projects / openwrt / staging / mkresin.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d2ae482)
netfilter.mk: add conntrack support to nft bridge
authorEtienne Champetier <champetier.etienne@gmail.com>
Mon, 24 Jan 2022 22:30:43 +0000 (17:30 -0500)
committerHauke Mehrtens <hauke@hauke-m.de>
Fri, 28 Jan 2022 21:05:03 +0000 (22:05 +0100)
This allows to implement statefull bridge filtering

As the uncompressed size is only 7.6k (arm64), just add
nf_conntrack_bridge.ko to kmod-nft-bridge package

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
include/netfilter.mk patch | blob | history

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 803749d931c925de85ba5e0884a563452aeac7ae..65e8e3b8f0d1019b3b5c47380290651071800f66 100644 (file)
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -332,6 +332,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_EBT)nf_conntrack_bridge),))
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),))
Staging tree of Mathias Kresin