2 # Copyright (C) 2006-2008 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 NF_MENU:=Netfilter Extensions
10 include $(INCLUDE_DIR)/netfilter.mk
12 define KernelPackage/ipt-core
15 KCONFIG:=$(KCONFIG_IPT_CORE)
16 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
17 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
20 define KernelPackage/ipt-core/description
21 Netfilter core kernel modules
31 $(eval $(call KernelPackage,ipt-core))
34 define KernelPackage/ipt-conntrack
36 TITLE:=Basic connection tracking modules
37 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
38 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
39 AUTOLOAD:=$(call AutoLoad,41,$(notdir $(IPT_CONNTRACK-m)))
40 DEPENDS:= kmod-ipt-core
43 define KernelPackage/ipt-conntrack/description
44 Netfilter (IPv4) kernel modules for connection tracking
49 $(eval $(call KernelPackage,ipt-conntrack))
52 define KernelPackage/ipt-conntrack-extra
54 TITLE:=Extra connection tracking modules
55 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
56 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
57 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
58 DEPENDS:= kmod-ipt-core +kmod-ipt-conntrack
61 define KernelPackage/ipt-conntrack-extra/description
62 Netfilter (IPv4) extra kernel modules for connection tracking
72 $(eval $(call KernelPackage,ipt-conntrack-extra))
75 define KernelPackage/ipt-filter
77 TITLE:=Modules for packet content inspection
78 KCONFIG:=$(KCONFIG_IPT_FILTER)
79 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
80 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m)))
81 DEPENDS:= kmod-ipt-core @LINUX_2_4||+kmod-textsearch
84 define KernelPackage/ipt-filter/description
85 Netfilter (IPv4) kernel modules for packet content inspection
91 $(eval $(call KernelPackage,ipt-filter))
94 define KernelPackage/ipt-ipopt
96 TITLE:=Modules for matching/changing IP packet options
97 KCONFIG:=$(KCONFIG_IPT_IPOPT)
98 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
99 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPOPT-m)))
100 DEPENDS:= kmod-ipt-core
103 define KernelPackage/ipt-ipopt/description
104 Netfilter (IPv4) modules for matching/changing IP packet options
116 $(eval $(call KernelPackage,ipt-ipopt))
119 define KernelPackage/ipt-ipsec
121 TITLE:=Modules for matching IPSec packets
122 KCONFIG:=$(KCONFIG_IPT_IPSEC)
123 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
124 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSEC-m)))
125 DEPENDS:= kmod-ipt-core
128 define KernelPackage/ipt-ipsec/description
129 Netfilter (IPv4) modules for matching IPSec packets
135 $(eval $(call KernelPackage,ipt-ipsec))
138 define KernelPackage/ipt-nat
140 TITLE:=Basic NAT targets
141 KCONFIG:=$(KCONFIG_IPT_NAT)
142 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
143 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT-m)))
144 DEPENDS:= kmod-ipt-core +kmod-ipt-conntrack
147 define KernelPackage/ipt-nat/description
148 Netfilter (IPv4) kernel modules for basic NAT targets
153 $(eval $(call KernelPackage,ipt-nat))
156 define KernelPackage/ipt-nat-extra
158 TITLE:=Extra NAT targets
159 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
160 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
161 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT_EXTRA-m)))
162 DEPENDS:= kmod-ipt-core +kmod-ipt-nat
165 define KernelPackage/ipt-nat-extra/description
166 Netfilter (IPv4) kernel modules for extra NAT targets
173 $(eval $(call KernelPackage,ipt-nat-extra))
176 define KernelPackage/ipt-nathelper
178 TITLE:=Basic Conntrack and NAT helpers
179 KCONFIG:=$(KCONFIG_IPT_NATHELPER)
180 FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
181 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER-m)))
182 DEPENDS:= kmod-ipt-core +kmod-ipt-nat
185 define KernelPackage/ipt-nathelper/description
186 Default Netfilter (IPv4) Conntrack and NAT helpers
196 $(eval $(call KernelPackage,ipt-nathelper))
199 define KernelPackage/ipt-nathelper-extra
201 TITLE:=Extra Conntrack and NAT helpers
202 KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
203 FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
204 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m)))
205 DEPENDS:= kmod-ipt-core +kmod-ipt-nat +kmod-textsearch
208 define KernelPackage/ipt-nathelper-extra/description
209 Extra Netfilter (IPv4) Conntrack and NAT helpers
211 - ip_conntrack_amanda
212 - ip_conntrack_proto_gre
221 $(eval $(call KernelPackage,ipt-nathelper-extra))
224 define KernelPackage/ipt-imq
226 TITLE:=Intermediate Queueing support
229 CONFIG_IMQ_BEHAVIOR_BA=y \
230 CONFIG_IMQ_NUM_DEVS=2 \
231 CONFIG_IP_NF_TARGET_IMQ
233 $(LINUX_DIR)/drivers/net/imq.$(LINUX_KMOD_SUFFIX) \
234 $(foreach mod,$(IPT_IMQ-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
235 AUTOLOAD:=$(call AutoLoad,45,$(notdir \
239 DEPENDS:= kmod-ipt-core
242 define KernelPackage/ipt-imq/description
243 Kernel support for Intermediate Queueing devices
246 $(eval $(call KernelPackage,ipt-imq))
249 define KernelPackage/ipt-queue
251 TITLE:=Module for user-space packet queueing
252 KCONFIG:=$(KCONFIG_IPT_QUEUE)
253 FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
254 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_QUEUE-m)))
255 DEPENDS:= kmod-ipt-core
258 define KernelPackage/ipt-queue/description
259 Netfilter (IPv4) module for user-space packet queueing
264 $(eval $(call KernelPackage,ipt-queue))
267 define KernelPackage/ipt-ulog
269 TITLE:=Module for user-space packet logging
270 KCONFIG:=$(KCONFIG_IPT_ULOG)
271 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
272 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_ULOG-m)))
273 DEPENDS:= kmod-ipt-core
276 define KernelPackage/ipt-ulog/description
277 Netfilter (IPv4) module for user-space packet logging
282 $(eval $(call KernelPackage,ipt-ulog))
285 define KernelPackage/ipt-iprange
287 TITLE:=Module for matching ip ranges
288 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
289 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPRANGE-m)))
290 DEPENDS:= kmod-ipt-core
293 define KernelPackage/ipt-iprange/description
294 Netfilter (IPv4) module for matching ip ranges
299 $(eval $(call KernelPackage,ipt-iprange))
302 define KernelPackage/ipt-ipset
305 KCONFIG:=$(KCONFIG_IPT_IPSET)
306 FILES:=$(foreach mod,$(IPT_IPSET-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
307 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSET-m)))
308 DEPENDS:= kmod-ipt-core
311 define KernelPackage/ipt-ipset/description
312 Netfilter kernel modules for ipset
327 $(eval $(call KernelPackage,ipt-ipset))
330 define KernelPackage/ipt-extra
333 KCONFIG:=$(KCONFIG_IPT_EXTRA)
334 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
335 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_EXTRA-m)))
336 DEPENDS:= kmod-ipt-core
339 define KernelPackage/ipt-extra/description
340 Other Netfilter (IPv4) kernel modules
350 $(eval $(call KernelPackage,ipt-extra))
353 define KernelPackage/ip6tables
357 KCONFIG:=CONFIG_IP6_NF_IPTABLES
358 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
359 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
362 define KernelPackage/ip6tables/description
363 Netfilter IPv6 firewalling support
366 $(eval $(call KernelPackage,ip6tables))
369 define KernelPackage/arptables
371 TITLE:=ARP firewalling modules
372 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)
373 KCONFIG:=CONFIG_IP_NF_ARPTABLES
374 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)))))
377 define KernelPackage/arptables/description
378 Kernel modules for ARP firewalling
381 $(eval $(call KernelPackage,arptables))
383 define KernelPackage/ebtables
385 TITLE:=Bridge firewalling modules
387 FILES:=$(LINUX_DIR)/net/bridge/netfilter/*.$(LINUX_KMOD_SUFFIX)
388 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
389 CONFIG_BRIDGE_NF_EBTABLES
390 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.ko,%,ebtables.ko $(wildcard $(LINUX_DIR)/net/bridge/netfilter/ebtable_*.$(LINUX_KMOD_SUFFIX)) $(wildcard $(LINUX_DIR)/net/bridge/netfilter/ebt_*.$(LINUX_KMOD_SUFFIX)))))
393 define KernelPackage/ebtables/description
394 Kernel modules for Ethernet Bridge firewalling
397 $(eval $(call KernelPackage,ebtables))
400 define KernelPackage/nfnetlink
402 TITLE:=Netlink-based userspace interface
403 DEPENDS:=@LINUX_2_6 +kmod-ipt-core
404 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.$(LINUX_KMOD_SUFFIX)
405 KCONFIG:=CONFIG_NETFILTER_NETLINK
406 AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
409 define KernelPackage/nfnetlink/description
410 Kernel modules support for a netlink-based userspace interface
413 $(eval $(call KernelPackage,nfnetlink))
416 define KernelPackage/nfnetlink-log
418 TITLE:=Netfilter LOG over NFNETLINK interface
419 DEPENDS:=@LINUX_2_6 +kmod-nfnetlink
420 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.$(LINUX_KMOD_SUFFIX)
421 KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
422 AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log)
425 define KernelPackage/nfnetlink-log/description
426 Kernel modules support for logging packets via NFNETLINK
429 $(eval $(call KernelPackage,nfnetlink-log))
432 define KernelPackage/nfnetlink-queue
434 TITLE:=Netfilter QUEUE over NFNETLINK interface
435 DEPENDS:=@LINUX_2_6 +kmod-nfnetlink
436 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.$(LINUX_KMOD_SUFFIX)
437 KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
438 AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue)
441 define KernelPackage/nfnetlink-queue/description
442 Kernel modules support for queueing packets via NFNETLINK
445 $(eval $(call KernelPackage,nfnetlink-queue))
448 define KernelPackage/nf-conntrack-netlink
450 TITLE:=Connection tracking netlink interface
451 DEPENDS:=@LINUX_2_6 +kmod-nfnetlink +kmod-ipt-conntrack
452 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.$(LINUX_KMOD_SUFFIX)
453 KCONFIG:=CONFIG_NF_CT_NETLINK
454 AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink)
457 define KernelPackage/nf-conntrack-netlink/description
458 Kernel modules support for a netlink-based connection tracking
462 $(eval $(call KernelPackage,nf-conntrack-netlink))