From: Etienne Champetier Date: Mon, 24 Jan 2022 22:30:43 +0000 (-0500) Subject: netfilter.mk: add conntrack support to nft bridge X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=01e58f8bee2f4f33abcb4ab73c1f7b5ebfd10c5d;p=openwrt%2Fstaging%2Fmans0n.git netfilter.mk: add conntrack support to nft bridge This allows to implement statefull bridge filtering As the uncompressed size is only 7.6k (arm64), just add nf_conntrack_bridge.ko to kmod-nft-bridge package Signed-off-by: Etienne Champetier --- diff --git a/include/netfilter.mk b/include/netfilter.mk index 803749d931..65e8e3b8f0 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -332,6 +332,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_EBT)nf_conntrack_bridge),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),))