Root/package/kernel/modules/netfilter.mk

1
2#
3# Copyright (C) 2006-2010 OpenWrt.org
4#
5# This is free software, licensed under the GNU General Public License v2.
6# See /LICENSE for more information.
7#
8
9NF_MENU:=Netfilter Extensions
10NF_KMOD:=1
11include $(INCLUDE_DIR)/netfilter.mk
12
13define KernelPackage/ipt-core
14  SUBMENU:=$(NF_MENU)
15  TITLE:=Netfilter core
16  KCONFIG:= \
17      CONFIG_NETFILTER=y \
18    CONFIG_NETFILTER_ADVANCED=y \
19    $(KCONFIG_IPT_CORE)
20  FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
21  AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
22endef
23
24define KernelPackage/ipt-core/description
25 Netfilter core kernel modules
26 Includes:
27 - comment
28 - limit
29 - LOG
30 - mac
31 - multiport
32 - REJECT
33 - TCPMSS
34endef
35
36$(eval $(call KernelPackage,ipt-core))
37
38
39define AddDepends/ipt
40  SUBMENU:=$(NF_MENU)
41  DEPENDS+= kmod-ipt-core $(1)
42endef
43
44
45define KernelPackage/ipt-conntrack
46  TITLE:=Basic connection tracking modules
47  KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
48  FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
49  AUTOLOAD:=$(call AutoLoad,41,$(notdir $(IPT_CONNTRACK-m)))
50  $(call AddDepends/ipt)
51endef
52
53define KernelPackage/ipt-conntrack/description
54 Netfilter (IPv4) kernel modules for connection tracking
55 Includes:
56 - conntrack
57 - defrag
58 - iptables_raw
59 - NOTRACK
60 - state
61endef
62
63$(eval $(call KernelPackage,ipt-conntrack))
64
65
66define KernelPackage/ipt-conntrack-extra
67  TITLE:=Extra connection tracking modules
68  KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
69  FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
70  AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
71  $(call AddDepends/ipt,+kmod-ipt-conntrack)
72endef
73
74define KernelPackage/ipt-conntrack-extra/description
75 Netfilter (IPv4) extra kernel modules for connection tracking
76 Includes:
77 - connbytes
78 - connmark/CONNMARK
79 - conntrack
80 - helper
81 - recent
82endef
83
84$(eval $(call KernelPackage,ipt-conntrack-extra))
85
86
87define KernelPackage/ipt-filter
88  TITLE:=Modules for packet content inspection
89  KCONFIG:=$(KCONFIG_IPT_FILTER)
90  FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
91  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m)))
92  $(call AddDepends/ipt,+kmod-lib-textsearch)
93endef
94
95define KernelPackage/ipt-filter/description
96 Netfilter (IPv4) kernel modules for packet content inspection
97 Includes:
98 - layer7
99 - string
100endef
101
102$(eval $(call KernelPackage,ipt-filter))
103
104
105define KernelPackage/ipt-ipopt
106  TITLE:=Modules for matching/changing IP packet options
107  KCONFIG:=$(KCONFIG_IPT_IPOPT)
108  FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
109  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPOPT-m)))
110  $(call AddDepends/ipt)
111endef
112
113define KernelPackage/ipt-ipopt/description
114 Netfilter (IPv4) modules for matching/changing IP packet options
115 Includes:
116 - CLASSIFY
117 - dscp/DSCP
118 - ecn/ECN
119 - hl/HL
120 - length
121 - mark/MARK
122 - statistic
123 - tcpmss
124 - time
125 - ttl/TTL
126 - unclean
127endef
128
129$(eval $(call KernelPackage,ipt-ipopt))
130
131
132define KernelPackage/ipt-ipsec
133  TITLE:=Modules for matching IPSec packets
134  KCONFIG:=$(KCONFIG_IPT_IPSEC)
135  FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
136  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSEC-m)))
137  $(call AddDepends/ipt)
138endef
139
140define KernelPackage/ipt-ipsec/description
141 Netfilter (IPv4) modules for matching IPSec packets
142 Includes:
143 - ah
144 - esp
145 - policy
146endef
147
148$(eval $(call KernelPackage,ipt-ipsec))
149
150
151define KernelPackage/ipt-nat
152  TITLE:=Basic NAT targets
153  KCONFIG:=$(KCONFIG_IPT_NAT)
154  FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
155  AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT-m)))
156  $(call AddDepends/ipt,+kmod-ipt-conntrack)
157endef
158
159define KernelPackage/ipt-nat/description
160 Netfilter (IPv4) kernel modules for basic NAT targets
161 Includes:
162 - MASQUERADE
163endef
164
165$(eval $(call KernelPackage,ipt-nat))
166
167
168define KernelPackage/ipt-nat-extra
169  TITLE:=Extra NAT targets
170  KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
171  FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
172  AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT_EXTRA-m)))
173  $(call AddDepends/ipt,+kmod-ipt-nat)
174endef
175
176define KernelPackage/ipt-nat-extra/description
177 Netfilter (IPv4) kernel modules for extra NAT targets
178 Includes:
179 - NETMAP
180 - REDIRECT
181endef
182
183$(eval $(call KernelPackage,ipt-nat-extra))
184
185
186define KernelPackage/ipt-nathelper
187  TITLE:=Basic Conntrack and NAT helpers
188  KCONFIG:=$(KCONFIG_IPT_NATHELPER)
189  FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
190  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER-m)))
191  $(call AddDepends/ipt,+kmod-ipt-nat)
192endef
193
194define KernelPackage/ipt-nathelper/description
195 Default Netfilter (IPv4) Conntrack and NAT helpers
196 Includes:
197 - ftp
198 - irc
199 - tftp
200endef
201
202$(eval $(call KernelPackage,ipt-nathelper))
203
204
205define KernelPackage/ipt-nathelper-extra
206  TITLE:=Extra Conntrack and NAT helpers
207  KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
208  FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
209  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m)))
210  $(call AddDepends/ipt,+kmod-ipt-nat +kmod-lib-textsearch)
211endef
212
213define KernelPackage/ipt-nathelper-extra/description
214 Extra Netfilter (IPv4) Conntrack and NAT helpers
215 Includes:
216 - amanda
217 - h323
218 - mms
219 - pptp
220 - proto_gre
221 - sip
222 - snmp_basic
223 - broadcast
224endef
225
226$(eval $(call KernelPackage,ipt-nathelper-extra))
227
228
229define KernelPackage/ipt-queue
230  TITLE:=Module for user-space packet queueing
231  KCONFIG:=$(KCONFIG_IPT_QUEUE)
232  DEPENDS:=@!LINUX_3_6
233  FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
234  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_QUEUE-m)))
235  $(call AddDepends/ipt)
236endef
237
238define KernelPackage/ipt-queue/description
239 Netfilter (IPv4) module for user-space packet queueing
240 Includes:
241 - QUEUE
242endef
243
244$(eval $(call KernelPackage,ipt-queue))
245
246
247define KernelPackage/ipt-ulog
248  TITLE:=Module for user-space packet logging
249  KCONFIG:=$(KCONFIG_IPT_ULOG)
250  FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
251  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_ULOG-m)))
252  $(call AddDepends/ipt)
253endef
254
255define KernelPackage/ipt-ulog/description
256 Netfilter (IPv4) module for user-space packet logging
257 Includes:
258 - ULOG
259endef
260
261$(eval $(call KernelPackage,ipt-ulog))
262
263
264define KernelPackage/ipt-debug
265  TITLE:=Module for debugging/development
266  KCONFIG:=$(KCONFIG_IPT_DEBUG)
267  DEFAULT:=n
268  FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
269  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_DEBUG-m)))
270  $(call AddDepends/ipt)
271endef
272
273define KernelPackage/ipt-debug/description
274 Netfilter modules for debugging/development of the firewall
275 Includes:
276 - TRACE
277endef
278
279$(eval $(call KernelPackage,ipt-debug))
280
281
282define KernelPackage/ipt-led
283  TITLE:=Module to trigger a LED with a Netfilter rule
284  KCONFIG:=$(KCONFIG_IPT_LED)
285  FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
286  AUTOLOAD:=$(call AutoLoad,61,$(notdir $(IPT_LED-m)))
287  $(call AddDepends/ipt)
288endef
289
290define KernelPackage/ipt-led/description
291 Netfilter target to trigger a LED when a network packet is matched.
292endef
293
294$(eval $(call KernelPackage,ipt-led))
295
296define KernelPackage/ipt-tproxy
297  TITLE:=Transparent proxying support
298  DEPENDS+=+IPV6:kmod-ipv6
299  KCONFIG:= \
300      CONFIG_NETFILTER_TPROXY \
301      CONFIG_NETFILTER_XT_MATCH_SOCKET \
302      CONFIG_NETFILTER_XT_TARGET_TPROXY
303  FILES:= \
304      $(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko \
305      $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
306  AUTOLOAD:=$(call AutoLoad,50,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
307  $(call AddDepends/ipt)
308endef
309
310define KernelPackage/ipt-tproxy/description
311  Kernel modules for Transparent Proxying
312endef
313
314$(eval $(call KernelPackage,ipt-tproxy))
315
316define KernelPackage/ipt-tee
317  TITLE:=TEE support
318  KCONFIG:= \
319      CONFIG_NETFILTER_XT_TARGET_TEE
320  FILES:= \
321      $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
322      $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
323  AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tee $(IPT_TEE-m)))
324  $(call AddDepends/ipt)
325endef
326
327define KernelPackage/ipt-tee/description
328  Kernel modules for TEE
329endef
330
331$(eval $(call KernelPackage,ipt-tee))
332
333
334define KernelPackage/ipt-u32
335  TITLE:=U32 support
336  KCONFIG:= \
337      CONFIG_NETFILTER_XT_MATCH_U32
338  FILES:= \
339      $(LINUX_DIR)/net/netfilter/xt_u32.ko \
340      $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
341  AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tee $(IPT_U32-m)))
342  $(call AddDepends/ipt)
343endef
344
345define KernelPackage/ipt-u32/description
346  Kernel modules for U32
347endef
348
349$(eval $(call KernelPackage,ipt-u32))
350
351
352define KernelPackage/ipt-iprange
353  TITLE:=Module for matching ip ranges
354  KCONFIG:=$(KCONFIG_IPT_IPRANGE)
355  FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
356  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPRANGE-m)))
357  $(call AddDepends/ipt)
358endef
359
360define KernelPackage/ipt-iprange/description
361 Netfilter (IPv4) module for matching ip ranges
362 Includes:
363 - iprange
364endef
365
366$(eval $(call KernelPackage,ipt-iprange))
367
368
369define KernelPackage/ipt-extra
370  TITLE:=Extra modules
371  KCONFIG:=$(KCONFIG_IPT_EXTRA)
372  FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
373  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_EXTRA-m)))
374  $(call AddDepends/ipt)
375endef
376
377define KernelPackage/ipt-extra/description
378 Other Netfilter (IPv4) kernel modules
379 Includes:
380 - owner
381 - physdev (if bridge support was enabled in kernel)
382 - pkttype
383 - quota
384endef
385
386$(eval $(call KernelPackage,ipt-extra))
387
388
389define KernelPackage/ip6tables
390  SUBMENU:=$(NF_MENU)
391  TITLE:=IPv6 modules
392  DEPENDS:=+kmod-ipv6
393  KCONFIG:=$(KCONFIG_IPT_IPV6)
394  FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
395  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
396endef
397
398define KernelPackage/ip6tables/description
399 Netfilter IPv6 firewalling support
400endef
401
402$(eval $(call KernelPackage,ip6tables))
403
404
405define KernelPackage/arptables
406  SUBMENU:=$(NF_MENU)
407  TITLE:=ARP firewalling modules
408  FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
409  KCONFIG:=CONFIG_IP_NF_ARPTABLES \
410    CONFIG_IP_NF_ARPFILTER \
411    CONFIG_IP_NF_ARP_MANGLE
412  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.ko))))
413endef
414
415define KernelPackage/arptables/description
416 Kernel modules for ARP firewalling
417endef
418
419$(eval $(call KernelPackage,arptables))
420
421
422define KernelPackage/ebtables
423  SUBMENU:=$(NF_MENU)
424  TITLE:=Bridge firewalling modules
425  FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
426  KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
427    $(KCONFIG_EBTABLES)
428  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES-m)))
429endef
430
431define KernelPackage/ebtables/description
432  ebtables is a general, extensible frame/packet identification
433  framework. It provides you to do Ethernet
434  filtering/NAT/brouting on the Ethernet bridge.
435endef
436
437$(eval $(call KernelPackage,ebtables))
438
439
440define AddDepends/ebtables
441  SUBMENU:=$(NF_MENU)
442  DEPENDS+=kmod-ebtables $(1)
443endef
444
445
446define KernelPackage/ebtables-ipv4
447  TITLE:=ebtables: IPv4 support
448  FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
449  KCONFIG:=$(KCONFIG_EBTABLES_IP4)
450  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP4-m)))
451  $(call AddDepends/ebtables)
452endef
453
454define KernelPackage/ebtables-ipv4/description
455 This option adds the IPv4 support to ebtables, which allows basic
456 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
457endef
458
459$(eval $(call KernelPackage,ebtables-ipv4))
460
461
462define KernelPackage/ebtables-ipv6
463  TITLE:=ebtables: IPv6 support
464  FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
465  KCONFIG:=$(KCONFIG_EBTABLES_IP6)
466  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP6-m)))
467  $(call AddDepends/ebtables)
468endef
469
470define KernelPackage/ebtables-ipv6/description
471 This option adds the IPv6 support to ebtables, which allows basic
472 IPv6 header field filtering and target support.
473endef
474
475$(eval $(call KernelPackage,ebtables-ipv6))
476
477
478define KernelPackage/ebtables-watchers
479  TITLE:=ebtables: watchers support
480  FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
481  KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
482  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_WATCHERS-m)))
483  $(call AddDepends/ebtables)
484endef
485
486define KernelPackage/ebtables-watchers/description
487 This option adds the log watchers, that you can use in any rule
488 in any ebtables table.
489endef
490
491$(eval $(call KernelPackage,ebtables-watchers))
492
493
494define KernelPackage/nfnetlink
495  SUBMENU:=$(NF_MENU)
496  TITLE:=Netlink-based userspace interface
497  DEPENDS:=+kmod-ipt-core
498  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko
499  KCONFIG:=CONFIG_NETFILTER_NETLINK
500  AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
501endef
502
503define KernelPackage/nfnetlink/description
504 Kernel modules support for a netlink-based userspace interface
505endef
506
507$(eval $(call KernelPackage,nfnetlink))
508
509
510define AddDepends/nfnetlink
511  SUBMENU:=$(NF_MENU)
512  DEPENDS+=+kmod-nfnetlink $(1)
513endef
514
515
516define KernelPackage/nfnetlink-log
517  TITLE:=Netfilter LOG over NFNETLINK interface
518  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko
519  KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
520  AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log)
521  $(call AddDepends/nfnetlink)
522endef
523
524define KernelPackage/nfnetlink-log/description
525 Kernel modules support for logging packets via NFNETLINK
526endef
527
528$(eval $(call KernelPackage,nfnetlink-log))
529
530
531define KernelPackage/nfnetlink-queue
532  TITLE:=Netfilter QUEUE over NFNETLINK interface
533  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko
534  KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
535  AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue)
536  $(call AddDepends/nfnetlink)
537endef
538
539define KernelPackage/nfnetlink-queue/description
540 Kernel modules support for queueing packets via NFNETLINK
541endef
542
543$(eval $(call KernelPackage,nfnetlink-queue))
544
545
546define KernelPackage/nf-conntrack-netlink
547  TITLE:=Connection tracking netlink interface
548  FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
549  KCONFIG:=CONFIG_NF_CT_NETLINK
550  AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink)
551  $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
552endef
553
554define KernelPackage/nf-conntrack-netlink/description
555 Kernel modules support for a netlink-based connection tracking
556 userspace interface
557endef
558
559$(eval $(call KernelPackage,nf-conntrack-netlink))
560
561define KernelPackage/ipt-hashlimit
562  SUBMENU:=$(NF_MENU)
563  TITLE:=Netfilter hashlimit match
564  KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
565  FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
566  AUTOLOAD:=$(call AutoLoad,50,xt_hashlimit)
567  $(call KernelPackage/ipt)
568endef
569
570define KernelPackage/ipt-hashlimit/description
571 Kernel modules support for the hashlimit bucket match module
572endef
573
574$(eval $(call KernelPackage,ipt-hashlimit))
575

Archive Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl



interactive