netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into base iptables package - drop iptables-mod-ipset
SVN-Revision: 36683
This commit is contained in:
parent
e8050c6c35
commit
8df6cd005c
|
@ -36,7 +36,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptabl
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),))
|
||||||
|
|
||||||
# userland only
|
# userland only
|
||||||
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp xt_comment)))
|
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp xt_comment xt_set xt_SET)))
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_LIMIT, $(P_XT)xt_limit))
|
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_LIMIT, $(P_XT)xt_limit))
|
||||||
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_MAC, $(P_XT)xt_mac))
|
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_MAC, $(P_XT)xt_mac))
|
||||||
|
@ -47,6 +47,14 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG, ge
|
||||||
$(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_LOG, $(P_V4)ipt_LOG, lt 3.4.0))
|
$(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_LOG, $(P_V4)ipt_LOG, lt 3.4.0))
|
||||||
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
|
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
|
||||||
$(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
|
$(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
|
||||||
|
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time))
|
||||||
|
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_MARK, $(P_XT)xt_mark))
|
||||||
|
|
||||||
|
# kernel has xt_MARK.ko merged into xt_mark.ko, userspace is still separate
|
||||||
|
# kernel: xt_mark.ko
|
||||||
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_MARK, $(P_XT)xt_mark)))
|
||||||
|
# userland: xt_MARK.so
|
||||||
|
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_MARK, $(P_XT)xt_MARK)))
|
||||||
|
|
||||||
|
|
||||||
# conntrack
|
# conntrack
|
||||||
|
@ -97,21 +105,13 @@ $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_DSCP, $(P_XT)xt_dscp))
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_DSCP, $(P_XT)xt_DSCP))
|
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_DSCP, $(P_XT)xt_DSCP))
|
||||||
$(eval $(call nf_add,IPT_HASHLIMIT,CONFIG_NETFILTER_XT_MATCH_HASHLIMIT, $(P_XT)xt_hashlimit))
|
$(eval $(call nf_add,IPT_HASHLIMIT,CONFIG_NETFILTER_XT_MATCH_HASHLIMIT, $(P_XT)xt_hashlimit))
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_LENGTH, $(P_XT)xt_length))
|
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_LENGTH, $(P_XT)xt_length))
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_MARK, $(P_XT)xt_mark))
|
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_STATISTIC, $(P_XT)xt_statistic))
|
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_STATISTIC, $(P_XT)xt_statistic))
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_TCPMSS, $(P_XT)xt_tcpmss))
|
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_TCPMSS, $(P_XT)xt_tcpmss))
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time))
|
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_CLASSIFY, $(P_XT)xt_CLASSIFY))
|
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_CLASSIFY, $(P_XT)xt_CLASSIFY))
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_MATCH_DSCP, $(P_V4)ipt_dscp))
|
$(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_MATCH_DSCP, $(P_V4)ipt_dscp))
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_TARGET_ECN, $(P_V4)ipt_ECN))
|
$(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_TARGET_ECN, $(P_V4)ipt_ECN))
|
||||||
|
|
||||||
# kernel has xt_MARK.ko merged into xt_mark.ko, userspace is still separate
|
|
||||||
# kernel: xt_mark.ko
|
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_MARK, $(P_XT)xt_mark)))
|
|
||||||
# userland: xt_MARK.so
|
|
||||||
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_MARK, $(P_XT)xt_MARK)))
|
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_ECN, $(P_XT)xt_ecn))
|
$(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_ECN, $(P_XT)xt_ecn))
|
||||||
|
|
||||||
# userland only
|
# userland only
|
||||||
|
@ -167,14 +167,14 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_V4)nf_nat $(P_V4
|
||||||
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT)))
|
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT)))
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)ipt_MASQUERADE))
|
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)ipt_MASQUERADE))
|
||||||
|
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT, ge 3.7.0))
|
||||||
|
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_V4)ipt_REDIRECT, lt 3.7.0))
|
||||||
|
|
||||||
|
|
||||||
# nat-extra
|
# nat-extra
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_XT)xt_NETMAP, ge 3.7.0))
|
$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_XT)xt_NETMAP, ge 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_V4)ipt_NETMAP, lt 3.7.0))
|
$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_V4)ipt_NETMAP, lt 3.7.0))
|
||||||
$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT, ge 3.7.0))
|
|
||||||
$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_REDIRECT, $(P_V4)ipt_REDIRECT, lt 3.7.0))
|
|
||||||
|
|
||||||
|
|
||||||
# nathelper
|
# nathelper
|
||||||
|
|
|
@ -62,20 +62,34 @@ IP firewall administration tool.
|
||||||
- tcp
|
- tcp
|
||||||
- udp
|
- udp
|
||||||
- comment
|
- comment
|
||||||
|
- conntrack
|
||||||
- limit
|
- limit
|
||||||
- mac
|
- mac
|
||||||
|
- mark
|
||||||
- multiport
|
- multiport
|
||||||
|
- set
|
||||||
|
- state
|
||||||
|
- time
|
||||||
|
|
||||||
Targets:
|
Targets:
|
||||||
- ACCEPT
|
- ACCEPT
|
||||||
|
- CT
|
||||||
|
- DNAT
|
||||||
- DROP
|
- DROP
|
||||||
- REJECT
|
- REJECT
|
||||||
- LOG
|
- LOG
|
||||||
|
- MARK
|
||||||
|
- MASQUERADE
|
||||||
|
- REDIRECT
|
||||||
|
- SET
|
||||||
|
- SNAT
|
||||||
- TCPMSS
|
- TCPMSS
|
||||||
|
|
||||||
Tables:
|
Tables:
|
||||||
- filter
|
- filter
|
||||||
- mangle
|
- mangle
|
||||||
|
- nat
|
||||||
|
- raw
|
||||||
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
@ -125,10 +139,8 @@ iptables extensions for matching/changing IP packet options.
|
||||||
- dscp
|
- dscp
|
||||||
- ecn
|
- ecn
|
||||||
- length
|
- length
|
||||||
- mark
|
|
||||||
- statistic
|
- statistic
|
||||||
- tcpmss
|
- tcpmss
|
||||||
- time
|
|
||||||
- unclean
|
- unclean
|
||||||
- hl
|
- hl
|
||||||
|
|
||||||
|
@ -136,7 +148,6 @@ iptables extensions for matching/changing IP packet options.
|
||||||
- DSCP
|
- DSCP
|
||||||
- CLASSIFY
|
- CLASSIFY
|
||||||
- ECN
|
- ECN
|
||||||
- MARK
|
|
||||||
- HL
|
- HL
|
||||||
|
|
||||||
endef
|
endef
|
||||||
|
@ -156,22 +167,6 @@ iptables extensions for matching ipsec traffic.
|
||||||
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/iptables-mod-ipset
|
|
||||||
$(call Package/iptables/Module,)
|
|
||||||
TITLE:=IPset iptables extensions
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/iptables-mod-ipset/description
|
|
||||||
IPset iptables extensions.
|
|
||||||
|
|
||||||
Matches:
|
|
||||||
- set
|
|
||||||
|
|
||||||
Targets:
|
|
||||||
- SET
|
|
||||||
|
|
||||||
endef
|
|
||||||
|
|
||||||
define Package/iptables-mod-nat-extra
|
define Package/iptables-mod-nat-extra
|
||||||
$(call Package/iptables/Module, +kmod-ipt-nat-extra)
|
$(call Package/iptables/Module, +kmod-ipt-nat-extra)
|
||||||
TITLE:=Extra NAT extensions
|
TITLE:=Extra NAT extensions
|
||||||
|
@ -183,7 +178,6 @@ iptables extensions for extra NAT targets.
|
||||||
Targets:
|
Targets:
|
||||||
- MIRROR
|
- MIRROR
|
||||||
- NETMAP
|
- NETMAP
|
||||||
- REDIRECT
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/iptables-mod-ulog
|
define Package/iptables-mod-ulog
|
||||||
|
@ -440,7 +434,6 @@ $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
|
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
|
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
|
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
|
|
||||||
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
|
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
|
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
|
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
|
||||||
|
|
Loading…
Reference in New Issue