From: Rafał Miłecki Date: Thu, 9 Feb 2023 12:29:37 +0000 (+0100) Subject: iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=3c66ac7e22a385eefe84c0e1deef26a12bcf9fc6;p=openwrt%2Fstaging%2Fblocktrron.git iptables: iptables-mod-conntrack-extra: don't select kmod-ipt-raw Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages iptable_raw.ko According to kernel's net/netfilter/Kconfig there are only 3 kernel symbols that depend on the IP_NF_RAW: 1. NETFILTER_XT_TARGET_CT (xt_CT.ko) 2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!) 3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko) Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko xt_recent.ko and xt_connbytes.ko (none of them seems to require iptable_raw.ko). It seems there is no explicit reason for iptables-mod-conntrack-extra to require kmod-ipt-raw (iptables_raw.ko). Signed-off-by: Rafał Miłecki --- diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index dc57bb55d0..e96cfa0b16 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -150,7 +150,7 @@ Extra iptables nftables nft binaries. endef define Package/iptables-mod-conntrack-extra -$(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw) +$(call Package/iptables/Module, +kmod-ipt-conntrack-extra) TITLE:=Extra connection tracking extensions endef