3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU:=Netfilter Extensions
11 include $(INCLUDE_DIR)/netfilter.mk
14 define KernelPackage/nf-ipt
19 CONFIG_NETFILTER_ADVANCED=y \
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
25 $(eval $(call KernelPackage,nf-ipt))
28 define KernelPackage/nf-ipt6
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
37 $(eval $(call KernelPackage,nf-ipt6))
41 define KernelPackage/ipt-core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
62 $(eval $(call KernelPackage,ipt-core))
65 define KernelPackage/nf-conntrack
67 TITLE:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED=y \
71 $(KCONFIG_NF_CONNTRACK)
72 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
73 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
76 $(eval $(call KernelPackage,nf-conntrack))
79 define KernelPackage/nf-conntrack6
81 TITLE:=Netfilter IPv6 connection tracking
82 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
83 DEPENDS:=+kmod-ipv6 +kmod-nf-conntrack
84 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
85 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
88 $(eval $(call KernelPackage,nf-conntrack6))
91 define KernelPackage/nf-nat
94 KCONFIG:=$(KCONFIG_NF_NAT)
95 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
96 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
97 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
100 $(eval $(call KernelPackage,nf-nat))
103 define KernelPackage/nf-nat6
105 TITLE:=Netfilter IPV6-NAT
106 KCONFIG:=$(KCONFIG_NF_NAT6)
107 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
108 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
109 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
112 $(eval $(call KernelPackage,nf-nat6))
115 define AddDepends/ipt
117 DEPENDS+= +kmod-ipt-core $(1)
121 define KernelPackage/ipt-conntrack
122 TITLE:=Basic connection tracking modules
123 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
124 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
126 $(call AddDepends/ipt,+kmod-nf-conntrack)
129 define KernelPackage/ipt-conntrack/description
130 Netfilter (IPv4) kernel modules for connection tracking
139 $(eval $(call KernelPackage,ipt-conntrack))
142 define KernelPackage/ipt-conntrack-extra
143 TITLE:=Extra connection tracking modules
144 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
145 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
146 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
147 $(call AddDepends/ipt,+kmod-ipt-conntrack)
150 define KernelPackage/ipt-conntrack-extra/description
151 Netfilter (IPv4) extra kernel modules for connection tracking
160 $(eval $(call KernelPackage,ipt-conntrack-extra))
163 define KernelPackage/ipt-filter
164 TITLE:=Modules for packet content inspection
165 KCONFIG:=$(KCONFIG_IPT_FILTER)
166 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
167 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
168 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
171 define KernelPackage/ipt-filter/description
172 Netfilter (IPv4) kernel modules for packet content inspection
178 $(eval $(call KernelPackage,ipt-filter))
181 define KernelPackage/ipt-ipopt
182 TITLE:=Modules for matching/changing IP packet options
183 KCONFIG:=$(KCONFIG_IPT_IPOPT)
184 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
185 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
186 $(call AddDepends/ipt)
189 define KernelPackage/ipt-ipopt/description
190 Netfilter (IPv4) modules for matching/changing IP packet options
205 $(eval $(call KernelPackage,ipt-ipopt))
208 define KernelPackage/ipt-ipsec
209 TITLE:=Modules for matching IPSec packets
210 KCONFIG:=$(KCONFIG_IPT_IPSEC)
211 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
212 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
213 $(call AddDepends/ipt)
216 define KernelPackage/ipt-ipsec/description
217 Netfilter (IPv4) modules for matching IPSec packets
224 $(eval $(call KernelPackage,ipt-ipsec))
228 ipset/ip_set_bitmap_ip \
229 ipset/ip_set_bitmap_ipmac \
230 ipset/ip_set_bitmap_port \
231 ipset/ip_set_hash_ip \
232 ipset/ip_set_hash_ipmark \
233 ipset/ip_set_hash_ipport \
234 ipset/ip_set_hash_ipportip \
235 ipset/ip_set_hash_ipportnet \
236 ipset/ip_set_hash_mac \
237 ipset/ip_set_hash_netportnet \
238 ipset/ip_set_hash_net \
239 ipset/ip_set_hash_netnet \
240 ipset/ip_set_hash_netport \
241 ipset/ip_set_hash_netiface \
242 ipset/ip_set_list_set \
245 define KernelPackage/ipt-ipset
246 SUBMENU:=Netfilter Extensions
247 TITLE:=IPset netfilter modules
248 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
251 CONFIG_IP_SET_MAX=256 \
252 CONFIG_NETFILTER_XT_SET \
253 CONFIG_IP_SET_BITMAP_IP \
254 CONFIG_IP_SET_BITMAP_IPMAC \
255 CONFIG_IP_SET_BITMAP_PORT \
256 CONFIG_IP_SET_HASH_IP \
257 CONFIG_IP_SET_HASH_IPMARK \
258 CONFIG_IP_SET_HASH_IPPORT \
259 CONFIG_IP_SET_HASH_IPPORTIP \
260 CONFIG_IP_SET_HASH_IPPORTNET \
261 CONFIG_IP_SET_HASH_MAC \
262 CONFIG_IP_SET_HASH_NET \
263 CONFIG_IP_SET_HASH_NETNET \
264 CONFIG_IP_SET_HASH_NETIFACE \
265 CONFIG_IP_SET_HASH_NETPORT \
266 CONFIG_IP_SET_HASH_NETPORTNET \
267 CONFIG_IP_SET_LIST_SET \
268 CONFIG_NET_EMATCH_IPSET=n
269 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
270 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
272 $(eval $(call KernelPackage,ipt-ipset))
275 define KernelPackage/ipt-nat
276 TITLE:=Basic NAT targets
277 KCONFIG:=$(KCONFIG_IPT_NAT)
278 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
279 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
280 $(call AddDepends/ipt,+kmod-nf-nat)
283 define KernelPackage/ipt-nat/description
284 Netfilter (IPv4) kernel modules for basic NAT targets
289 $(eval $(call KernelPackage,ipt-nat))
292 define KernelPackage/ipt-nat6
293 TITLE:=IPv6 NAT targets
294 KCONFIG:=$(KCONFIG_IPT_NAT6)
295 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
296 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
297 $(call AddDepends/ipt,+kmod-nf-nat6)
298 $(call AddDepends/ipt,+kmod-ipt-conntrack)
299 $(call AddDepends/ipt,+kmod-ipt-nat)
300 $(call AddDepends/ipt,+kmod-ip6tables)
303 define KernelPackage/ipt-nat6/description
304 Netfilter (IPv6) kernel modules for NAT targets
307 $(eval $(call KernelPackage,ipt-nat6))
310 define KernelPackage/ipt-nat-extra
311 TITLE:=Extra NAT targets
312 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
313 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
314 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
315 $(call AddDepends/ipt,+kmod-ipt-nat)
318 define KernelPackage/ipt-nat-extra/description
319 Netfilter (IPv4) kernel modules for extra NAT targets
325 $(eval $(call KernelPackage,ipt-nat-extra))
328 define KernelPackage/nf-nathelper
330 TITLE:=Basic Conntrack and NAT helpers
331 KCONFIG:=$(KCONFIG_NF_NATHELPER)
332 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
333 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
334 DEPENDS:=+kmod-nf-nat
337 define KernelPackage/nf-nathelper/description
338 Default Netfilter (IPv4) Conntrack and NAT helpers
345 $(eval $(call KernelPackage,nf-nathelper))
348 define KernelPackage/nf-nathelper-extra
350 TITLE:=Extra Conntrack and NAT helpers
351 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
352 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
353 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
354 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
357 define KernelPackage/nf-nathelper-extra/description
358 Extra Netfilter (IPv4) Conntrack and NAT helpers
370 $(eval $(call KernelPackage,nf-nathelper-extra))
373 define KernelPackage/ipt-ulog
374 TITLE:=Module for user-space packet logging
375 KCONFIG:=$(KCONFIG_IPT_ULOG)
376 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
377 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
378 $(call AddDepends/ipt)
381 define KernelPackage/ipt-ulog/description
382 Netfilter (IPv4) module for user-space packet logging
387 $(eval $(call KernelPackage,ipt-ulog))
390 define KernelPackage/ipt-nflog
391 TITLE:=Module for user-space packet logging
392 KCONFIG:=$(KCONFIG_IPT_NFLOG)
393 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
394 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
395 $(call AddDepends/ipt,+kmod-nfnetlink-log)
398 define KernelPackage/ipt-nflog/description
399 Netfilter module for user-space packet logging
404 $(eval $(call KernelPackage,ipt-nflog))
407 define KernelPackage/ipt-nfqueue
408 TITLE:=Module for user-space packet queuing
409 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
410 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
411 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
412 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
415 define KernelPackage/ipt-nfqueue/description
416 Netfilter module for user-space packet queuing
421 $(eval $(call KernelPackage,ipt-nfqueue))
424 define KernelPackage/ipt-debug
425 TITLE:=Module for debugging/development
426 KCONFIG:=$(KCONFIG_IPT_DEBUG)
428 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
429 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
430 $(call AddDepends/ipt)
433 define KernelPackage/ipt-debug/description
434 Netfilter modules for debugging/development of the firewall
439 $(eval $(call KernelPackage,ipt-debug))
442 define KernelPackage/ipt-led
443 TITLE:=Module to trigger a LED with a Netfilter rule
444 KCONFIG:=$(KCONFIG_IPT_LED)
445 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
446 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
447 $(call AddDepends/ipt)
450 define KernelPackage/ipt-led/description
451 Netfilter target to trigger a LED when a network packet is matched.
454 $(eval $(call KernelPackage,ipt-led))
456 define KernelPackage/ipt-tproxy
457 TITLE:=Transparent proxying support
458 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ipv6 +IPV6:kmod-ip6tables
460 CONFIG_NETFILTER_TPROXY \
461 CONFIG_NETFILTER_XT_MATCH_SOCKET \
462 CONFIG_NETFILTER_XT_TARGET_TPROXY
464 $(if $(call kernel_patchver_lt,3.12),$(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko) \
465 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
466 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
467 $(call AddDepends/ipt)
470 define KernelPackage/ipt-tproxy/description
471 Kernel modules for Transparent Proxying
474 $(eval $(call KernelPackage,ipt-tproxy))
476 define KernelPackage/ipt-tee
478 DEPENDS:=+kmod-ipt-conntrack +IPV6:kmod-ipv6
480 CONFIG_NETFILTER_XT_TARGET_TEE
482 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
483 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
484 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
485 $(call AddDepends/ipt)
488 define KernelPackage/ipt-tee/description
489 Kernel modules for TEE
492 $(eval $(call KernelPackage,ipt-tee))
495 define KernelPackage/ipt-u32
498 CONFIG_NETFILTER_XT_MATCH_U32
500 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
501 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
502 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
503 $(call AddDepends/ipt)
506 define KernelPackage/ipt-u32/description
507 Kernel modules for U32
510 $(eval $(call KernelPackage,ipt-u32))
513 define KernelPackage/ipt-iprange
514 TITLE:=Module for matching ip ranges
515 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
516 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
517 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
518 $(call AddDepends/ipt)
521 define KernelPackage/ipt-iprange/description
522 Netfilter (IPv4) module for matching ip ranges
527 $(eval $(call KernelPackage,ipt-iprange))
529 define KernelPackage/ipt-cluster
530 TITLE:=Module for matching cluster
531 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
532 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
533 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
534 $(call AddDepends/ipt)
537 define KernelPackage/ipt-cluster/description
538 Netfilter (IPv4/IPv6) module for matching cluster
539 This option allows you to build work-load-sharing clusters of
540 network servers/stateful firewalls without having a dedicated
541 load-balancing router/server/switch. Basically, this match returns
542 true when the packet must be handled by this cluster node. Thus,
543 all nodes see all packets and this match decides which node handles
544 what packets. The work-load sharing algorithm is based on source
547 This module is usable for ipv4 and ipv6.
549 To use it also enable iptables-mod-cluster
551 see `iptables -m cluster --help` for more information.
554 $(eval $(call KernelPackage,ipt-cluster))
556 define KernelPackage/ipt-clusterip
557 TITLE:=Module for CLUSTERIP
558 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
559 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
560 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
561 $(call AddDepends/ipt,+kmod-nf-conntrack)
564 define KernelPackage/ipt-clusterip/description
565 Netfilter (IPv4-only) module for CLUSTERIP
566 The CLUSTERIP target allows you to build load-balancing clusters of
567 network servers without having a dedicated load-balancing
568 router/server/switch.
570 To use it also enable iptables-mod-clusterip
572 see `iptables -j CLUSTERIP --help` for more information.
575 $(eval $(call KernelPackage,ipt-clusterip))
578 define KernelPackage/ipt-extra
580 KCONFIG:=$(KCONFIG_IPT_EXTRA)
581 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
582 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
583 $(call AddDepends/ipt)
586 define KernelPackage/ipt-extra/description
587 Other Netfilter (IPv4) kernel modules
591 - physdev (if bridge support was enabled in kernel)
596 $(eval $(call KernelPackage,ipt-extra))
599 define KernelPackage/ip6tables
602 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
603 KCONFIG:=$(KCONFIG_IPT_IPV6)
604 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
605 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
608 define KernelPackage/ip6tables/description
609 Netfilter IPv6 firewalling support
612 $(eval $(call KernelPackage,ip6tables))
614 define KernelPackage/ip6tables-extra
616 TITLE:=Extra IPv6 modules
617 DEPENDS:=+kmod-ip6tables
618 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
619 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
620 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
623 define KernelPackage/ip6tables-extra/description
624 Netfilter IPv6 extra header matching modules
627 $(eval $(call KernelPackage,ip6tables-extra))
629 ARP_MODULES = arp_tables arpt_mangle arptable_filter
630 define KernelPackage/arptables
632 TITLE:=ARP firewalling modules
633 DEPENDS:=+kmod-ipt-core
634 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
635 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
636 CONFIG_IP_NF_ARPFILTER \
637 CONFIG_IP_NF_ARP_MANGLE
638 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
641 define KernelPackage/arptables/description
642 Kernel modules for ARP firewalling
645 $(eval $(call KernelPackage,arptables))
648 define KernelPackage/ebtables
650 TITLE:=Bridge firewalling modules
651 DEPENDS:=+kmod-ipt-core +kmod-bridge
652 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
653 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
655 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
658 define KernelPackage/ebtables/description
659 ebtables is a general, extensible frame/packet identification
660 framework. It provides you to do Ethernet
661 filtering/NAT/brouting on the Ethernet bridge.
664 $(eval $(call KernelPackage,ebtables))
667 define AddDepends/ebtables
669 DEPENDS+=kmod-ebtables $(1)
673 define KernelPackage/ebtables-ipv4
674 TITLE:=ebtables: IPv4 support
675 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
676 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
677 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
678 $(call AddDepends/ebtables)
681 define KernelPackage/ebtables-ipv4/description
682 This option adds the IPv4 support to ebtables, which allows basic
683 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
686 $(eval $(call KernelPackage,ebtables-ipv4))
689 define KernelPackage/ebtables-ipv6
690 TITLE:=ebtables: IPv6 support
691 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
692 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
693 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
694 $(call AddDepends/ebtables)
697 define KernelPackage/ebtables-ipv6/description
698 This option adds the IPv6 support to ebtables, which allows basic
699 IPv6 header field filtering and target support.
702 $(eval $(call KernelPackage,ebtables-ipv6))
705 define KernelPackage/ebtables-watchers
706 TITLE:=ebtables: watchers support
707 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
708 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
709 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
710 $(call AddDepends/ebtables)
713 define KernelPackage/ebtables-watchers/description
714 This option adds the log watchers, that you can use in any rule
715 in any ebtables table.
718 $(eval $(call KernelPackage,ebtables-watchers))
721 define KernelPackage/nfnetlink
723 TITLE:=Netlink-based userspace interface
724 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
725 KCONFIG:=$(KCONFIG_NFNETLINK)
726 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
729 define KernelPackage/nfnetlink/description
730 Kernel modules support for a netlink-based userspace interface
733 $(eval $(call KernelPackage,nfnetlink))
736 define AddDepends/nfnetlink
738 DEPENDS+=+kmod-nfnetlink $(1)
742 define KernelPackage/nfnetlink-log
743 TITLE:=Netfilter LOG over NFNETLINK interface
744 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
745 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
746 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
747 $(call AddDepends/nfnetlink)
750 define KernelPackage/nfnetlink-log/description
751 Kernel modules support for logging packets via NFNETLINK
756 $(eval $(call KernelPackage,nfnetlink-log))
759 define KernelPackage/nfnetlink-queue
760 TITLE:=Netfilter QUEUE over NFNETLINK interface
761 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
762 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
763 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
764 $(call AddDepends/nfnetlink)
767 define KernelPackage/nfnetlink-queue/description
768 Kernel modules support for queueing packets via NFNETLINK
773 $(eval $(call KernelPackage,nfnetlink-queue))
776 define KernelPackage/nf-conntrack-netlink
777 TITLE:=Connection tracking netlink interface
778 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
779 KCONFIG:=CONFIG_NF_CT_NETLINK
780 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
781 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
784 define KernelPackage/nf-conntrack-netlink/description
785 Kernel modules support for a netlink-based connection tracking
789 $(eval $(call KernelPackage,nf-conntrack-netlink))
791 define KernelPackage/ipt-hashlimit
793 TITLE:=Netfilter hashlimit match
794 DEPENDS:=+kmod-ipt-core
795 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
796 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
797 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
798 $(call KernelPackage/ipt)
801 define KernelPackage/ipt-hashlimit/description
802 Kernel modules support for the hashlimit bucket match module
805 $(eval $(call KernelPackage,ipt-hashlimit))
808 define KernelPackage/nft-core
810 TITLE:=Netfilter nf_tables support
811 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
812 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
813 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
816 CONFIG_NETFILTER_ADVANCED=y \
817 CONFIG_NFT_COMPAT=n \
819 CONFIG_NF_TABLES_ARP=n \
820 CONFIG_NF_TABLES_BRIDGE=n \
824 define KernelPackage/nft-core/description
825 Kernel module support for nftables
828 $(eval $(call KernelPackage,nft-core))
831 define KernelPackage/nft-nat
833 TITLE:=Netfilter nf_tables NAT support
834 DEPENDS:=+kmod-nft-core +kmod-nf-nat
835 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
836 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
837 KCONFIG:=$(KCONFIG_NFT_NAT)
840 $(eval $(call KernelPackage,nft-nat))
843 define KernelPackage/nft-nat6
845 TITLE:=Netfilter nf_tables IPv6-NAT support
846 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
847 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
848 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
849 KCONFIG:=$(KCONFIG_NFT_NAT6)
852 $(eval $(call KernelPackage,nft-nat6))