3 # Copyright (C) 2006-2010 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU
:=Netfilter Extensions
11 include $(INCLUDE_DIR
)/netfilter.mk
13 define KernelPackage
/ipt-core
16 KCONFIG
:=$(KCONFIG_IPT_CORE
)
17 FILES
:=$(foreach mod
,$(IPT_CORE-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
18 AUTOLOAD
:=$(call AutoLoad
,40,$(notdir $(IPT_CORE-m
)))
21 define KernelPackage
/ipt-core
/description
22 Netfilter core kernel modules
33 $(eval
$(call KernelPackage
,ipt-core
))
38 DEPENDS
:= kmod-ipt-core
$(1)
42 define KernelPackage
/ipt-conntrack
43 $(call AddDepends
/ipt
,)
44 TITLE
:=Basic connection tracking modules
45 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK
)
46 FILES
:=$(foreach mod
,$(IPT_CONNTRACK-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
47 AUTOLOAD
:=$(call AutoLoad
,41,$(notdir $(IPT_CONNTRACK-m
)))
50 define KernelPackage
/ipt-conntrack
/description
51 Netfilter
(IPv4
) kernel modules for connection tracking
60 $(eval
$(call KernelPackage
,ipt-conntrack
))
63 define KernelPackage
/ipt-conntrack-extra
64 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
65 TITLE
:=Extra connection tracking modules
66 KCONFIG
:=$(KCONFIG_IPT_CONNTRACK_EXTRA
)
67 FILES
:=$(foreach mod
,$(IPT_CONNTRACK_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
68 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_CONNTRACK_EXTRA-m
)))
71 define KernelPackage
/ipt-conntrack-extra
/description
72 Netfilter
(IPv4
) extra kernel modules for connection tracking
81 $(eval
$(call KernelPackage
,ipt-conntrack-extra
))
84 define KernelPackage
/ipt-filter
85 $(call AddDepends
/ipt
,+LINUX_2_6
:kmod-textsearch
)
86 TITLE
:=Modules for packet content inspection
87 KCONFIG
:=$(KCONFIG_IPT_FILTER
)
88 FILES
:=$(foreach mod
,$(IPT_FILTER-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
89 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_FILTER-m
)))
92 define KernelPackage
/ipt-filter
/description
93 Netfilter
(IPv4
) kernel modules for packet content inspection
99 $(eval
$(call KernelPackage
,ipt-filter
))
102 define KernelPackage
/ipt-ipopt
103 $(call AddDepends
/ipt
,)
104 TITLE
:=Modules for matching
/changing IP packet options
105 KCONFIG
:=$(KCONFIG_IPT_IPOPT
)
106 FILES
:=$(foreach mod
,$(IPT_IPOPT-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
107 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_IPOPT-m
)))
110 define KernelPackage
/ipt-ipopt
/description
111 Netfilter
(IPv4
) modules for matching
/changing IP packet options
116 - hl
/HL
(2.6.30 and later
)
122 - tos
/TOS
(prior to
2.6.25)
123 - ttl
/TTL
(prior to
2.6.30)
127 $(eval
$(call KernelPackage
,ipt-ipopt
))
130 define KernelPackage
/ipt-ipsec
131 $(call AddDepends
/ipt
,)
132 TITLE
:=Modules for matching IPSec packets
133 KCONFIG
:=$(KCONFIG_IPT_IPSEC
)
134 FILES
:=$(foreach mod
,$(IPT_IPSEC-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
135 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_IPSEC-m
)))
138 define KernelPackage
/ipt-ipsec
/description
139 Netfilter
(IPv4
) modules for matching IPSec packets
146 $(eval
$(call KernelPackage
,ipt-ipsec
))
149 define KernelPackage
/ipt-nat
150 $(call AddDepends
/ipt
,+kmod-ipt-conntrack
)
151 TITLE
:=Basic NAT targets
152 KCONFIG
:=$(KCONFIG_IPT_NAT
)
153 FILES
:=$(foreach mod
,$(IPT_NAT-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
154 AUTOLOAD
:=$(call AutoLoad
,42,$(notdir $(IPT_NAT-m
)))
157 define KernelPackage
/ipt-nat
/description
158 Netfilter
(IPv4
) kernel modules for basic NAT targets
163 $(eval
$(call KernelPackage
,ipt-nat
))
166 define KernelPackage
/ipt-nat-extra
167 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
168 TITLE
:=Extra NAT targets
169 KCONFIG
:=$(KCONFIG_IPT_NAT_EXTRA
)
170 FILES
:=$(foreach mod
,$(IPT_NAT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
171 AUTOLOAD
:=$(call AutoLoad
,43,$(notdir $(IPT_NAT_EXTRA-m
)))
174 define KernelPackage
/ipt-nat-extra
/description
175 Netfilter
(IPv4
) kernel modules for extra NAT targets
182 $(eval
$(call KernelPackage
,ipt-nat-extra
))
185 define KernelPackage
/ipt-nathelper
186 $(call AddDepends
/ipt
,+kmod-ipt-nat
)
187 TITLE
:=Basic Conntrack and NAT helpers
188 KCONFIG
:=$(KCONFIG_IPT_NATHELPER
)
189 FILES
:=$(foreach mod
,$(IPT_NATHELPER-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
190 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_NATHELPER-m
)))
193 define KernelPackage
/ipt-nathelper
/description
194 Default Netfilter
(IPv4
) Conntrack and NAT helpers
201 $(eval
$(call KernelPackage
,ipt-nathelper
))
204 define KernelPackage
/ipt-nathelper-extra
205 $(call AddDepends
/ipt
,+kmod-ipt-nat
+LINUX_2_6
:kmod-textsearch
)
206 TITLE
:=Extra Conntrack and NAT helpers
207 KCONFIG
:=$(KCONFIG_IPT_NATHELPER_EXTRA
)
208 FILES
:=$(foreach mod
,$(IPT_NATHELPER_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
209 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_NATHELPER_EXTRA-m
)))
212 define KernelPackage
/ipt-nathelper-extra
/description
213 Extra Netfilter
(IPv4
) Conntrack and NAT helpers
225 $(eval
$(call KernelPackage
,ipt-nathelper-extra
))
228 define KernelPackage
/ipt-imq
229 $(call AddDepends
/ipt
,)
230 TITLE
:=Intermediate Queueing support
233 CONFIG_IMQ_BEHAVIOR_BA
=y \
234 CONFIG_IMQ_NUM_DEVS
=2 \
235 CONFIG_NETFILTER_XT_TARGET_IMQ
237 $(LINUX_DIR
)/drivers
/net
/imq.
$(LINUX_KMOD_SUFFIX
) \
238 $(foreach mod
,$(IPT_IMQ-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
239 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir \
245 define KernelPackage
/ipt-imq
/description
246 Kernel support for Intermediate Queueing devices
249 $(eval
$(call KernelPackage
,ipt-imq
))
252 define KernelPackage
/ipt-queue
253 $(call AddDepends
/ipt
,)
254 TITLE
:=Module for user-space packet queueing
255 KCONFIG
:=$(KCONFIG_IPT_QUEUE
)
256 FILES
:=$(foreach mod
,$(IPT_QUEUE-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
257 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_QUEUE-m
)))
260 define KernelPackage
/ipt-queue
/description
261 Netfilter
(IPv4
) module for user-space packet queueing
266 $(eval
$(call KernelPackage
,ipt-queue
))
269 define KernelPackage
/ipt-ulog
270 $(call AddDepends
/ipt
,)
271 TITLE
:=Module for user-space packet logging
272 KCONFIG
:=$(KCONFIG_IPT_ULOG
)
273 FILES
:=$(foreach mod
,$(IPT_ULOG-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
274 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_ULOG-m
)))
277 define KernelPackage
/ipt-ulog
/description
278 Netfilter
(IPv4
) module for user-space packet logging
283 $(eval
$(call KernelPackage
,ipt-ulog
))
286 define KernelPackage
/ipt-iprange
287 $(call AddDepends
/ipt
,)
288 TITLE
:=Module for matching ip ranges
289 KCONFIG
:=$(KCONFIG_IPT_IPRANGE
)
290 FILES
:=$(foreach mod
,$(IPT_IPRANGE-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
291 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_IPRANGE-m
)))
294 define KernelPackage
/ipt-iprange
/description
295 Netfilter
(IPv4
) module for matching ip ranges
300 $(eval
$(call KernelPackage
,ipt-iprange
))
303 define KernelPackage
/ipt-extra
304 $(call AddDepends
/ipt
,)
306 KCONFIG
:=$(KCONFIG_IPT_EXTRA
)
307 FILES
:=$(foreach mod
,$(IPT_EXTRA-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
308 AUTOLOAD
:=$(call AutoLoad
,45,$(notdir $(IPT_EXTRA-m
)))
311 define KernelPackage
/ipt-extra
/description
312 Other Netfilter
(IPv4
) kernel modules
314 - condition
(2.4 only
)
316 - physdev
(if bridge support was enabled in kernel
)
321 $(eval
$(call KernelPackage
,ipt-extra
))
324 define KernelPackage
/ip6tables
328 KCONFIG
:=$(KCONFIG_IPT_IPV6
)
329 FILES
:=$(foreach mod
,$(IPT_IPV6-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
330 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(IPT_IPV6-m
)))
333 define KernelPackage
/ip6tables
/description
334 Netfilter IPv6 firewalling support
337 $(eval
$(call KernelPackage
,ip6tables
))
340 define KernelPackage
/arptables
342 TITLE
:=ARP firewalling modules
343 FILES
:=$(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.
$(LINUX_KMOD_SUFFIX
)
344 KCONFIG
:=CONFIG_IP_NF_ARPTABLES \
345 CONFIG_IP_NF_ARPFILTER \
346 CONFIG_IP_NF_ARP_MANGLE
347 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(patsubst %.
$(LINUX_KMOD_SUFFIX
),%,$(wildcard $(LINUX_DIR
)/net
/ipv4
/netfilter
/arp
*.
$(LINUX_KMOD_SUFFIX
)))))
350 define KernelPackage
/arptables
/description
351 Kernel modules for ARP firewalling
354 $(eval
$(call KernelPackage
,arptables
))
357 define KernelPackage
/ebtables
359 TITLE
:=Bridge firewalling modules
361 FILES
:=$(foreach mod
,$(EBTABLES-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
362 KCONFIG
:=CONFIG_BRIDGE_NETFILTER
=y \
364 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(EBTABLES-m
)))
367 define KernelPackage
/ebtables
/description
368 ebtables is a general
, extensible frame
/packet identification
369 framework. It provides you to do Ethernet
370 filtering
/NAT
/brouting on the Ethernet bridge.
373 $(eval
$(call KernelPackage
,ebtables
))
376 define AddDepends
/ebtables
378 DEPENDS
:=kmod-ebtables
$(1)
382 define KernelPackage
/ebtables-ipv4
383 $(call AddDepends
/ebtables
,)
384 TITLE
:=ebtables
: IPv4 support
385 FILES
:=$(foreach mod
,$(EBTABLES_IP4-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
386 KCONFIG
:=$(KCONFIG_EBTABLES_IP4
)
387 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(EBTABLES_IP4-m
)))
390 define KernelPackage
/ebtables-ipv4
/description
391 This option adds the IPv4 support to ebtables
, which allows basic
392 IPv4 header field filtering
, ARP filtering
as well
as SNAT
, DNAT targets.
395 $(eval
$(call KernelPackage
,ebtables-ipv4
))
398 define KernelPackage
/ebtables-ipv6
399 $(call AddDepends
/ebtables
,)
400 TITLE
:=ebtables
: IPv6 support
401 FILES
:=$(foreach mod
,$(EBTABLES_IP6-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
402 KCONFIG
:=$(KCONFIG_EBTABLES_IP6
)
403 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(EBTABLES_IP6-m
)))
406 define KernelPackage
/ebtables-ipv6
/description
407 This option adds the IPv6 support to ebtables
, which allows basic
408 IPv6 header field filtering and target support.
411 $(eval
$(call KernelPackage
,ebtables-ipv6
))
414 define KernelPackage
/ebtables-watchers
415 $(call AddDepends
/ebtables
,)
416 TITLE
:=ebtables
: watchers support
417 FILES
:=$(foreach mod
,$(EBTABLES_WATCHERS-m
),$(LINUX_DIR
)/net
/$(mod
).
$(LINUX_KMOD_SUFFIX
))
418 KCONFIG
:=$(KCONFIG_EBTABLES_WATCHERS
)
419 AUTOLOAD
:=$(call AutoLoad
,49,$(notdir $(EBTABLES_WATCHERS-m
)))
422 define KernelPackage
/ebtables-watchers
/description
423 This option adds the log watchers
, that you can use in any rule
424 in any ebtables table.
427 $(eval
$(call KernelPackage
,ebtables-watchers
))
430 define KernelPackage
/nfnetlink
432 TITLE
:=Netlink-based userspace interface
433 DEPENDS
:=@LINUX_2_6
+kmod-ipt-core
434 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nfnetlink.
$(LINUX_KMOD_SUFFIX
)
435 KCONFIG
:=CONFIG_NETFILTER_NETLINK
436 AUTOLOAD
:=$(call AutoLoad
,48,nfnetlink
)
439 define KernelPackage
/nfnetlink
/description
440 Kernel modules support for a netlink-based userspace interface
443 $(eval
$(call KernelPackage
,nfnetlink
))
446 define AddDepends
/nfnetlink
448 DEPENDS
:=@LINUX_2_6
+kmod-nfnetlink
$(1)
452 define KernelPackage
/nfnetlink-log
453 $(call AddDepends
/nfnetlink
,)
454 TITLE
:=Netfilter LOG over NFNETLINK interface
455 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nfnetlink_log.
$(LINUX_KMOD_SUFFIX
)
456 KCONFIG
:=CONFIG_NETFILTER_NETLINK_LOG
457 AUTOLOAD
:=$(call AutoLoad
,48,nfnetlink_log
)
460 define KernelPackage
/nfnetlink-log
/description
461 Kernel modules support for logging packets via NFNETLINK
464 $(eval
$(call KernelPackage
,nfnetlink-log
))
467 define KernelPackage
/nfnetlink-queue
468 $(call AddDepends
/nfnetlink
,)
469 TITLE
:=Netfilter QUEUE over NFNETLINK interface
470 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nfnetlink_queue.
$(LINUX_KMOD_SUFFIX
)
471 KCONFIG
:=CONFIG_NETFILTER_NETLINK_QUEUE
472 AUTOLOAD
:=$(call AutoLoad
,48,nfnetlink_queue
)
475 define KernelPackage
/nfnetlink-queue
/description
476 Kernel modules support for queueing packets via NFNETLINK
479 $(eval
$(call KernelPackage
,nfnetlink-queue
))
482 define KernelPackage
/nf-conntrack-netlink
483 $(call AddDepends
/nfnetlink
,+kmod-ipt-conntrack
)
484 TITLE
:=Connection tracking netlink interface
485 FILES
:=$(LINUX_DIR
)/net
/netfilter
/nf_conntrack_netlink.
$(LINUX_KMOD_SUFFIX
)
486 KCONFIG
:=CONFIG_NF_CT_NETLINK
487 AUTOLOAD
:=$(call AutoLoad
,49,nf_conntrack_netlink
)
490 define KernelPackage
/nf-conntrack-netlink
/description
491 Kernel modules support for a netlink-based connection tracking
495 $(eval
$(call KernelPackage
,nf-conntrack-netlink
))