source: trunk/package/kernel/modules/netfilter.mk @ 14779

Last change on this file since 14779 was 14779, checked in by hauke, 8 years ago

[kernel] ipt-extra not broken on kernel 2.6.28 any more as CHAOS, TARPIT and DELUDE references were removed in r14461

  • Property svn:eol-style set to native
File size: 11.9 KB
Line 
1#
2# Copyright (C) 2006-2008 OpenWrt.org
3#
4# This is free software, licensed under the GNU General Public License v2.
5# See /LICENSE for more information.
6#
7# $Id$
8
9NF_MENU:=Netfilter Extensions
10NF_KMOD:=1
11include $(INCLUDE_DIR)/netfilter.mk
12
13define KernelPackage/ipt-core
14  SUBMENU:=$(NF_MENU)
15  TITLE:=Netfilter core
16  KCONFIG:=$(KCONFIG_IPT_CORE)
17  FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
18  AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
19endef
20
21define KernelPackage/ipt-core/description
22 Netfilter core kernel modules
23 Includes:
24 - limit
25 - LOG
26 - mac
27 - multiport
28 - TCPMSS
29 - REJECT
30endef
31
32$(eval $(call KernelPackage,ipt-core))
33
34
35define KernelPackage/ipt-conntrack
36  SUBMENU:=$(NF_MENU)
37  TITLE:=Basic connection tracking modules
38  KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
39  FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
40  AUTOLOAD:=$(call AutoLoad,41,$(notdir $(IPT_CONNTRACK-m)))
41  DEPENDS:= kmod-ipt-core
42endef
43
44define KernelPackage/ipt-conntrack/description
45 Netfilter (IPv4) kernel modules for connection tracking
46 Includes:
47 - state
48endef
49
50$(eval $(call KernelPackage,ipt-conntrack))
51
52
53define KernelPackage/ipt-conntrack-extra
54  SUBMENU:=$(NF_MENU)
55  TITLE:=Extra connection tracking modules
56  KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
57  FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
58  AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
59  DEPENDS:= kmod-ipt-core +kmod-ipt-conntrack
60endef
61
62define KernelPackage/ipt-conntrack-extra/description
63 Netfilter (IPv4) extra kernel modules for connection tracking
64 Includes:
65 - connbytes
66 - connmark/CONNMARK
67 - conntrack
68 - helper
69 - recent
70 - NOTRACK
71endef
72
73$(eval $(call KernelPackage,ipt-conntrack-extra))
74
75
76define KernelPackage/ipt-filter
77  SUBMENU:=$(NF_MENU)
78  TITLE:=Modules for packet content inspection
79  KCONFIG:=$(KCONFIG_IPT_FILTER)
80  FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
81  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m)))
82  DEPENDS:= kmod-ipt-core +kmod-textsearch
83endef
84
85define KernelPackage/ipt-filter/description
86 Netfilter (IPv4) kernel modules for packet content inspection
87 Includes:
88 - ipt_layer7
89 - ipt_string
90endef
91
92$(eval $(call KernelPackage,ipt-filter))
93
94
95define KernelPackage/ipt-ipopt
96  SUBMENU:=$(NF_MENU)
97  TITLE:=Modules for matching/changing IP packet options
98  KCONFIG:=$(KCONFIG_IPT_IPOPT)
99  FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
100  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPOPT-m)))
101  DEPENDS:= kmod-ipt-core
102endef
103
104define KernelPackage/ipt-ipopt/description
105 Netfilter (IPv4) modules for matching/changing IP packet options
106 Includes:
107 - ipt_CLASSIFY
108 - ipt_dscp/DSCP
109 - ipt_ecn/ECN
110 - ipt_length
111 - ipt_tos/TOS
112 - ipt_tcpmms
113 - ipt_ttl/TTL
114 - ipt_unclean
115endef
116
117$(eval $(call KernelPackage,ipt-ipopt))
118
119
120define KernelPackage/ipt-ipsec
121  SUBMENU:=$(NF_MENU)
122  TITLE:=Modules for matching IPSec packets
123  KCONFIG:=$(KCONFIG_IPT_IPSEC)
124  FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
125  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSEC-m)))
126  DEPENDS:= kmod-ipt-core
127endef
128
129define KernelPackage/ipt-ipsec/description
130 Netfilter (IPv4) modules for matching IPSec packets
131 Includes:
132 - ipt_ah
133 - ipt_esp
134endef
135
136$(eval $(call KernelPackage,ipt-ipsec))
137
138
139define KernelPackage/ipt-nat
140  SUBMENU:=$(NF_MENU)
141  TITLE:=Basic NAT targets
142  KCONFIG:=$(KCONFIG_IPT_NAT)
143  FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
144  AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT-m)))
145  DEPENDS:= kmod-ipt-core +kmod-ipt-conntrack
146endef
147
148define KernelPackage/ipt-nat/description
149 Netfilter (IPv4) kernel modules for basic NAT targets
150 Includes:
151 - MASQUERADE
152endef
153
154$(eval $(call KernelPackage,ipt-nat))
155
156
157define KernelPackage/ipt-nat-extra
158  SUBMENU:=$(NF_MENU)
159  TITLE:=Extra NAT targets
160  KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
161  FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
162  AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT_EXTRA-m)))
163  DEPENDS:= kmod-ipt-core +kmod-ipt-nat
164endef
165
166define KernelPackage/ipt-nat-extra/description
167 Netfilter (IPv4) kernel modules for extra NAT targets
168 Includes:
169 - MIRROR
170 - NETMAP
171 - REDIRECT
172endef
173
174$(eval $(call KernelPackage,ipt-nat-extra))
175
176
177define KernelPackage/ipt-nathelper
178  SUBMENU:=$(NF_MENU)
179  TITLE:=Basic Conntrack and NAT helpers
180  KCONFIG:=$(KCONFIG_IPT_NATHELPER)
181  FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
182  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER-m)))
183  DEPENDS:= kmod-ipt-core +kmod-ipt-nat
184endef
185
186define KernelPackage/ipt-nathelper/description
187 Default Netfilter (IPv4) Conntrack and NAT helpers
188 Includes:
189 - conntrack_ftp
190 - nat_ftp
191 - conntrack_irc
192 - nat_irc
193 - conntrack_tftp
194 - nat_tftp
195endef
196
197$(eval $(call KernelPackage,ipt-nathelper))
198
199
200define KernelPackage/ipt-nathelper-extra
201  SUBMENU:=$(NF_MENU)
202  TITLE:=Extra Conntrack and NAT helpers
203  KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
204  FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
205  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m)))
206  DEPENDS:= kmod-ipt-core +kmod-ipt-nat +kmod-textsearch
207endef
208
209define KernelPackage/ipt-nathelper-extra/description
210 Extra Netfilter (IPv4) Conntrack and NAT helpers
211 Includes:
212 - ip_conntrack_amanda
213 - ip_conntrack_proto_gre
214 - ip_nat_proto_gre
215 - ip_conntrack_pptp
216 - ip_nat_pptp
217 - ip_conntrack_sip
218 - ip_nat_sip
219 - ip_nat_snmp_basic
220endef
221
222$(eval $(call KernelPackage,ipt-nathelper-extra))
223
224
225define KernelPackage/ipt-imq
226  SUBMENU:=$(NF_MENU)
227  TITLE:=Intermediate Queueing support
228  KCONFIG:= \
229        CONFIG_IMQ \
230        CONFIG_IMQ_BEHAVIOR_BA=y \
231        CONFIG_IMQ_NUM_DEVS=2 \
232        CONFIG_IP_NF_TARGET_IMQ
233  FILES:= \
234        $(LINUX_DIR)/drivers/net/imq.$(LINUX_KMOD_SUFFIX) \
235        $(foreach mod,$(IPT_IMQ-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
236  AUTOLOAD:=$(call AutoLoad,45,$(notdir \
237        imq \
238        $(IPT_IMQ-m) \
239  ))
240  DEPENDS:= kmod-ipt-core
241endef
242
243define KernelPackage/ipt-imq/description
244 Kernel support for Intermediate Queueing devices
245endef
246
247$(eval $(call KernelPackage,ipt-imq))
248
249
250define KernelPackage/ipt-queue
251  SUBMENU:=$(NF_MENU)
252  TITLE:=Module for user-space packet queueing
253  KCONFIG:=$(KCONFIG_IPT_QUEUE)
254  FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
255  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_QUEUE-m)))
256  DEPENDS:= kmod-ipt-core
257endef
258
259define KernelPackage/ipt-queue/description
260 Netfilter (IPv4) module for user-space packet queueing
261 Includes:
262 - QUEUE
263endef
264
265$(eval $(call KernelPackage,ipt-queue))
266
267
268define KernelPackage/ipt-ulog
269  SUBMENU:=$(NF_MENU)
270  TITLE:=Module for user-space packet logging
271  KCONFIG:=$(KCONFIG_IPT_ULOG)
272  FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
273  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_ULOG-m)))
274  DEPENDS:= kmod-ipt-core
275endef
276
277define KernelPackage/ipt-ulog/description
278 Netfilter (IPv4) module for user-space packet logging
279 Includes:
280 - ipt_ULOG
281endef
282
283$(eval $(call KernelPackage,ipt-ulog))
284
285
286define KernelPackage/ipt-iprange
287  SUBMENU:=$(NF_MENU)
288  TITLE:=Module for matching ip ranges
289  FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
290  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPRANGE-m)))
291  DEPENDS:= kmod-ipt-core
292endef
293
294define KernelPackage/ipt-iprange/description
295 Netfilter (IPv4) module for matching ip ranges
296 Includes:
297 - ipt_IPRANGE
298endef
299
300$(eval $(call KernelPackage,ipt-iprange))
301
302
303define KernelPackage/ipt-ipset
304  SUBMENU:=$(NF_MENU)
305  TITLE:=IPSET Modules
306  KCONFIG:=$(KCONFIG_IPT_IPSET)
307  FILES:=$(foreach mod,$(IPT_IPSET-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
308  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSET-m)))
309  DEPENDS:= kmod-ipt-core
310endef
311
312define KernelPackage/ipt-ipset/description
313 Netfilter kernel modules for ipset
314 Includes:
315 - ip_set
316 - ip_set_iphash
317 - ip_set_ipmap
318 - ip_set_ipporthash
319 - ip_set_iptree
320 - ip_set_iptreemap
321 - ip_set_macipmap
322 - ip_set_nethash
323 - ip_set_portmap
324 - ipt_set
325 - ipt_SET
326endef
327
328$(eval $(call KernelPackage,ipt-ipset))
329
330
331define KernelPackage/ipt-extra
332  SUBMENU:=$(NF_MENU)
333  TITLE:=Extra modules
334  KCONFIG:=$(KCONFIG_IPT_EXTRA)
335  FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
336  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_EXTRA-m)))
337  DEPENDS:= kmod-ipt-core
338endef
339
340define KernelPackage/ipt-extra/description
341 Other Netfilter (IPv4) kernel modules
342 Includes:
343 - ipt_owner
344 - ipt_physdev
345 - ipt_pkttype
346 - ipt_recent
347 - iptable_raw
348 - xt_NOTRACK
349endef
350
351$(eval $(call KernelPackage,ipt-extra))
352
353
354define KernelPackage/ip6tables
355  SUBMENU:=$(NF_MENU)
356  TITLE:=IPv6 modules
357  DEPENDS:=+kmod-ipv6
358  KCONFIG:=CONFIG_IP6_NF_IPTABLES
359  FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
360  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
361endef
362
363define KernelPackage/ip6tables/description
364 Netfilter IPv6 firewalling support
365endef
366
367$(eval $(call KernelPackage,ip6tables))
368
369
370define KernelPackage/arptables
371  SUBMENU:=$(NF_MENU)
372  TITLE:=ARP firewalling modules
373  FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)
374  KCONFIG:=CONFIG_IP_NF_ARPTABLES
375  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)))))
376endef
377
378define KernelPackage/arptables/description
379 Kernel modules for ARP firewalling
380endef
381
382$(eval $(call KernelPackage,arptables))
383
384define KernelPackage/ebtables
385  SUBMENU:=$(NF_MENU)
386  TITLE:=Bridge firewalling modules
387  DEPENDS:=@LINUX_2_6
388  FILES:=$(LINUX_DIR)/net/bridge/netfilter/*.$(LINUX_KMOD_SUFFIX)
389  KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
390        CONFIG_BRIDGE_NF_EBTABLES
391  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.ko,%,ebtables.ko $(wildcard $(LINUX_DIR)/net/bridge/netfilter/ebtable_*.$(LINUX_KMOD_SUFFIX)) $(wildcard $(LINUX_DIR)/net/bridge/netfilter/ebt_*.$(LINUX_KMOD_SUFFIX)))))
392endef
393
394define KernelPackage/ebtables/description
395 Kernel modules for Ethernet Bridge firewalling
396endef
397
398$(eval $(call KernelPackage,ebtables))
399
400
401define KernelPackage/nfnetlink
402  SUBMENU:=$(NF_MENU)
403  TITLE:=Netlink-based userspace interface
404  DEPENDS:=@LINUX_2_6 +kmod-ipt-core
405  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.$(LINUX_KMOD_SUFFIX)
406  KCONFIG:=CONFIG_NETFILTER_NETLINK
407  AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
408endef
409
410define KernelPackage/nfnetlink/description
411 Kernel modules support for a netlink-based userspace interface
412endef
413
414$(eval $(call KernelPackage,nfnetlink))
415
416
417define KernelPackage/nfnetlink-log
418  SUBMENU:=$(NF_MENU)
419  TITLE:=Netfilter LOG over NFNETLINK interface
420  DEPENDS:=@LINUX_2_6 +kmod-nfnetlink
421  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.$(LINUX_KMOD_SUFFIX)
422  KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
423  AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log)
424endef
425
426define KernelPackage/nfnetlink-log/description
427 Kernel modules support for logging packets via NFNETLINK
428endef
429
430$(eval $(call KernelPackage,nfnetlink-log))
431
432
433define KernelPackage/nfnetlink-queue
434  SUBMENU:=$(NF_MENU)
435  TITLE:=Netfilter QUEUE over NFNETLINK interface
436  DEPENDS:=@LINUX_2_6 +kmod-nfnetlink
437  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.$(LINUX_KMOD_SUFFIX)
438  KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
439  AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue)
440endef
441
442define KernelPackage/nfnetlink-queue/description
443 Kernel modules support for queueing packets via NFNETLINK
444endef
445
446$(eval $(call KernelPackage,nfnetlink-queue))
447
448
449define KernelPackage/nf-conntrack-netlink
450  SUBMENU:=$(NF_MENU)
451  TITLE:=Connection tracking netlink interface
452  DEPENDS:=@LINUX_2_6 +kmod-nfnetlink +kmod-ipt-conntrack
453  FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.$(LINUX_KMOD_SUFFIX)
454  KCONFIG:=CONFIG_NF_CT_NETLINK
455  AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink)
456endef
457
458define KernelPackage/nf-conntrack-netlink/description
459 Kernel modules support for a netlink-based connection tracking
460 userspace interface
461endef
462
463$(eval $(call KernelPackage,nf-conntrack-netlink))
Note: See TracBrowser for help on using the repository browser.