3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU:=Netfilter Extensions
11 include $(INCLUDE_DIR)/netfilter.mk
14 define KernelPackage/nf-ipt
19 CONFIG_NETFILTER_ADVANCED=y \
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
25 $(eval $(call KernelPackage,nf-ipt))
28 define KernelPackage/nf-ipt6
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
37 $(eval $(call KernelPackage,nf-ipt6))
41 define KernelPackage/ipt-core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
62 $(eval $(call KernelPackage,ipt-core))
65 define KernelPackage/nf-conntrack
67 TITLE:=Netfilter connection tracking
70 CONFIG_NETFILTER_ADVANCED=y \
71 $(KCONFIG_NF_CONNTRACK)
72 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
73 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
76 $(eval $(call KernelPackage,nf-conntrack))
79 define KernelPackage/nf-conntrack6
81 TITLE:=Netfilter IPv6 connection tracking
82 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
83 DEPENDS:=+kmod-ipv6 +kmod-nf-conntrack
84 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
85 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
88 $(eval $(call KernelPackage,nf-conntrack6))
91 define KernelPackage/nf-nat
94 KCONFIG:=$(KCONFIG_NF_NAT)
95 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
96 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
97 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
100 $(eval $(call KernelPackage,nf-nat))
103 define KernelPackage/nf-nat6
105 TITLE:=Netfilter IPV6-NAT
106 KCONFIG:=$(KCONFIG_NF_NAT6)
107 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
108 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
109 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
112 $(eval $(call KernelPackage,nf-nat6))
115 define AddDepends/ipt
117 DEPENDS+= +kmod-ipt-core $(1)
121 define KernelPackage/ipt-conntrack
122 TITLE:=Basic connection tracking modules
123 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
124 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
125 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
126 $(call AddDepends/ipt,+kmod-nf-conntrack)
129 define KernelPackage/ipt-conntrack/description
130 Netfilter (IPv4) kernel modules for connection tracking
139 $(eval $(call KernelPackage,ipt-conntrack))
142 define KernelPackage/ipt-conntrack-extra
143 TITLE:=Extra connection tracking modules
144 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
145 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
146 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
147 $(call AddDepends/ipt,+kmod-ipt-conntrack)
150 define KernelPackage/ipt-conntrack-extra/description
151 Netfilter (IPv4) extra kernel modules for connection tracking
160 $(eval $(call KernelPackage,ipt-conntrack-extra))
163 define KernelPackage/ipt-filter
164 TITLE:=Modules for packet content inspection
165 KCONFIG:=$(KCONFIG_IPT_FILTER)
166 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
167 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
168 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
171 define KernelPackage/ipt-filter/description
172 Netfilter (IPv4) kernel modules for packet content inspection
178 $(eval $(call KernelPackage,ipt-filter))
181 define KernelPackage/ipt-ipopt
182 TITLE:=Modules for matching/changing IP packet options
183 KCONFIG:=$(KCONFIG_IPT_IPOPT)
184 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
185 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
186 $(call AddDepends/ipt)
189 define KernelPackage/ipt-ipopt/description
190 Netfilter (IPv4) modules for matching/changing IP packet options
205 $(eval $(call KernelPackage,ipt-ipopt))
208 define KernelPackage/ipt-ipsec
209 TITLE:=Modules for matching IPSec packets
210 KCONFIG:=$(KCONFIG_IPT_IPSEC)
211 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
212 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
213 $(call AddDepends/ipt)
216 define KernelPackage/ipt-ipsec/description
217 Netfilter (IPv4) modules for matching IPSec packets
224 $(eval $(call KernelPackage,ipt-ipsec))
227 define KernelPackage/ipt-nat
228 TITLE:=Basic NAT targets
229 KCONFIG:=$(KCONFIG_IPT_NAT)
230 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
231 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
232 $(call AddDepends/ipt,+kmod-nf-nat)
235 define KernelPackage/ipt-nat/description
236 Netfilter (IPv4) kernel modules for basic NAT targets
241 $(eval $(call KernelPackage,ipt-nat))
244 define KernelPackage/ipt-nat6
245 TITLE:=IPv6 NAT targets
246 KCONFIG:=$(KCONFIG_IPT_NAT6)
247 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
248 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
249 $(call AddDepends/ipt,+kmod-nf-nat6)
252 define KernelPackage/ipt-nat6/description
253 Netfilter (IPv6) kernel modules for NAT targets
256 $(eval $(call KernelPackage,ipt-nat6))
259 define KernelPackage/ipt-nat-extra
260 TITLE:=Extra NAT targets
261 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
262 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
263 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
264 $(call AddDepends/ipt,+kmod-ipt-nat)
267 define KernelPackage/ipt-nat-extra/description
268 Netfilter (IPv4) kernel modules for extra NAT targets
274 $(eval $(call KernelPackage,ipt-nat-extra))
277 define KernelPackage/nf-nathelper
279 TITLE:=Basic Conntrack and NAT helpers
280 KCONFIG:=$(KCONFIG_NF_NATHELPER)
281 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
282 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
283 DEPENDS:=+kmod-nf-nat
286 define KernelPackage/nf-nathelper/description
287 Default Netfilter (IPv4) Conntrack and NAT helpers
294 $(eval $(call KernelPackage,nf-nathelper))
297 define KernelPackage/nf-nathelper-extra
299 TITLE:=Extra Conntrack and NAT helpers
300 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
301 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
302 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
303 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
306 define KernelPackage/nf-nathelper-extra/description
307 Extra Netfilter (IPv4) Conntrack and NAT helpers
319 $(eval $(call KernelPackage,nf-nathelper-extra))
322 define KernelPackage/ipt-queue
323 TITLE:=Module for user-space packet queueing
324 KCONFIG:=$(KCONFIG_IPT_QUEUE)
326 FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
327 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_QUEUE-m)))
328 $(call AddDepends/ipt)
331 define KernelPackage/ipt-queue/description
332 Netfilter (IPv4) module for user-space packet queueing
337 $(eval $(call KernelPackage,ipt-queue))
340 define KernelPackage/ipt-ulog
341 TITLE:=Module for user-space packet logging
342 KCONFIG:=$(KCONFIG_IPT_ULOG)
343 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
344 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
345 $(call AddDepends/ipt)
348 define KernelPackage/ipt-ulog/description
349 Netfilter (IPv4) module for user-space packet logging
354 $(eval $(call KernelPackage,ipt-ulog))
357 define KernelPackage/ipt-nflog
358 TITLE:=Module for user-space packet logging
359 KCONFIG:=$(KCONFIG_IPT_NFLOG)
360 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
361 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
362 $(call AddDepends/ipt,+kmod-nfnetlink-log)
365 define KernelPackage/ipt-nflog/description
366 Netfilter module for user-space packet logging
371 $(eval $(call KernelPackage,ipt-nflog))
374 define KernelPackage/ipt-nfqueue
375 TITLE:=Module for user-space packet queuing
376 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
377 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
378 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
379 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
382 define KernelPackage/ipt-nfqueue/description
383 Netfilter module for user-space packet queuing
388 $(eval $(call KernelPackage,ipt-nfqueue))
391 define KernelPackage/ipt-debug
392 TITLE:=Module for debugging/development
393 KCONFIG:=$(KCONFIG_IPT_DEBUG)
395 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
396 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
397 $(call AddDepends/ipt)
400 define KernelPackage/ipt-debug/description
401 Netfilter modules for debugging/development of the firewall
406 $(eval $(call KernelPackage,ipt-debug))
409 define KernelPackage/ipt-led
410 TITLE:=Module to trigger a LED with a Netfilter rule
411 KCONFIG:=$(KCONFIG_IPT_LED)
412 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
413 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
414 $(call AddDepends/ipt)
417 define KernelPackage/ipt-led/description
418 Netfilter target to trigger a LED when a network packet is matched.
421 $(eval $(call KernelPackage,ipt-led))
423 define KernelPackage/ipt-tproxy
424 TITLE:=Transparent proxying support
425 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ipv6 +IPV6:kmod-ip6tables
427 CONFIG_NETFILTER_TPROXY \
428 CONFIG_NETFILTER_XT_MATCH_SOCKET \
429 CONFIG_NETFILTER_XT_TARGET_TPROXY
431 $(if $(call kernel_patchver_lt,3.12),$(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko) \
432 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
433 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
434 $(call AddDepends/ipt)
437 define KernelPackage/ipt-tproxy/description
438 Kernel modules for Transparent Proxying
441 $(eval $(call KernelPackage,ipt-tproxy))
443 define KernelPackage/ipt-tee
445 DEPENDS:=+kmod-ipt-conntrack +IPV6:kmod-ipv6
447 CONFIG_NETFILTER_XT_TARGET_TEE
449 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
450 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
451 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
452 $(call AddDepends/ipt)
455 define KernelPackage/ipt-tee/description
456 Kernel modules for TEE
459 $(eval $(call KernelPackage,ipt-tee))
462 define KernelPackage/ipt-u32
465 CONFIG_NETFILTER_XT_MATCH_U32
467 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
468 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
469 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
470 $(call AddDepends/ipt)
473 define KernelPackage/ipt-u32/description
474 Kernel modules for U32
477 $(eval $(call KernelPackage,ipt-u32))
480 define KernelPackage/ipt-iprange
481 TITLE:=Module for matching ip ranges
482 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
483 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
484 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
485 $(call AddDepends/ipt)
488 define KernelPackage/ipt-iprange/description
489 Netfilter (IPv4) module for matching ip ranges
494 $(eval $(call KernelPackage,ipt-iprange))
497 define KernelPackage/ipt-extra
499 KCONFIG:=$(KCONFIG_IPT_EXTRA)
500 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
501 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
502 $(call AddDepends/ipt)
505 define KernelPackage/ipt-extra/description
506 Other Netfilter (IPv4) kernel modules
510 - physdev (if bridge support was enabled in kernel)
515 $(eval $(call KernelPackage,ipt-extra))
518 define KernelPackage/ip6tables
521 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
522 KCONFIG:=$(KCONFIG_IPT_IPV6)
523 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
524 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
527 define KernelPackage/ip6tables/description
528 Netfilter IPv6 firewalling support
531 $(eval $(call KernelPackage,ip6tables))
533 define KernelPackage/ip6tables-extra
535 TITLE:=Extra IPv6 modules
536 DEPENDS:=+kmod-ip6tables
537 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
538 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
539 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
542 define KernelPackage/ip6tables-extra/description
543 Netfilter IPv6 extra header matching modules
546 $(eval $(call KernelPackage,ip6tables-extra))
548 ARP_MODULES = arp_tables arpt_mangle arptable_filter
549 define KernelPackage/arptables
551 TITLE:=ARP firewalling modules
552 DEPENDS:=+kmod-ipt-core
553 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
554 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
555 CONFIG_IP_NF_ARPFILTER \
556 CONFIG_IP_NF_ARP_MANGLE
557 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
560 define KernelPackage/arptables/description
561 Kernel modules for ARP firewalling
564 $(eval $(call KernelPackage,arptables))
567 define KernelPackage/ebtables
569 TITLE:=Bridge firewalling modules
570 DEPENDS:=+kmod-ipt-core +kmod-bridge
571 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
572 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
574 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
577 define KernelPackage/ebtables/description
578 ebtables is a general, extensible frame/packet identification
579 framework. It provides you to do Ethernet
580 filtering/NAT/brouting on the Ethernet bridge.
583 $(eval $(call KernelPackage,ebtables))
586 define AddDepends/ebtables
588 DEPENDS+=kmod-ebtables $(1)
592 define KernelPackage/ebtables-ipv4
593 TITLE:=ebtables: IPv4 support
594 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
595 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
596 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
597 $(call AddDepends/ebtables)
600 define KernelPackage/ebtables-ipv4/description
601 This option adds the IPv4 support to ebtables, which allows basic
602 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
605 $(eval $(call KernelPackage,ebtables-ipv4))
608 define KernelPackage/ebtables-ipv6
609 TITLE:=ebtables: IPv6 support
610 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
611 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
612 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
613 $(call AddDepends/ebtables)
616 define KernelPackage/ebtables-ipv6/description
617 This option adds the IPv6 support to ebtables, which allows basic
618 IPv6 header field filtering and target support.
621 $(eval $(call KernelPackage,ebtables-ipv6))
624 define KernelPackage/ebtables-watchers
625 TITLE:=ebtables: watchers support
626 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
627 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
628 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
629 $(call AddDepends/ebtables)
632 define KernelPackage/ebtables-watchers/description
633 This option adds the log watchers, that you can use in any rule
634 in any ebtables table.
637 $(eval $(call KernelPackage,ebtables-watchers))
640 define KernelPackage/nfnetlink
642 TITLE:=Netlink-based userspace interface
643 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
644 KCONFIG:=$(KCONFIG_NFNETLINK)
645 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
648 define KernelPackage/nfnetlink/description
649 Kernel modules support for a netlink-based userspace interface
652 $(eval $(call KernelPackage,nfnetlink))
655 define AddDepends/nfnetlink
657 DEPENDS+=+kmod-nfnetlink $(1)
661 define KernelPackage/nfnetlink-log
662 TITLE:=Netfilter LOG over NFNETLINK interface
663 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
664 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
665 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
666 $(call AddDepends/nfnetlink)
669 define KernelPackage/nfnetlink-log/description
670 Kernel modules support for logging packets via NFNETLINK
675 $(eval $(call KernelPackage,nfnetlink-log))
678 define KernelPackage/nfnetlink-queue
679 TITLE:=Netfilter QUEUE over NFNETLINK interface
680 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
681 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
682 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
683 $(call AddDepends/nfnetlink)
686 define KernelPackage/nfnetlink-queue/description
687 Kernel modules support for queueing packets via NFNETLINK
692 $(eval $(call KernelPackage,nfnetlink-queue))
695 define KernelPackage/nf-conntrack-netlink
696 TITLE:=Connection tracking netlink interface
697 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
698 KCONFIG:=CONFIG_NF_CT_NETLINK
699 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
700 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
703 define KernelPackage/nf-conntrack-netlink/description
704 Kernel modules support for a netlink-based connection tracking
708 $(eval $(call KernelPackage,nf-conntrack-netlink))
710 define KernelPackage/ipt-hashlimit
712 TITLE:=Netfilter hashlimit match
713 DEPENDS:=+kmod-ipt-core
714 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
715 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
716 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
717 $(call KernelPackage/ipt)
720 define KernelPackage/ipt-hashlimit/description
721 Kernel modules support for the hashlimit bucket match module
724 $(eval $(call KernelPackage,ipt-hashlimit))
727 define KernelPackage/nft-core
729 TITLE:=Netfilter nf_tables support
730 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
731 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
732 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
735 CONFIG_NETFILTER_ADVANCED=y \
736 CONFIG_NFT_COMPAT=n \
738 CONFIG_NF_TABLES_ARP=n \
739 CONFIG_NF_TABLES_BRIDGE=n \
743 define KernelPackage/nft-core/description
744 Kernel module support for nftables
747 $(eval $(call KernelPackage,nft-core))
750 define KernelPackage/nft-nat
752 TITLE:=Netfilter nf_tables NAT support
753 DEPENDS:=+kmod-nft-core +kmod-nf-nat
754 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
755 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
756 KCONFIG:=$(KCONFIG_NFT_NAT)
759 $(eval $(call KernelPackage,nft-nat))
762 define KernelPackage/nft-nat6
764 TITLE:=Netfilter nf_tables IPv6-NAT support
765 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
766 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
767 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
768 KCONFIG:=$(KCONFIG_NFT_NAT6)
771 $(eval $(call KernelPackage,nft-nat6))