help
Kernel modules for bridge firewalling
-config BR2_PACKAGE_KMOD_IPTABLES_V4_EXTRA
- tristate "Extra modules for iptables"
+config BR2_PACKAGE_KMOD_IPTABLES_EXTRA
+ tristate "Extra Netfilter modules for IPv4 firewalling (meta-package)"
default m
- select BR2_PACKAGE_KMOD_NAT_EXTRA
- select BR2_PACKAGE_KMOD_QUEUE
- select BR2_PACKAGE_KMOD_IPT_IPSEC
- select BR2_PACKAGE_KMOD_IPT_IPOPT
select BR2_PACKAGE_KMOD_IPT_CONNTRACK
select BR2_PACKAGE_KMOD_IPT_FILTER
+ select BR2_PACKAGE_KMOD_IPT_IPOPT
+ select BR2_PACKAGE_KMOD_IPT_IPSEC
select BR2_PACKAGE_KMOD_IPT_NAT
+ select BR2_PACKAGE_KMOD_IPT_NAT_EXTRA
+ select BR2_PACKAGE_KMOD_IPT_QUEUE
+ select BR2_PACKAGE_KMOD_IPT_ULOG
select BR2_PACKAGE_KMOD_IPT_EXTRA
help
- Extra kernel modules for IPv4 firewalling (metapackage)
+ Extra Netfilter kernel modules for IPv4 firewalling (meta-package)
+
+config BR2_PACKAGE_KMOD_IPT_CONNTRACK
+ tristate "Netfilter modules for connection tracking"
+ default m
+ help
+ Netfilter (IPv4) kernel modules for connection tracking
+
+ Includes:
+ * ipt_conntrack
+ * ipt_helper
+ * ipt_connmark/CONNMARK
-config BR2_PACKAGE_KMOD_NAT_EXTRA
- tristate "Extra NAT modules for iptables"
+config BR2_PACKAGE_KMOD_IPT_FILTER
+ tristate "Netfilter modules for packet content inspection"
default m
help
- Extra NAT kernel modules for special protocols
+ Netfilter (IPv4) kernel modules for packet content inspection
+
+ Includes:
+ * ipt_ipp2p
+ * ipt_layer7
-config BR2_PACKAGE_KMOD_QUEUE
- tristate "iptables module for user-space queueing"
+config BR2_PACKAGE_KMOD_IPT_IPOPT
+ tristate "Netfilter modules for matching/changing IP packet options"
default m
help
- iptables module for user-space queueing
+ Netfilter (IPv4) kernel modules for matching/changing IP packet options
+
+ Includes:
+ * ipt_dscp/DSCP
+ * ipt_ecn/ECN
+ * ipt_length
+ * ipt_mac
+ * ipt_tos/TOS
+ * ipt_tcpmms
+ * ipt_ttl/TTL
+ * ipt_unclean
config BR2_PACKAGE_KMOD_IPT_IPSEC
- tristate "Extra iptables modules for matching IPSec"
+ tristate "Netfilter modules for matching IPsec packets"
default m
help
- Extra iptables modules for matching special IPSec packets
+ Netfilter (IPv4) kernel modules for matching IPsec packets
+
+ Includes:
+ * ipt_ah
+ * ipt_esp
-config BR2_PACKAGE_KMOD_IPT_IPOPT
- tristate "Extra iptables modules for matching IP packet options"
+config BR2_PACKAGE_KMOD_IPT_NAT
+ tristate "Netfilter modules for different NAT targets"
default m
help
- Extra iptables modules for matching IP packet options
+ Netfilter (IPv4) kernel modules for different NAT targets
-config BR2_PACKAGE_KMOD_IPT_CONNTRACK
- tristate "Extra iptables modules for conntrack matching"
+ Includes:
+ * ipt_REDIRECT
+
+config BR2_PACKAGE_KMOD_IPT_NAT_EXTRA
+ tristate "Extra Netfilter NAT modules for special protocols"
default m
help
- Extra iptables modules for matching conntrack states/options
+ Extra Netfilter (IPv4) NAT kernel modules for special protocols
+
+ Includes:
+ * ip_conntrack_amanda
+ * ip_conntrack_proto_gre
+ * ip_nat_proto_gre
+ * ip_conntrack_pptp
+ * ip_nat_pptp
+ * ip_nat_snmp_basic
+ * ip_conntrack_tftp
-config BR2_PACKAGE_KMOD_IPT_FILTER
- tristate "Extra iptables modules for content filtering"
+config BR2_PACKAGE_KMOD_IPT_QUEUE
+ tristate "Netfilter module for user-space packet queueing"
default m
help
- Extra iptables modules for filtering the contents of packets
- Includes: ipp2p, layer7
+ Netfilter (IPv4) module for user-space packet queueing
+
+ Includes:
+ * ipt_QUEUE
-config BR2_PACKAGE_KMOD_IPT_NAT
- tristate "Extra iptables modules for NAT"
+config BR2_PACKAGE_KMOD_IPT_ULOG
+ tristate "Netfilter module for user-space packet logging"
default m
help
- Extra iptables modules for different NAT targets
- (MIRROR, REDIRECT)
+ Netfilter (IPv4) module for user-space packet logging
+
+ Includes:
+ * ipt_ULOG
config BR2_PACKAGE_KMOD_IPT_EXTRA
- tristate "Other extra iptables modules"
+ tristate "Other extra Netfilter modules"
default m
help
- recent and owner match
+ Other extra Netfilter (IPv4) kernel modules
+
+ Includes:
+ * ipt_limit
+ * ipt_owner
+ * ipt_physdev
+ * ipt_pkttype
+ * ipt_recent
config BR2_PACKAGE_KMOD_IMQ
tristate "Intermediate Queueing device"
help
Kernel modules for IPv6 protocol support
-config BR2_PACKAGE_KMOD_IPTABLES_V6
+config BR2_PACKAGE_KMOD_IP6TABLES
tristate "Kernel modules for ip6tables"
default m
depends BR2_PACKAGE_KMOD_IPV6
Package: kmod-ipt-conntrack
Priority: optional
Section: net
-Description: Extra iptables modules for matching conntrack states/options
+Description: Extra Netfilter (IPv4) kernel modules for connection tracking
Package: kmod-ipt-extra
Priority: optional
Section: net
-Description: Other extra iptables modules
+Description: Other extra Netfilter (IPv4) kernel modules
Package: kmod-ipt-filter
Priority: optional
Section: net
-Description: Extra iptables modules for filtering the contents of packets
+Description: Netfilter (IPv4) kernel modules for packet content inspection
Package: kmod-ipt-ipopt
Priority: optional
Section: net
-Description: Extra iptables modules for matching IP packet options
+Description: Netfilter (IPv4) kernel modules for matching/changing IP packet options
Package: kmod-ipt-ipsec
Priority: optional
Section: net
-Description: Extra iptables modules for matching special IPSec packets
+Description: Netfilter (IPv4) kernel modules for matching special IPsec packets
--- /dev/null
+Package: kmod-ipt-nat-extra
+Priority: optional
+Section: net
+Description: Extra Netfilter (IPv4) NAT kernel modules for special protocols
Package: kmod-ipt-nat
Priority: optional
Section: net
-Description: Extra iptables modules for different NAT targets
+Description: Netfilter (IPv4) kernel modules for different NAT targets
--- /dev/null
+Package: kmod-ipt-queue
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel module for user-space packet queuing
--- /dev/null
+Package: kmod-ipt-ulog
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel module for user-space packet logging
+++ /dev/null
-Package: kmod-nat-extra
-Priority: optional
-Section: net
-Description: Extra NAT kernel modules for special protocols
+++ /dev/null
-Package: kmod-queue
-Priority: optional
-Section: net
-Description: iptables module for user-space queueing
include ../netfilter.mk
# metapackage for compatibility ...
-$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\
-,,kmod-nat-extra kmod-queue kmod-ipt-ipsec kmod-ipt-ipopt kmod-ipt-conntrack kmod-ipt-filter kmod-ipt-nat kmod-ipt-extra))
-
-$(eval $(call KMOD_template,NAT_EXTRA,nat-extra,\
- $(foreach mod,$(PKG_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-,,,40,$(PKG_NAT_EXTRA-m)))
-$(eval $(call KMOD_template,QUEUE,queue,\
- $(foreach mod,$(PKG_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\
+,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-nat-extra kmod-queue))
+
+$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
+ $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
))
-$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
- $(foreach mod,$(PKG_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
+ $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
))
-$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
- $(foreach mod,$(PKG_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
+ $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
))
-$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
- $(foreach mod,$(PKG_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
+ $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
))
-$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
- $(foreach mod,$(PKG_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
+ $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
))
$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\
- $(foreach mod,$(PKG_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+ $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
))
+$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\
+ $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m)))
+$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\
+ $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\
+ $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
$(eval $(call KMOD_template,IMQ,imq,\
$(MODULES_DIR)/kernel/net/*/netfilter/*IMQ* \
$(MODULES_DIR)/kernel/drivers/net/imq.o \
))
-$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
- $(foreach mod,$(PKG_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-))
+
+
+$(eval $(call KMOD_template,IP6TABLES,ip6tables,\
+ $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \
+,CONFIG_IP6_IPT_IPTABLES,kmod-ipv6))
$(eval $(call KMOD_template,B44,b44,\
$(eval $(call KMOD_template,EBT,ebtables,\
$(MODULES_DIR)/kernel/net/bridge/netfilter/*.o \
,CONFIG_BRIDGE_NF_EBTABLES))
-$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\
- $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \
-,CONFIG_IP6_NF_IPTABLES,kmod-ipv6))
$(eval $(call KMOD_template,IPV6,ipv6,\
$(MODULES_DIR)/kernel/net/ipv6/ipv6.o \
,CONFIG_IPV6,,20,ipv6))
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
-CONFIG_IP_NF_MATCH_TCPMSS=y
+CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_IMQ=m
CONFIG_IP_NF_TARGET_CONNMARK=m
-CONFIG_IP_NF_TARGET_LOG=y
+CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=y
+# $Id$
-PKG_NAT_EXTRA-m :=
-PKG_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda
-PKG_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp
-PKG_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre
-PKG_NAT_EXTRA-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp
-PKG_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre
-PKG_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp
-PKG_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic
-
-PKG_QUEUE-m :=
-PKG_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue
-
-PKG_IPT_IPSEC-m :=
-PKG_IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
-
-PKG_IPT_IPOPT-m :=
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
-PKG_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
-
-
-PKG_IPT_CONNTRACK-m :=
-PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
-PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
-PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
-PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
-PKG_IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
-
-PKG_IPT_FILTER-m :=
-PKG_IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
-PKG_IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
-
-PKG_IPT_NAT-m :=
-PKG_IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
-PKG_IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
-
-PKG_IPT_EXTRA-m :=
-PKG_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
-PKG_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
-PKG_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+#
+# kernel modules
+#
+
+IPKG_KMOD_IPT_CONNTRACK-m :=
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPKG_KMOD_IPT_EXTRA-m :=
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += multiport
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPKG_KMOD_IPT_FILTER-m :=
+IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPKG_KMOD_IPT_IPOPT-m :=
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPKG_KMOD_IPT_IPSEC-m :=
+IPKG_KMOD_IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPKG_KMOD_IPT_NAT-m :=
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPKG_KMOD_IPT_NAT_EXTRA-m :=
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp
+
+IPKG_KMOD_IPT_QUEUE-m :=
+IPKG_KMOD_IPT_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue
+
+IPKG_KMOD_IPT_ULOG-m :=
+IPKG_KMOD_IPT_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+
+#
+# iptables extensions
+#
+
+IPKG_IPTABLES-y := ipt_standard
+IPKG_IPTABLES-y := ipt_icmp ipt_tcp ipt_udp
+
+IPKG_IPTABLES_MOD_CONNTRACK-m :=
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPKG_IPTABLES_MOD_EXTRA-m :=
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPKG_IPTABLES_MOD_FILTER-m :=
+IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPKG_IPTABLES_MOD_IMQ-m :=
+IPKG_IPTABLES_MOD_IMQ-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ
+
+IPKG_IPTABLES_MOD_IPOPT-m :=
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPKG_IPTABLES_MOD_IPSEC-m :=
+IPKG_IPTABLES_MOD_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPKG_IPTABLES_MOD_NAT-m :=
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_NAT) += ipt_SNAT ipt_DNAT
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPKG_IPTABLES_MOD_ULOG-m :=
+IPKG_IPTABLES_MOD_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_CONNTRACK-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_EXTRA-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_FILTER-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IMQ-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPOPT-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPSEC-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_NAT-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_ULOG-y)
projects / openwrt / svn-archive / openwrt.git / commitdiff