3 # Copyright (C) 2006-2008 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
13 define KernelPackage
/ipt-core
16 KCONFIG
:=$(KCONFIG_IPT_CORE
)
17 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
18 AUTOLOAD
:=$(call AutoLoad
,40,$(notdir $(IPT_CORE-m
)))
21 define KernelPackage
/ipt-core
/description
22 Netfilter core kernel modules
32 $(eval
$(call KernelPackage
,ipt-core
))
35 define KernelPackage
/ipt
/Depends
37 DEPENDS
:= kmod-ipt-core
$(1)
41 define KernelPackage
/ipt-conntrack
42 $(call KernelPackage
/ipt
/Depends
,)
43 TITLE
:=Basic connection tracking modules
44 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
45 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
46 AUTOLOAD
:=$(call AutoLoad
,41,$(notdir $(IPT_CONNTRACK-m
)))
49 define KernelPackage
/ipt-conntrack
/description
50 Netfilter
(IPv4
) kernel modules for connection tracking
60 $(eval
$(call KernelPackage
,ipt-conntrack
))
63 define KernelPackage
/ipt-conntrack-extra
64 $(call KernelPackage
/ipt
/Depends
,+kmod-ipt-conntrack
)
65 TITLE
:=Extra connection tracking modules
66 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
67 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
68 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
71 define KernelPackage
/ipt-conntrack-extra
/description
72 Netfilter
(IPv4
) extra kernel modules for connection tracking
81 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
84 define KernelPackage
/ipt-filter
85 $(call KernelPackage
/ipt
/Depends
,+LINUX_2_6
:kmod-textsearch
)
86 TITLE
:=Modules for packet content inspection
87 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
88 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
89 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_FILTER-m
)))
92 define KernelPackage
/ipt-filter
/description
93 Netfilter
(IPv4
) kernel modules for packet content inspection
99 $(eval
$(call KernelPackage
,ipt-filter
))
102 define KernelPackage
/ipt-ipopt
103 $(call KernelPackage
/ipt
/Depends
,)
104 TITLE
:=Modules for matching
/changing IP packet options
105 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
106 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
107 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_IPOPT-m
)))
110 define KernelPackage
/ipt-ipopt
/description
111 Netfilter
(IPv4
) modules for matching
/changing IP packet options
123 $(eval
$(call KernelPackage
,ipt-ipopt
))
126 define KernelPackage
/ipt-ipsec
127 $(call KernelPackage
/ipt
/Depends
,)
128 TITLE
:=Modules for matching IPSec packets
129 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
130 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
131 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_IPSEC-m
)))
134 define KernelPackage
/ipt-ipsec
/description
135 Netfilter
(IPv4
) modules for matching IPSec packets
141 $(eval
$(call KernelPackage
,ipt-ipsec
))
144 define KernelPackage
/ipt-nat
145 $(call KernelPackage
/ipt
/Depends
,+kmod-ipt-conntrack
)
146 TITLE
:=Basic NAT targets
147 KCONFIG
:=$(KCONFIG_IPT_NAT
)
148 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
149 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_NAT-m
)))
152 define KernelPackage
/ipt-nat
/description
153 Netfilter
(IPv4
) kernel modules for basic NAT targets
158 $(eval
$(call KernelPackage
,ipt-nat
))
161 define KernelPackage
/ipt-nat-extra
162 $(call KernelPackage
/ipt
/Depends
,+kmod-ipt-nat
)
163 TITLE
:=Extra NAT targets
164 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
165 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
166 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT_EXTRA-m
)))
169 define KernelPackage
/ipt-nat-extra
/description
170 Netfilter
(IPv4
) kernel modules for extra NAT targets
177 $(eval
$(call KernelPackage
,ipt-nat-extra
))
180 define KernelPackage
/ipt-nathelper
181 $(call KernelPackage
/ipt
/Depends
,+kmod-ipt-nat
)
182 TITLE
:=Basic Conntrack and NAT helpers
183 KCONFIG
:=$(KCONFIG_IPT_NATHELPER
)
184 FILES
:=$(foreach mod
,$(IPT_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
185 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_NATHELPER-m
)))
188 define KernelPackage
/ipt-nathelper
/description
189 Default Netfilter
(IPv4
) Conntrack and NAT helpers
199 $(eval
$(call KernelPackage
,ipt-nathelper
))
202 define KernelPackage
/ipt-nathelper-extra
203 $(call KernelPackage
/ipt
/Depends
,+kmod-ipt-nat
+LINUX_2_6
:kmod-textsearch
)
204 TITLE
:=Extra Conntrack and NAT helpers
205 KCONFIG
:=$(KCONFIG_IPT_NATHELPER_EXTRA
)
206 FILES
:=$(foreach mod
,$(IPT_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
207 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_NATHELPER_EXTRA-m
)))
210 define KernelPackage
/ipt-nathelper-extra
/description
211 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
213 - ip_conntrack_amanda
214 - ip_conntrack_proto_gre
223 $(eval
$(call KernelPackage
,ipt-nathelper-extra
))
226 define KernelPackage
/ipt-imq
227 $(call KernelPackage
/ipt
/Depends
,)
228 TITLE
:=Intermediate Queueing support
231 CONFIG_IMQ_BEHAVIOR_BA
=y \
232 CONFIG_IMQ_NUM_DEVS
=2 \
233 CONFIG_NETFILTER_XT_TARGET_IMQ
235 $(LINUX_DIR
)/drivers
/net
/imq.
$(LINUX_KMOD_SUFFIX
) \
236 $(foreach mod
,$(IPT_IMQ-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
237 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir \
243 define KernelPackage
/ipt-imq
/description
244 Kernel support for Intermediate Queueing devices
247 $(eval
$(call KernelPackage
,ipt-imq
))
250 define KernelPackage
/ipt-queue
251 $(call KernelPackage
/ipt
/Depends
,)
252 TITLE
:=Module for user-space packet queueing
253 KCONFIG
:=$(KCONFIG_IPT_QUEUE
)
254 FILES
:=$(foreach mod
,$(IPT_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
255 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_QUEUE-m
)))
258 define KernelPackage
/ipt-queue
/description
259 Netfilter
(IPv4
) module for user-space packet queueing
264 $(eval
$(call KernelPackage
,ipt-queue
))
267 define KernelPackage
/ipt-ulog
268 $(call KernelPackage
/ipt
/Depends
,)
269 TITLE
:=Module for user-space packet logging
270 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
271 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
272 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_ULOG-m
)))
275 define KernelPackage
/ipt-ulog
/description
276 Netfilter
(IPv4
) module for user-space packet logging
281 $(eval
$(call KernelPackage
,ipt-ulog
))
284 define KernelPackage
/ipt-iprange
285 $(call KernelPackage
/ipt
/Depends
,)
286 TITLE
:=Module for matching ip ranges
287 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
288 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
289 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_IPRANGE-m
)))
292 define KernelPackage
/ipt-iprange
/description
293 Netfilter
(IPv4
) module for matching ip ranges
298 $(eval
$(call KernelPackage
,ipt-iprange
))
301 define KernelPackage
/ipt-extra
302 $(call KernelPackage
/ipt
/Depends
,)
304 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
305 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
306 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_EXTRA-m
)))
309 define KernelPackage
/ipt-extra
/description
310 Other Netfilter
(IPv4
) kernel modules
318 $(eval
$(call KernelPackage
,ipt-extra
))
321 define KernelPackage
/ip6tables
325 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
326 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
327 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPT_IPV6-m
)))
330 define KernelPackage
/ip6tables
/description
331 Netfilter IPv6 firewalling support
334 $(eval
$(call KernelPackage
,ip6tables
))
337 define KernelPackage
/arptables
339 TITLE
:=ARP firewalling modules
340 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.
$(LINUX_KMOD_SUFFIX
)
341 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
342 CONFIG_IP_NF_ARPFILTER \
343 CONFIG_IP_NF_ARP_MANGLE
344 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(patsubst %.
$(LINUX_KMOD_SUFFIX
),%,$(wildcard $(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.
$(LINUX_KMOD_SUFFIX
)))))
347 define KernelPackage
/arptables
/description
348 Kernel modules for ARP firewalling
351 $(eval
$(call KernelPackage
,arptables
))
354 define KernelPackage
/ebtables
356 TITLE
:=Bridge firewalling modules
358 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
359 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
=y \
361 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(EBTABLES-m
)))
364 define KernelPackage
/ebtables
/description
365 ebtables is a general
, extensible frame
/packet identification
366 framework. It provides you to do Ethernet
367 filtering
/NAT
/brouting on the Ethernet bridge.
370 $(eval
$(call KernelPackage
,ebtables
))
373 define KernelPackage
/ebtables
/Depends
375 DEPENDS
:=kmod-ebtables
$(1)
379 define KernelPackage
/ebtables-ipv4
380 $(call KernelPackage
/ebtables
/Depends
,)
381 TITLE
:=ebtables
: IPv4 support
382 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
383 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
384 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(EBTABLES_IP4-m
)))
387 define KernelPackage
/ebtables-ipv4
/description
388 This option adds the IPv4 support to ebtables
, which allows basic
389 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
392 $(eval
$(call KernelPackage
,ebtables-ipv4
))
395 define KernelPackage
/ebtables-ipv6
396 $(call KernelPackage
/ebtables
/Depends
,)
397 TITLE
:=ebtables
: IPv6 support
398 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
399 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
400 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(EBTABLES_IP6-m
)))
403 define KernelPackage
/ebtables-ipv6
/description
404 This option adds the IPv6 support to ebtables
, which allows basic
405 IPv6 header field filtering and target support.
408 $(eval
$(call KernelPackage
,ebtables-ipv6
))
411 define KernelPackage
/ebtables-watchers
412 $(call KernelPackage
/ebtables
/Depends
,)
413 TITLE
:=ebtables
: watchers support
414 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
415 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
416 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(EBTABLES_WATCHERS-m
)))
419 define KernelPackage
/ebtables-watchers
/description
420 This option adds the log watchers
, that you can use in any rule
421 in any ebtables table.
424 $(eval
$(call KernelPackage
,ebtables-watchers
))
427 define KernelPackage
/nfnetlink
429 TITLE
:=Netlink-based userspace interface
430 DEPENDS
:=@LINUX_2_6
+kmod-ipt-core
431 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nfnetlink.
$(LINUX_KMOD_SUFFIX
)
432 KCONFIG
:=CONFIG_NETFILTER_NETLINK
433 AUTOLOAD
:=$(call AutoLoad
,48,nfnetlink
)
436 define KernelPackage
/nfnetlink
/description
437 Kernel modules support for a netlink-based userspace interface
440 $(eval
$(call KernelPackage
,nfnetlink
))
443 define KernelPackage
/nfnetlink
/Depends
445 DEPENDS
:=@LINUX_2_6
+kmod-nfnetlink
$(1)
449 define KernelPackage
/nfnetlink-log
450 $(call KernelPackage
/nfnetlink
/Depends
,)
451 TITLE
:=Netfilter LOG over NFNETLINK interface
452 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nfnetlink_log.
$(LINUX_KMOD_SUFFIX
)
453 KCONFIG
:=CONFIG_NETFILTER_NETLINK_LOG
454 AUTOLOAD
:=$(call AutoLoad
,48,nfnetlink_log
)
457 define KernelPackage
/nfnetlink-log
/description
458 Kernel modules support for logging packets via NFNETLINK
461 $(eval
$(call KernelPackage
,nfnetlink-log
))
464 define KernelPackage
/nfnetlink-queue
465 $(call KernelPackage
/nfnetlink
/Depends
,)
466 TITLE
:=Netfilter QUEUE over NFNETLINK interface
467 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nfnetlink_queue.
$(LINUX_KMOD_SUFFIX
)
468 KCONFIG
:=CONFIG_NETFILTER_NETLINK_QUEUE
469 AUTOLOAD
:=$(call AutoLoad
,48,nfnetlink_queue
)
472 define KernelPackage
/nfnetlink-queue
/description
473 Kernel modules support for queueing packets via NFNETLINK
476 $(eval
$(call KernelPackage
,nfnetlink-queue
))
479 define KernelPackage
/nf-conntrack-netlink
480 $(call KernelPackage
/nfnetlink
/Depends
,+kmod-ipt-conntrack
)
481 TITLE
:=Connection tracking netlink interface
482 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.
$(LINUX_KMOD_SUFFIX
)
483 KCONFIG
:=CONFIG_NF_CT_NETLINK
484 AUTOLOAD
:=$(call AutoLoad
,49,nf_conntrack_netlink
)
487 define KernelPackage
/nf-conntrack-netlink
/description
488 Kernel modules support for a netlink-based connection tracking
492 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))