From: Felix Fietkau Date: Sat, 22 Jul 2006 12:33:28 +0000 (+0000) Subject: port over the netfilter module packaging to the new system and fix iptables dependencies X-Git-Tag: reboot~30718^2~383 X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=daa509ea7fa0b2c79b84cb476aee5dcecae54684;p=openwrt%2Fstaging%2Fchunkeey.git port over the netfilter module packaging to the new system and fix iptables dependencies SVN-Revision: 4206 --- diff --git a/openwrt/include/modules-2.4.mk b/openwrt/include/modules-2.4.mk index 93a8973734..4f2d0b5dd0 100644 --- a/openwrt/include/modules-2.4.mk +++ b/openwrt/include/modules-2.4.mk @@ -17,10 +17,6 @@ $(eval $(call KMOD_template,GRE,gre,\ $(MODULES_DIR)/kernel/net/ipv4/ip_gre.o \ ,CONFIG_NET_IPGRE)) -$(eval $(call KMOD_template,IMQ,imq,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/*IMQ*.o \ - $(MODULES_DIR)/kernel/drivers/net/imq.o \ -)) $(eval $(call KMOD_template,IPIP,ipip,\ $(MODULES_DIR)/kernel/net/ipv4/ipip.o \ ,CONFIG_NET_IPIP,,60,ipip)) @@ -56,61 +52,6 @@ $(eval $(call KMOD_template,TUN,tun,\ $(MODULES_DIR)/kernel/drivers/net/tun.o \ ,CONFIG_TUN,,20,tun)) -# Filtering / Firewalling - -$(eval $(call KMOD_template,ARPTABLES,arptables,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/arp*.o \ -,CONFIG_IP_NF_ARPTABLES)) - -$(eval $(call KMOD_template,EBTABLES,ebtables,\ - $(MODULES_DIR)/kernel/net/bridge/netfilter/*.o \ -,CONFIG_BRIDGE_NF_EBTABLES)) - -# metapackage for compatibility ... -$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\ -,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd)) - -$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\ - $(foreach mod,$(IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -)) - -$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\ - $(foreach mod,$(IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -)) - -$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\ - $(foreach mod,$(IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -)) - -$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\ - $(foreach mod,$(IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -)) - -$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\ - $(foreach mod,$(IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -)) - -$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\ - $(foreach mod,$(IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -)) - -$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\ - $(foreach mod,$(IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -,,,40,$(IPT_NAT_EXTRA-m))) - -$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\ - $(foreach mod,$(IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -)) - -$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\ - $(foreach mod,$(IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ -)) - -$(eval $(call KMOD_template,IP6TABLES,ip6tables,\ - $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \ -,CONFIG_IP6_NF_IPTABLES,kmod-ipv6)) - - # Block devices $(eval $(call KMOD_template,LOOP,loop,\ diff --git a/openwrt/include/modules-2.6.mk b/openwrt/include/modules-2.6.mk index 56129343f3..dab735576a 100644 --- a/openwrt/include/modules-2.6.mk +++ b/openwrt/include/modules-2.6.mk @@ -19,11 +19,6 @@ $(eval $(call KMOD_template,GRE,gre,\ $(MODULES_DIR)/kernel/net/ipv4/ip_gre.ko \ ,CONFIG_NET_IPGRE)) -$(eval $(call KMOD_template,IMQ,imq,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/*IMQ*.ko \ - $(MODULES_DIR)/kernel/drivers/net/imq.ko \ -,CONFIG_IMQ)) - $(eval $(call KMOD_template,IPIP,ipip,\ $(MODULES_DIR)/kernel/net/ipv4/ipip.ko \ ,CONFIG_NET_IPIP,,60,ipip)) @@ -60,62 +55,6 @@ $(eval $(call KMOD_template,TUN,tun,\ $(MODULES_DIR)/kernel/drivers/net/tun.ko \ ,CONFIG_TUN,,20,tun)) - -# Filtering / Firewalling - -$(eval $(call KMOD_template,ARPTABLES,arptables,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/arp*.ko \ -,CONFIG_IP_NF_ARPTABLES)) - -$(eval $(call KMOD_template,EBTABLES,ebtables,\ - $(MODULES_DIR)/kernel/net/bridge/netfilter/*.ko \ -,CONFIG_BRIDGE_NF_EBTABLES)) - -# metapackage for compatibility ... -$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\ -,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd)) - -$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\ - $(foreach mod,$(IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -)) - -$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\ - $(foreach mod,$(IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -)) - -$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\ - $(foreach mod,$(IPT_FILTER-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -)) - -$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\ - $(foreach mod,$(IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -)) - -$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\ - $(foreach mod,$(IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -)) - -$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\ - $(foreach mod,$(IPT_NAT-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -)) - -$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\ - $(foreach mod,$(IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -,,,40,$(IPT_NAT_EXTRA-m))) - -$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\ - $(foreach mod,$(IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -)) - -$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\ - $(foreach mod,$(IPT_ULOG-m),$(MODULES_DIR)/kernel/net/$(mod).ko) \ -)) - -$(eval $(call KMOD_template,IP6TABLES,ip6tables,\ - $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.ko \ -,CONFIG_IP6_NF_IPTABLES,kmod-ipv6)) - - # Block devices $(eval $(call KMOD_template,LOOP,loop,\ diff --git a/openwrt/include/netfilter.mk b/openwrt/include/netfilter.mk index 236d4b2429..d4ec0f3915 100644 --- a/openwrt/include/netfilter.mk +++ b/openwrt/include/netfilter.mk @@ -6,12 +6,9 @@ # # $Id: netfilter.mk 2411 2005-11-11 03:41:43Z nico $ -ifeq ($(NF_2_6),1) +ifeq ($(NF_KMOD),1) P_V4:=ipv4/netfilter/ P_XT:=netfilter/ -else -P_V4:= -P_XT:= endif IPT_CONNTRACK-m := @@ -84,6 +81,7 @@ IPT_NAT-$(CONFIG_IP_NF_NAT) += $(P_V4)ipt_SNAT $(P_V4)ipt_DNAT IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += $(P_V4)ipt_MASQUERADE IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += $(P_V4)ipt_MIRROR IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += $(P_V4)ipt_REDIRECT +IPT_NAT-$(CONFIG_IP_NF_TARGET_NETMAP) += $(P_V4)ipt_NETMAP IPT_NAT_EXTRA-m := IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += $(P_V4)ip_conntrack_amanda diff --git a/openwrt/package/iptables/Makefile b/openwrt/package/iptables/Makefile index 54a94f2c97..99ef3347c0 100644 --- a/openwrt/package/iptables/Makefile +++ b/openwrt/package/iptables/Makefile @@ -49,7 +49,7 @@ endef define Package/iptables-mod-conntrack SECTION:=net CATEGORY:=Base system -DEPENDS:=iptables +DEPENDS:=iptables +kmod-ipt-conntrack TITLE:=connection tracking modules DESCRIPTION:=iptables extensions for connection tracking \\\ Includes: \\\ @@ -61,7 +61,7 @@ endef define Package/iptables-mod-filter SECTION:=net CATEGORY:=Base system -DEPENDS:=iptables +DEPENDS:=iptables +kmod-ipt-filter TITLE:=filter modules DESCRIPTION:=iptables extensions for packet content inspection\\\ Includes: \\\ @@ -73,7 +73,7 @@ define Package/iptables-mod-imq SECTION:=net CATEGORY:=Base system DEPENDS:=iptables -TITLE:=IMQ support +TITLE:=IMQ support +kmod-imq DESCRIPTION:=iptables extension for IMQ support\\\ Includes: \\\ * libipt_IMQ @@ -82,7 +82,7 @@ endef define Package/iptables-mod-ipopt SECTION:=net CATEGORY:=Base system -DEPENDS:=iptables +DEPENDS:=iptables +kmod-ipt-ipopt TITLE:=IP/Packet option modules DESCRIPTION:=iptables extensions for matching/changing IP packet options\\\ Includes: \\\ @@ -99,7 +99,7 @@ endef define Package/iptables-mod-ipsec SECTION:=net CATEGORY:=Base system -DEPENDS:=iptables +DEPENDS:=iptables +kmod-ipt-ipsec TITLE:=IPSec extensions DESCRIPTION:=iptables extensions for matching ipsec traffic\\\ Includes: \\\ @@ -110,7 +110,7 @@ endef define Package/iptables-mod-nat SECTION:=net CATEGORY:=Base system -DEPENDS:=iptables +DEPENDS:=iptables +kmod-ipt-nat TITLE:=extra NAT targets DESCRIPTION:=iptables extensions for different NAT targets\\\ Includes: \\\ @@ -120,7 +120,7 @@ endef define Package/iptables-mod-ulog SECTION:=net CATEGORY:=Base system -DEPENDS:=iptables +DEPENDS:=iptables +kmod-ipt-ulog TITLE:=user-space packet logging DESCRIPTION:=iptables extensions for user-space packet logging\\\ Includes: \\\ @@ -130,7 +130,7 @@ endef define Package/iptables-mod-extra SECTION:=net CATEGORY:=Base system -DEPENDS:=iptables +DEPENDS:=iptables +kmod-ipt-extra TITLE:=other extra iptables extensions DESCRIPTION:=other extra iptables extensions\\\ Includes: \\\ diff --git a/openwrt/package/kernel/Makefile b/openwrt/package/kernel/Makefile index 14fcda288d..39978ab9f1 100644 --- a/openwrt/package/kernel/Makefile +++ b/openwrt/package/kernel/Makefile @@ -18,6 +18,7 @@ PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/packages include $(INCLUDE_DIR)/package.mk ifeq ($(DUMP),) -include $(LINUX_DIR)/.config +NF_KMOD:=1 include $(INCLUDE_DIR)/netfilter.mk endif diff --git a/openwrt/package/kernel/modules.mk b/openwrt/package/kernel/modules.mk index ff979cf868..f1e1009d10 100644 --- a/openwrt/package/kernel/modules.mk +++ b/openwrt/package/kernel/modules.mk @@ -63,4 +63,164 @@ AUTOLOAD:=$(call AutoLoad,30,pdc202xx_old) endef $(eval $(call KernelPackage,ide-pdc202xx)) +NFMENU:=Netfilter Extensions + +define KernelPackage/ipt-conntrack +TITLE:=Modules for connection tracking +DESCRIPTION:=Netfilter (IPv4) kernel modules for connection tracking\\\ +Includes: \\\ + * ipt_conntrack \\\ + * ipt_helper \\\ + * ipt_connmark/CONNMARK +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-conntrack)) + + +define KernelPackage/ipt-filter +TITLE:=Modules for packet content inspection +DESCRIPTION:=Netfilter (IPv4) kernel modules for packet content inspection \\\ +Includes: \\\ + * ipt_ipp2p \\\ + * ipt_layer7 +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_FILTER-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-filter)) + + +define KernelPackage/ipt-ipopt +TITLE:=Modules for matching/changing IP packet options +DESCRIPTION:=Netfilter (IPv4) modules for matching/changing IP packet options \\\ +Includes: \\\ + * ipt_dscp/DSCP \\\ + * ipt_ecn/ECN \\\ + * ipt_length \\\ + * ipt_mac \\\ + * ipt_tos/TOS \\\ + * ipt_tcpmms \\\ + * ipt_ttl/TTL \\\ + * ipt_unclean +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-ipopt)) + + +define KernelPackage/ipt-ipsec +TITLE:=Modules for matching IPSec packets +DESCRIPTION:=Netfilter (IPv4) modules for matching IPSec packets \\\ +Includes: \\\ + * ipt_ah \\\ + * ipt_esp +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-ipsec)) + + +define KernelPackage/ipt-nat +TITLE:=Modules for extra NAT targets +DESCRIPTION:=Netfilter (IPv4) modules for extra NAT targets \\\ +Includes: \\\ + * ipt_REDIRECT \\\ + * ipt_NETMAP +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_NAT-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-nat)) + +define KernelPackage/ipt-nathelper +TITLE:=Extra Conntrack and NAT helpers +DESCRIPTION:=Extra Conntrack and NAT helpers (IPv4) \\\ +Includes: \\\ + * ip_conntrack_amanda \\\ + * ip_conntrack_proto_gre \\\ + * ip_nat_proto_gre \\\ + * ip_conntrack_pptp \\\ + * ip_nat_pptp \\\ + * ip_conntrack_sip \\\ + * ip_nat_sip \\\ + * ip_nat_snmp_basic \\\ + * ip_conntrack_tftp +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-nathelper)) + +define KernelPackage/ipt-imq +TITLE:=Intermediate Queueing support +DESCRIPTION:=Kernel support for Intermediate Queueing devices +KCONFIG:=$(CONFIG_IMQ) +SUBMENU:=$(NFMENU) +FILES:= \ + $(MODULES_DIR)/kernel/net/ipv4/netfilter/*IMQ*.$(LINUX_KMOD_SUFFIX) \ + $(MODULES_DIR)/kernel/drivers/net/imq.$(LINUX_KMOD_SUFFIX) +endef +$(eval $(call KernelPackage,imq)) + + +define KernelPackage/ipt-queue +TITLE:=Module for user-space packet queueing +DESCRIPTION:=Netfilter (IPv4) module for user-space packet queueing \\\ +Includes: \\\ + * ipt_QUEUE +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-queue)) + +define KernelPackage/ipt-ulog +TITLE:=Module for user-space packet logging +DESCRIPTION:=Netfilter (IPv4) module for user-space packet logging \\\ +Includes: \\\ + * ipt_ULOG +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_ULOG-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-ulog)) + +define KernelPackage/ipt-extra +TITLE:=Extra modules +DESCRIPTION:=Other Netfilter (IPv4) kernel modules\\\ +Includes: \\\ + * ipt_limit \\\ + * ipt_owner \\\ + * ipt_physdev \\\ + * ipt_pkttype \\\ + * ipt_recent +SUBMENU:=$(NFMENU) +FILES:=$(foreach mod,$(IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX)) +endef +$(eval $(call KernelPackage,ipt-extra)) + +define KernelPackage/ip6tables +TITLE:=IPv6 modules +DESCRIPTION:=Netfilter IPv6 firewalling support +SUBMENU:=$(NFMENU) +FILES:=$(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.$(LINUX_KMOD_SUFFIX) +endef +$(eval $(call KernelPackage,ip6tables)) + + +define KernelPackage/arptables +TITLE:=ARP firewalling modules +DESCRIPTION:=Kernel modules for ARP firewalling +SUBMENU:=$(NFMENU) +FILES:=$(MODULES_DIR)/kernel/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX) +KCONFIG:=$(CONFIG_IP_NF_ARPTABLES) +endef +$(eval $(call KernelPackage,arptables)) + + +define KernelPackage/ebtables +TITLE:=Bridge firewalling modules +DESCRIPTION:=Kernel modules for Ethernet Bridge firewalling +SUBMENU:=$(NFMENU) +FILES:=$(MODULES_DIR)/kernel/net/bridge/netfilter/*.$(LINUX_KMOD_SUFFIX) +KCONFIG:=$(CONFIG_BRIDGE_NF_EBTABLES) +endef +$(eval $(call KernelPackage,ebtables)) + diff --git a/openwrt/target/linux/Config.in b/openwrt/target/linux/Config.in index 47d87775de..2fcb95f295 100644 --- a/openwrt/target/linux/Config.in +++ b/openwrt/target/linux/Config.in @@ -23,13 +23,6 @@ config PACKAGE_KMOD_GRE help Kernel support for GRE tunnels -config PACKAGE_KMOD_IMQ - prompt "kmod-imq.......................... Intermediate Queueing device" - tristate - default m - help - Kernel support for the Intermediate Queueing device - config PACKAGE_KMOD_IPIP prompt "kmod-ipip......................... IP in IP encapsulation support" tristate @@ -101,168 +94,6 @@ config PACKAGE_KMOD_TUN endmenu -menu "Filtering/Firewalling" - -config PACKAGE_KMOD_ARPTABLES - prompt "kmod-arptables.................... ARP firewalling support" - tristate - default m - help - Kernel modules for ARP firewalling - -config PACKAGE_KMOD_EBTABLES - prompt "kmod-ebtables..................... Ethernet Bridge firewalling support" - tristate - default m - help - Kernel modules for bridge firewalling - -config PACKAGE_KMOD_IPTABLES - prompt "kmod-iptables..................... Core Netfilter modules for IPv4 firewalling" - tristate - default y - help - Kernel modules for IPv4 firewalling - -config PACKAGE_KMOD_IPTABLES_EXTRA - prompt "kmod-iptables-extra............... Extra Netfilter modules for IPv4 firewalling (meta-package)" - tristate - default m - select PACKAGE_KMOD_IPT_CONNTRACK - select PACKAGE_KMOD_IPT_FILTER - select PACKAGE_KMOD_IPT_IPOPT - select PACKAGE_KMOD_IPT_IPSEC - select PACKAGE_KMOD_IPT_NAT - select PACKAGE_KMOD_IPT_NAT_EXTRA - select PACKAGE_KMOD_IPT_QUEUE - select PACKAGE_KMOD_IPT_ULOG - select PACKAGE_KMOD_IPT_EXTRA - help - Extra Netfilter kernel modules for IPv4 firewalling (meta-package) - -config PACKAGE_KMOD_IPT_CONNTRACK - prompt "kmod-ipt-conntrack................ Netfilter modules for connection tracking" - tristate - default m - help - Netfilter (IPv4) kernel modules for connection tracking - - Includes: - * ipt_conntrack - * ipt_helper - * ipt_connmark/CONNMARK - -config PACKAGE_KMOD_IPT_FILTER - prompt "kmod-ipt-filter................... Netfilter modules for packet content inspection" - tristate - default m - help - Netfilter (IPv4) kernel modules for packet content inspection - - Includes: - * ipt_ipp2p - * ipt_layer7 - -config PACKAGE_KMOD_IPT_IPOPT - prompt "kmod-ipt-ipopt.................... Netfilter modules for matching/changing IP packet options" - tristate - default m - help - Netfilter (IPv4) kernel modules for matching/changing IP packet options - - Includes: - * ipt_dscp/DSCP - * ipt_ecn/ECN - * ipt_length - * ipt_mac - * ipt_tos/TOS - * ipt_tcpmms - * ipt_ttl/TTL - * ipt_unclean - -config PACKAGE_KMOD_IPT_IPSEC - prompt "kmod-ipt-ipsec.................... Netfilter modules for matching IPsec packets" - tristate - default m - help - Netfilter (IPv4) kernel modules for matching IPsec packets - - Includes: - * ipt_ah - * ipt_esp - -config PACKAGE_KMOD_IPT_NAT - prompt "kmod-ipt-nat...................... Netfilter modules for different NAT targets" - tristate - default m - help - Netfilter (IPv4) kernel modules for different NAT targets - - Includes: - * ipt_REDIRECT - -config PACKAGE_KMOD_IPT_NAT_EXTRA - prompt "kmod-ipt-nat-extra................ Extra Netfilter NAT modules for special protocols" - tristate - default m - help - Extra Netfilter (IPv4) NAT kernel modules for special protocols - - Includes: - * ip_conntrack_amanda - * ip_conntrack_proto_gre - * ip_nat_proto_gre - * ip_conntrack_pptp - * ip_nat_pptp - * ip_conntrack_sip - * ip_nat_sip - * ip_nat_snmp_basic - * ip_conntrack_tftp - -config PACKAGE_KMOD_IPT_QUEUE - prompt "kmod-ipt-queue.................... Netfilter module for user-space packet queueing" - tristate - default m - help - Netfilter (IPv4) module for user-space packet queueing - - Includes: - * ipt_QUEUE - -config PACKAGE_KMOD_IPT_ULOG - prompt "kmod-ipt-ulog..................... Netfilter module for user-space packet logging" - tristate - default m - help - Netfilter (IPv4) module for user-space packet logging - - Includes: - * ipt_ULOG - -config PACKAGE_KMOD_IPT_EXTRA - prompt "kmod-ipt-extra.................... Other extra Netfilter modules" - tristate - default m - help - Other extra Netfilter (IPv4) kernel modules - - Includes: - * ipt_limit - * ipt_owner - * ipt_physdev - * ipt_pkttype - * ipt_recent - -config PACKAGE_KMOD_IP6TABLES - prompt "kmod-ip6tables.................... Kernel modules for ip6tables" - tristate - default m - depends PACKAGE_KMOD_IPV6 - help - IPv6 firewalling support - -endmenu - menu "Block devices support" config PACKAGE_kmod-ide-core