3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU:=Netfilter Extensions
11 include $(INCLUDE_DIR)/netfilter.mk
14 define KernelPackage/nf-ipt
19 CONFIG_NETFILTER_ADVANCED=y \
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
25 $(eval $(call KernelPackage,nf-ipt))
28 define KernelPackage/nf-ipt6
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
37 $(eval $(call KernelPackage,nf-ipt6))
41 define KernelPackage/ipt-core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
62 $(eval $(call KernelPackage,ipt-core))
65 define KernelPackage/nf-conntrack
67 TITLE:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED=y \
71 $(KCONFIG_NF_CONNTRACK)
72 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
73 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
76 $(eval $(call KernelPackage,nf-conntrack))
79 define KernelPackage/nf-conntrack6
81 TITLE:=Netfilter IPv6 connection tracking
82 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
83 DEPENDS:=+kmod-ipv6 +kmod-nf-conntrack
84 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
85 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
88 $(eval $(call KernelPackage,nf-conntrack6))
91 define KernelPackage/nf-nat
94 KCONFIG:=$(KCONFIG_NF_NAT)
95 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
96 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
97 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
100 $(eval $(call KernelPackage,nf-nat))
103 define KernelPackage/nf-nat6
105 TITLE:=Netfilter IPV6-NAT
106 KCONFIG:=$(KCONFIG_NF_NAT6)
107 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
108 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
109 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
112 $(eval $(call KernelPackage,nf-nat6))
115 define AddDepends/ipt
117 DEPENDS+= +kmod-ipt-core $(1)
121 define KernelPackage/ipt-conntrack
122 TITLE:=Basic connection tracking modules
123 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
124 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
126 $(call AddDepends/ipt,+kmod-nf-conntrack)
129 define KernelPackage/ipt-conntrack/description
130 Netfilter (IPv4) kernel modules for connection tracking
139 $(eval $(call KernelPackage,ipt-conntrack))
142 define KernelPackage/ipt-conntrack-extra
143 TITLE:=Extra connection tracking modules
144 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
145 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
146 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
147 $(call AddDepends/ipt,+kmod-ipt-conntrack)
150 define KernelPackage/ipt-conntrack-extra/description
151 Netfilter (IPv4) extra kernel modules for connection tracking
160 $(eval $(call KernelPackage,ipt-conntrack-extra))
163 define KernelPackage/ipt-filter
164 TITLE:=Modules for packet content inspection
165 KCONFIG:=$(KCONFIG_IPT_FILTER)
166 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
167 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
168 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
171 define KernelPackage/ipt-filter/description
172 Netfilter (IPv4) kernel modules for packet content inspection
177 $(eval $(call KernelPackage,ipt-filter))
180 define KernelPackage/ipt-ipopt
181 TITLE:=Modules for matching/changing IP packet options
182 KCONFIG:=$(KCONFIG_IPT_IPOPT)
183 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
184 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
185 $(call AddDepends/ipt)
188 define KernelPackage/ipt-ipopt/description
189 Netfilter (IPv4) modules for matching/changing IP packet options
204 $(eval $(call KernelPackage,ipt-ipopt))
207 define KernelPackage/ipt-ipsec
208 TITLE:=Modules for matching IPSec packets
209 KCONFIG:=$(KCONFIG_IPT_IPSEC)
210 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
211 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
212 $(call AddDepends/ipt)
215 define KernelPackage/ipt-ipsec/description
216 Netfilter (IPv4) modules for matching IPSec packets
223 $(eval $(call KernelPackage,ipt-ipsec))
227 ipset/ip_set_bitmap_ip \
228 ipset/ip_set_bitmap_ipmac \
229 ipset/ip_set_bitmap_port \
230 ipset/ip_set_hash_ip \
231 ipset/ip_set_hash_ipmark \
232 ipset/ip_set_hash_ipport \
233 ipset/ip_set_hash_ipportip \
234 ipset/ip_set_hash_ipportnet \
235 ipset/ip_set_hash_mac \
236 ipset/ip_set_hash_netportnet \
237 ipset/ip_set_hash_net \
238 ipset/ip_set_hash_netnet \
239 ipset/ip_set_hash_netport \
240 ipset/ip_set_hash_netiface \
241 ipset/ip_set_list_set \
244 define KernelPackage/ipt-ipset
245 SUBMENU:=Netfilter Extensions
246 TITLE:=IPset netfilter modules
247 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
250 CONFIG_IP_SET_MAX=256 \
251 CONFIG_NETFILTER_XT_SET \
252 CONFIG_IP_SET_BITMAP_IP \
253 CONFIG_IP_SET_BITMAP_IPMAC \
254 CONFIG_IP_SET_BITMAP_PORT \
255 CONFIG_IP_SET_HASH_IP \
256 CONFIG_IP_SET_HASH_IPMARK \
257 CONFIG_IP_SET_HASH_IPPORT \
258 CONFIG_IP_SET_HASH_IPPORTIP \
259 CONFIG_IP_SET_HASH_IPPORTNET \
260 CONFIG_IP_SET_HASH_MAC \
261 CONFIG_IP_SET_HASH_NET \
262 CONFIG_IP_SET_HASH_NETNET \
263 CONFIG_IP_SET_HASH_NETIFACE \
264 CONFIG_IP_SET_HASH_NETPORT \
265 CONFIG_IP_SET_HASH_NETPORTNET \
266 CONFIG_IP_SET_LIST_SET \
267 CONFIG_NET_EMATCH_IPSET=n
268 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
269 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
271 $(eval $(call KernelPackage,ipt-ipset))
274 define KernelPackage/ipt-nat
275 TITLE:=Basic NAT targets
276 KCONFIG:=$(KCONFIG_IPT_NAT)
277 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
278 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
279 $(call AddDepends/ipt,+kmod-nf-nat)
282 define KernelPackage/ipt-nat/description
283 Netfilter (IPv4) kernel modules for basic NAT targets
288 $(eval $(call KernelPackage,ipt-nat))
291 define KernelPackage/ipt-nat6
292 TITLE:=IPv6 NAT targets
293 KCONFIG:=$(KCONFIG_IPT_NAT6)
294 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
295 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
296 $(call AddDepends/ipt,+kmod-nf-nat6)
297 $(call AddDepends/ipt,+kmod-ipt-conntrack)
298 $(call AddDepends/ipt,+kmod-ipt-nat)
299 $(call AddDepends/ipt,+kmod-ip6tables)
302 define KernelPackage/ipt-nat6/description
303 Netfilter (IPv6) kernel modules for NAT targets
306 $(eval $(call KernelPackage,ipt-nat6))
309 define KernelPackage/ipt-nat-extra
310 TITLE:=Extra NAT targets
311 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
312 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
313 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
314 $(call AddDepends/ipt,+kmod-ipt-nat)
317 define KernelPackage/ipt-nat-extra/description
318 Netfilter (IPv4) kernel modules for extra NAT targets
324 $(eval $(call KernelPackage,ipt-nat-extra))
327 define KernelPackage/nf-nathelper
329 TITLE:=Basic Conntrack and NAT helpers
330 KCONFIG:=$(KCONFIG_NF_NATHELPER)
331 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
332 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
333 DEPENDS:=+kmod-nf-nat
336 define KernelPackage/nf-nathelper/description
337 Default Netfilter (IPv4) Conntrack and NAT helpers
344 $(eval $(call KernelPackage,nf-nathelper))
347 define KernelPackage/nf-nathelper-extra
349 TITLE:=Extra Conntrack and NAT helpers
350 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
351 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
352 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
353 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
356 define KernelPackage/nf-nathelper-extra/description
357 Extra Netfilter (IPv4) Conntrack and NAT helpers
369 $(eval $(call KernelPackage,nf-nathelper-extra))
372 define KernelPackage/ipt-ulog
373 TITLE:=Module for user-space packet logging
374 KCONFIG:=$(KCONFIG_IPT_ULOG)
375 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
376 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
377 $(call AddDepends/ipt)
380 define KernelPackage/ipt-ulog/description
381 Netfilter (IPv4) module for user-space packet logging
386 $(eval $(call KernelPackage,ipt-ulog))
389 define KernelPackage/ipt-nflog
390 TITLE:=Module for user-space packet logging
391 KCONFIG:=$(KCONFIG_IPT_NFLOG)
392 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
393 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
394 $(call AddDepends/ipt,+kmod-nfnetlink-log)
397 define KernelPackage/ipt-nflog/description
398 Netfilter module for user-space packet logging
403 $(eval $(call KernelPackage,ipt-nflog))
406 define KernelPackage/ipt-nfqueue
407 TITLE:=Module for user-space packet queuing
408 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
409 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
410 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
411 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
414 define KernelPackage/ipt-nfqueue/description
415 Netfilter module for user-space packet queuing
420 $(eval $(call KernelPackage,ipt-nfqueue))
423 define KernelPackage/ipt-debug
424 TITLE:=Module for debugging/development
425 KCONFIG:=$(KCONFIG_IPT_DEBUG)
427 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
428 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
429 $(call AddDepends/ipt)
432 define KernelPackage/ipt-debug/description
433 Netfilter modules for debugging/development of the firewall
438 $(eval $(call KernelPackage,ipt-debug))
441 define KernelPackage/ipt-led
442 TITLE:=Module to trigger a LED with a Netfilter rule
443 KCONFIG:=$(KCONFIG_IPT_LED)
444 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
445 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
446 $(call AddDepends/ipt)
449 define KernelPackage/ipt-led/description
450 Netfilter target to trigger a LED when a network packet is matched.
453 $(eval $(call KernelPackage,ipt-led))
455 define KernelPackage/ipt-tproxy
456 TITLE:=Transparent proxying support
457 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ipv6 +IPV6:kmod-ip6tables
459 CONFIG_NETFILTER_TPROXY \
460 CONFIG_NETFILTER_XT_MATCH_SOCKET \
461 CONFIG_NETFILTER_XT_TARGET_TPROXY
463 $(if $(call kernel_patchver_lt,3.12),$(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko) \
464 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
465 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
466 $(call AddDepends/ipt)
469 define KernelPackage/ipt-tproxy/description
470 Kernel modules for Transparent Proxying
473 $(eval $(call KernelPackage,ipt-tproxy))
475 define KernelPackage/ipt-tee
477 DEPENDS:=+kmod-ipt-conntrack +IPV6:kmod-ipv6
479 CONFIG_NETFILTER_XT_TARGET_TEE
481 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
482 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
483 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
484 $(call AddDepends/ipt)
487 define KernelPackage/ipt-tee/description
488 Kernel modules for TEE
491 $(eval $(call KernelPackage,ipt-tee))
494 define KernelPackage/ipt-u32
497 CONFIG_NETFILTER_XT_MATCH_U32
499 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
500 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
501 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
502 $(call AddDepends/ipt)
505 define KernelPackage/ipt-u32/description
506 Kernel modules for U32
509 $(eval $(call KernelPackage,ipt-u32))
512 define KernelPackage/ipt-iprange
513 TITLE:=Module for matching ip ranges
514 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
515 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
516 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
517 $(call AddDepends/ipt)
520 define KernelPackage/ipt-iprange/description
521 Netfilter (IPv4) module for matching ip ranges
526 $(eval $(call KernelPackage,ipt-iprange))
528 define KernelPackage/ipt-cluster
529 TITLE:=Module for matching cluster
530 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
531 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
532 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
533 $(call AddDepends/ipt)
536 define KernelPackage/ipt-cluster/description
537 Netfilter (IPv4/IPv6) module for matching cluster
538 This option allows you to build work-load-sharing clusters of
539 network servers/stateful firewalls without having a dedicated
540 load-balancing router/server/switch. Basically, this match returns
541 true when the packet must be handled by this cluster node. Thus,
542 all nodes see all packets and this match decides which node handles
543 what packets. The work-load sharing algorithm is based on source
546 This module is usable for ipv4 and ipv6.
548 To use it also enable iptables-mod-cluster
550 see `iptables -m cluster --help` for more information.
553 $(eval $(call KernelPackage,ipt-cluster))
555 define KernelPackage/ipt-clusterip
556 TITLE:=Module for CLUSTERIP
557 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
558 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
559 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
560 $(call AddDepends/ipt,+kmod-nf-conntrack)
563 define KernelPackage/ipt-clusterip/description
564 Netfilter (IPv4-only) module for CLUSTERIP
565 The CLUSTERIP target allows you to build load-balancing clusters of
566 network servers without having a dedicated load-balancing
567 router/server/switch.
569 To use it also enable iptables-mod-clusterip
571 see `iptables -j CLUSTERIP --help` for more information.
574 $(eval $(call KernelPackage,ipt-clusterip))
577 define KernelPackage/ipt-extra
579 KCONFIG:=$(KCONFIG_IPT_EXTRA)
580 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
581 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
582 $(call AddDepends/ipt)
585 define KernelPackage/ipt-extra/description
586 Other Netfilter (IPv4) kernel modules
590 - physdev (if bridge support was enabled in kernel)
595 $(eval $(call KernelPackage,ipt-extra))
598 define KernelPackage/ip6tables
601 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
602 KCONFIG:=$(KCONFIG_IPT_IPV6)
603 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
604 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
607 define KernelPackage/ip6tables/description
608 Netfilter IPv6 firewalling support
611 $(eval $(call KernelPackage,ip6tables))
613 define KernelPackage/ip6tables-extra
615 TITLE:=Extra IPv6 modules
616 DEPENDS:=+kmod-ip6tables
617 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
618 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
619 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
622 define KernelPackage/ip6tables-extra/description
623 Netfilter IPv6 extra header matching modules
626 $(eval $(call KernelPackage,ip6tables-extra))
628 ARP_MODULES = arp_tables arpt_mangle arptable_filter
629 define KernelPackage/arptables
631 TITLE:=ARP firewalling modules
632 DEPENDS:=+kmod-ipt-core
633 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
634 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
635 CONFIG_IP_NF_ARPFILTER \
636 CONFIG_IP_NF_ARP_MANGLE
637 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
640 define KernelPackage/arptables/description
641 Kernel modules for ARP firewalling
644 $(eval $(call KernelPackage,arptables))
647 define KernelPackage/ebtables
649 TITLE:=Bridge firewalling modules
650 DEPENDS:=+kmod-ipt-core +kmod-bridge
651 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
652 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
654 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
657 define KernelPackage/ebtables/description
658 ebtables is a general, extensible frame/packet identification
659 framework. It provides you to do Ethernet
660 filtering/NAT/brouting on the Ethernet bridge.
663 $(eval $(call KernelPackage,ebtables))
666 define AddDepends/ebtables
668 DEPENDS+=kmod-ebtables $(1)
672 define KernelPackage/ebtables-ipv4
673 TITLE:=ebtables: IPv4 support
674 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
675 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
676 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
677 $(call AddDepends/ebtables)
680 define KernelPackage/ebtables-ipv4/description
681 This option adds the IPv4 support to ebtables, which allows basic
682 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
685 $(eval $(call KernelPackage,ebtables-ipv4))
688 define KernelPackage/ebtables-ipv6
689 TITLE:=ebtables: IPv6 support
690 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
691 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
692 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
693 $(call AddDepends/ebtables)
696 define KernelPackage/ebtables-ipv6/description
697 This option adds the IPv6 support to ebtables, which allows basic
698 IPv6 header field filtering and target support.
701 $(eval $(call KernelPackage,ebtables-ipv6))
704 define KernelPackage/ebtables-watchers
705 TITLE:=ebtables: watchers support
706 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
707 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
708 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
709 $(call AddDepends/ebtables)
712 define KernelPackage/ebtables-watchers/description
713 This option adds the log watchers, that you can use in any rule
714 in any ebtables table.
717 $(eval $(call KernelPackage,ebtables-watchers))
720 define KernelPackage/nfnetlink
722 TITLE:=Netlink-based userspace interface
723 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
724 KCONFIG:=$(KCONFIG_NFNETLINK)
725 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
728 define KernelPackage/nfnetlink/description
729 Kernel modules support for a netlink-based userspace interface
732 $(eval $(call KernelPackage,nfnetlink))
735 define AddDepends/nfnetlink
737 DEPENDS+=+kmod-nfnetlink $(1)
741 define KernelPackage/nfnetlink-log
742 TITLE:=Netfilter LOG over NFNETLINK interface
743 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
744 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
745 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
746 $(call AddDepends/nfnetlink)
749 define KernelPackage/nfnetlink-log/description
750 Kernel modules support for logging packets via NFNETLINK
755 $(eval $(call KernelPackage,nfnetlink-log))
758 define KernelPackage/nfnetlink-queue
759 TITLE:=Netfilter QUEUE over NFNETLINK interface
760 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
761 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
762 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
763 $(call AddDepends/nfnetlink)
766 define KernelPackage/nfnetlink-queue/description
767 Kernel modules support for queueing packets via NFNETLINK
772 $(eval $(call KernelPackage,nfnetlink-queue))
775 define KernelPackage/nf-conntrack-netlink
776 TITLE:=Connection tracking netlink interface
777 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
778 KCONFIG:=CONFIG_NF_CT_NETLINK
779 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
780 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
783 define KernelPackage/nf-conntrack-netlink/description
784 Kernel modules support for a netlink-based connection tracking
788 $(eval $(call KernelPackage,nf-conntrack-netlink))
790 define KernelPackage/ipt-hashlimit
792 TITLE:=Netfilter hashlimit match
793 DEPENDS:=+kmod-ipt-core
794 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
795 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
796 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
797 $(call KernelPackage/ipt)
800 define KernelPackage/ipt-hashlimit/description
801 Kernel modules support for the hashlimit bucket match module
804 $(eval $(call KernelPackage,ipt-hashlimit))
807 define KernelPackage/nft-core
809 TITLE:=Netfilter nf_tables support
810 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
811 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
812 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
815 CONFIG_NETFILTER_ADVANCED=y \
816 CONFIG_NFT_COMPAT=n \
818 CONFIG_NF_TABLES_ARP=n \
819 CONFIG_NF_TABLES_BRIDGE=n \
823 define KernelPackage/nft-core/description
824 Kernel module support for nftables
827 $(eval $(call KernelPackage,nft-core))
830 define KernelPackage/nft-nat
832 TITLE:=Netfilter nf_tables NAT support
833 DEPENDS:=+kmod-nft-core +kmod-nf-nat
834 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
835 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
836 KCONFIG:=$(KCONFIG_NFT_NAT)
839 $(eval $(call KernelPackage,nft-nat))
842 define KernelPackage/nft-nat6
844 TITLE:=Netfilter nf_tables IPv6-NAT support
845 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
846 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
847 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
848 KCONFIG:=$(KCONFIG_NFT_NAT6)
851 $(eval $(call KernelPackage,nft-nat6))