mirror of https://github.com/hak5/openwrt.git
netfilter: fix file conflicts between kmod-ipt- and kmod-nft- packages
The nf_reject_* and nf_nat_masquerade_* modules are moved into the corresponding kmod-nf- packages. Appropriate dependencies are added to the kmod-nft- packages. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>lede-17.01
parent
c50ba61caf
commit
cea09329e5
|
@ -32,6 +32,7 @@ endef
|
|||
# kernel only
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT,CONFIG_IP_NF_IPTABLES, $(P_V4)ip_tables),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT,CONFIG_NETFILTER_XTABLES, $(P_XT)x_tables),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT,CONFIG_NF_REJECT_IPV4, $(P_V4)nf_reject_ipv4),))
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XTABLES, $(P_XT)xt_tcpudp),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptable_filter),))
|
||||
|
@ -54,7 +55,6 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_comm
|
|||
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_V4)nf_log_ipv4))
|
||||
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
|
||||
$(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
|
||||
$(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)nf_reject_ipv4))
|
||||
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time))
|
||||
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MARK, $(P_XT)xt_mark))
|
||||
|
||||
|
@ -143,6 +143,7 @@ $(eval $(call nf_add,IPT_IPSEC,CONFIG_NETFILTER_XT_MATCH_POLICY, $(P_XT)xt_polic
|
|||
|
||||
# kernel only
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT6,CONFIG_IP6_NF_IPTABLES, $(P_V6)ip6_tables),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT6,CONFIG_NF_REJECT_IPV6, $(P_V6)nf_reject_ipv6),))
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_DEFRAG_IPV6, $(P_V6)nf_defrag_ipv6),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_CONNTRACK_IPV6, $(P_V6)nf_conntrack_ipv6),))
|
||||
|
@ -158,7 +159,6 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp
|
|||
|
||||
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG))
|
||||
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT))
|
||||
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)nf_reject_ipv6))
|
||||
|
||||
# ipv6 extra
|
||||
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header))
|
||||
|
@ -175,12 +175,14 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
|
|||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),))
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),))
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_NAT, $(P_V6)ip6table_nat),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_NAT, $(P_V6)nf_nat_masquerade_ipv6),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_MASQUERADE, $(P_V6)ip6t_MASQUERADE),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT),))
|
||||
|
||||
|
@ -189,7 +191,6 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT))
|
|||
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, ip6t_DNPT ip6t_SNPT)))
|
||||
|
||||
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)ipt_MASQUERADE))
|
||||
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)nf_nat_masquerade_ipv4))
|
||||
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT))
|
||||
|
||||
|
||||
|
@ -324,8 +325,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_LOG, $(P_XT)nft_log),))
|
|||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_LIMIT, $(P_XT)nft_limit),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT, $(P_XT)nft_reject $(P_V4)nft_reject_ipv4 $(P_V6)nft_reject_ipv6),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft_reject_inet),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_REJECT_IPV4, $(P_V4)nf_reject_ipv4),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_REJECT_IPV6, $(P_V6)nf_reject_ipv6),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_IPV4, $(P_V4)nf_tables_ipv4),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CHAIN_ROUTE_IPV4, $(P_V4)nft_chain_route_ipv4),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_IPV6, $(P_V6)nf_tables_ipv6),))
|
||||
|
@ -333,8 +332,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CHAIN_ROUTE_IPV6, $(P_V
|
|||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REDIR, $(P_XT)nft_redir, ge 3.19.0),))
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_CHAIN_NAT_IPV4, $(P_V4)nft_chain_nat_ipv4),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_REDIR_IPV4, $(P_V4)nft_redir_ipv4, ge 3.19.0),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_REDIR_IPV6, $(P_V6)nft_redir_ipv6, ge 3.19.0),))
|
||||
|
|
|
@ -819,7 +819,7 @@ $(eval $(call KernelPackage,ipt-hashlimit))
|
|||
define KernelPackage/nft-core
|
||||
SUBMENU:=$(NF_MENU)
|
||||
TITLE:=Netfilter nf_tables support
|
||||
DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
|
||||
DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 +kmod-nf-ipt +kmod-nf-ipt6
|
||||
FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
|
||||
KCONFIG:= \
|
||||
|
@ -842,7 +842,7 @@ $(eval $(call KernelPackage,nft-core))
|
|||
define KernelPackage/nft-nat
|
||||
SUBMENU:=$(NF_MENU)
|
||||
TITLE:=Netfilter nf_tables NAT support
|
||||
DEPENDS:=+kmod-nft-core +kmod-nf-nat
|
||||
DEPENDS:=+kmod-nft-core +kmod-nf-nat +kmod-nf-nat6
|
||||
FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
|
||||
KCONFIG:=$(KCONFIG_NFT_NAT)
|
||||
|
|
|
@ -2618,6 +2618,7 @@ CONFIG_NF_CONNTRACK_PROCFS=y
|
|||
# CONFIG_NF_NAT_SNMP_BASIC is not set
|
||||
# CONFIG_NF_NAT_TFTP is not set
|
||||
# CONFIG_NF_REJECT_IPV4 is not set
|
||||
# CONFIG_NF_REJECT_IPV6 is not set
|
||||
# CONFIG_NF_TABLES is not set
|
||||
# CONFIG_NI52 is not set
|
||||
# CONFIG_NI65 is not set
|
||||
|
|
|
@ -2717,6 +2717,7 @@ CONFIG_NF_CONNTRACK_PROCFS=y
|
|||
# CONFIG_NF_NAT_SNMP_BASIC is not set
|
||||
# CONFIG_NF_NAT_TFTP is not set
|
||||
# CONFIG_NF_REJECT_IPV4 is not set
|
||||
# CONFIG_NF_REJECT_IPV6 is not set
|
||||
# CONFIG_NF_TABLES is not set
|
||||
# CONFIG_NI52 is not set
|
||||
# CONFIG_NI65 is not set
|
||||
|
|
|
@ -2706,6 +2706,7 @@ CONFIG_NF_CONNTRACK_PROCFS=y
|
|||
# CONFIG_NF_NAT_SNMP_BASIC is not set
|
||||
# CONFIG_NF_NAT_TFTP is not set
|
||||
# CONFIG_NF_REJECT_IPV4 is not set
|
||||
# CONFIG_NF_REJECT_IPV6 is not set
|
||||
# CONFIG_NF_TABLES is not set
|
||||
# CONFIG_NF_TABLES_NETDEV is not set
|
||||
# CONFIG_NI65 is not set
|
||||
|
|
Loading…
Reference in New Issue