mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2024-11-17 20:12:11 +01:00
split ebtables packages and modules into ebtables ipv4/6 and watchers (#5001)
SVN-Revision: 16980
This commit is contained in:
parent
d85400767d
commit
0e783dde14
@ -12,6 +12,7 @@ ifeq ($(NF_KMOD),1)
|
||||
P_V4:=ipv4/netfilter/
|
||||
P_V6:=ipv6/netfilter/
|
||||
P_XT:=netfilter/
|
||||
P_EBT:=bridge/netfilter/
|
||||
endif
|
||||
|
||||
define nf_add
|
||||
@ -28,6 +29,41 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, $(P_V4)ip_t
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptable_filter),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),))
|
||||
|
||||
#
|
||||
# ebtables
|
||||
#
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,EBTABLES,CONFIG_BRIDGE_NF_EBTABLES, $(P_EBT)ebtables),))
|
||||
|
||||
# ebtables: tables
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_BROUTE, $(P_EBT)ebtable_broute))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_FILTER, $(P_EBT)ebtable_filter))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_NAT, $(P_EBT)ebtable_nat))
|
||||
|
||||
# ebtables: matches
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_802_3, $(P_EBT)ebt_802_3))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_AMONG, $(P_EBT)ebt_among))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARP, $(P_EBT)ebt_arp))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_IP, $(P_EBT)ebt_ip))
|
||||
$(eval $(call nf_add,EBTABLES_IP6,CONFIG_BRIDGE_EBT_IP6, $(P_EBT)ebt_ip6))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_LIMIT, $(P_EBT)ebt_limit))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK, $(P_EBT)ebt_mark_m))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_PKTTYPE, $(P_EBT)ebt_pkttype))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_STP, $(P_EBT)ebt_stp))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_VLAN, $(P_EBT)ebt_vlan))
|
||||
|
||||
# targets
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARPREPLY, $(P_EBT)ebt_arpreply))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK_T, $(P_EBT)ebt_mark))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_DNAT, $(P_EBT)ebt_dnat))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_REDIRECT, $(P_EBT)ebt_redirect))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
|
||||
|
||||
# watchers
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
|
||||
|
||||
# userland only
|
||||
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp)))
|
||||
|
||||
@ -297,5 +333,9 @@ IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
|
||||
IPT_BUILTIN += $(IPT_NATHELPER-y)
|
||||
IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)
|
||||
IPT_BUILTIN += $(IPT_ULOG-y)
|
||||
IPT_BUILTIN += $(EBTABLES-y)
|
||||
IPT_BUILTIN += $(EBTABLES_IP4-y)
|
||||
IPT_BUILTIN += $(EBTALTES_IP6-y)
|
||||
IPT_BUILTIN += $(EBTABLES_WATCHERS-y)
|
||||
|
||||
endif # __inc_netfilter
|
||||
|
@ -387,18 +387,67 @@ define KernelPackage/ebtables
|
||||
SUBMENU:=$(NF_MENU)
|
||||
TITLE:=Bridge firewalling modules
|
||||
DEPENDS:=@LINUX_2_6
|
||||
FILES:=$(LINUX_DIR)/net/bridge/netfilter/*.$(LINUX_KMOD_SUFFIX)
|
||||
FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
|
||||
KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
|
||||
CONFIG_BRIDGE_NF_EBTABLES
|
||||
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.$(LINUX_KMOD_SUFFIX),%,ebtables.$(LINUX_KMOD_SUFFIX) $(wildcard $(LINUX_DIR)/net/bridge/netfilter/ebtable_*.$(LINUX_KMOD_SUFFIX)) $(wildcard $(LINUX_DIR)/net/bridge/netfilter/ebt_*.$(LINUX_KMOD_SUFFIX)))))
|
||||
$(KCONFIG_EBTABLES)
|
||||
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES-m)))
|
||||
endef
|
||||
|
||||
define KernelPackage/ebtables/description
|
||||
Kernel modules for Ethernet Bridge firewalling
|
||||
ebtables is a general, extensible frame/packet identification
|
||||
framework. It provides you to do Ethernet
|
||||
filtering/NAT/brouting on the Ethernet bridge.
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ebtables))
|
||||
|
||||
define KernelPackage/ebtables-ipv4
|
||||
SUBMENU:=$(NF_MENU)
|
||||
TITLE:=ebtables: IPv4 support
|
||||
DEPENDS:= kmod-ebtables
|
||||
FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
|
||||
KCONFIG:=$(KCONFIG_EBTABLES_IP4)
|
||||
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP4-m)))
|
||||
endef
|
||||
|
||||
define KernelPackage/ebtables-ipv4/description
|
||||
This option adds the IPv4 support to ebtables, which allows basic
|
||||
IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ebtables-ipv4))
|
||||
|
||||
define KernelPackage/ebtables-ipv6
|
||||
SUBMENU:=$(NF_MENU)
|
||||
TITLE:=ebtables: IPv6 support
|
||||
DEPENDS:= kmod-ebtables
|
||||
FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
|
||||
KCONFIG:=$(KCONFIG_EBTABLES_IP6)
|
||||
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP6-m)))
|
||||
endef
|
||||
|
||||
define KernelPackage/ebtables-ipv6/description
|
||||
This option adds the IPv6 support to ebtables, which allows basic
|
||||
IPv6 header field filtering and target support.
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ebtables-ipv6))
|
||||
|
||||
define KernelPackage/ebtables-watchers
|
||||
SUBMENU:=$(NF_MENU)
|
||||
TITLE:=ebtables: watchers support
|
||||
DEPENDS:= kmod-ebtables
|
||||
FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
|
||||
KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
|
||||
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_WATCHERS-m)))
|
||||
endef
|
||||
|
||||
define KernelPackage/ebtables-watchers/description
|
||||
This option adds the log watchers, that you can use in any rule
|
||||
in any ebtables table.
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ebtables-watchers))
|
||||
|
||||
define KernelPackage/nfnetlink
|
||||
SUBMENU:=$(NF_MENU)
|
||||
|
Loading…
Reference in New Issue
Block a user