipt_ULOG
-
-config PACKAGE_KMOD_IPT_EXTRA
- prompt "kmod-ipt-extra.................... Other extra Netfilter modules"
- tristate
- default m
- help
- Other extra Netfilter (IPv4) kernel modules
-
- Includes:
- * ipt_limit
- * ipt_owner
- * ipt_physdev
- * ipt_pkttype
- * ipt_recent
-
-config PACKAGE_KMOD_IP6TABLES
- prompt "kmod-ip6tables.................... Kernel modules for ip6tables"
- tristate
- default m
- depends PACKAGE_KMOD_IPV6
- help
- IPv6 firewalling support
-
-endmenu
-
menu "Block devices support"
config PACKAGE_kmod-ide-core