3 # Copyright (C) 2006-2008 OpenWrt.org
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
9 NF_MENU:=Netfilter Extensions
11 include $(INCLUDE_DIR)/netfilter.mk
13 define KernelPackage/ipt-core
16 KCONFIG:=$(KCONFIG_IPT_CORE)
17 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
18 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
21 define KernelPackage/ipt-core/description
22 Netfilter core kernel modules
38 $(eval $(call KernelPackage,ipt-core))
41 define KernelPackage/ipt/Depends
43 DEPENDS:= kmod-ipt-core $(1)
47 define KernelPackage/ipt-conntrack
48 $(call KernelPackage/ipt/Depends,)
49 TITLE:=Basic connection tracking modules
50 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
51 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
52 AUTOLOAD:=$(call AutoLoad,41,$(notdir $(IPT_CONNTRACK-m)))
55 define KernelPackage/ipt-conntrack/description
56 Netfilter (IPv4) kernel modules for connection tracking
66 $(eval $(call KernelPackage,ipt-conntrack))
69 define KernelPackage/ipt-conntrack-extra
70 $(call KernelPackage/ipt/Depends,+kmod-ipt-conntrack)
71 TITLE:=Extra connection tracking modules
72 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
73 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
74 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
77 define KernelPackage/ipt-conntrack-extra/description
78 Netfilter (IPv4) extra kernel modules for connection tracking
87 $(eval $(call KernelPackage,ipt-conntrack-extra))
90 define KernelPackage/ipt-filter
91 $(call KernelPackage/ipt/Depends,+LINUX_2_6:kmod-textsearch)
92 TITLE:=Modules for packet content inspection
93 KCONFIG:=$(KCONFIG_IPT_FILTER)
94 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
95 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m)))
98 define KernelPackage/ipt-filter/description
99 Netfilter (IPv4) kernel modules for packet content inspection
107 $(eval $(call KernelPackage,ipt-filter))
110 define KernelPackage/ipt-ipopt
111 $(call KernelPackage/ipt/Depends,)
112 TITLE:=Modules for matching/changing IP packet options
113 KCONFIG:=$(KCONFIG_IPT_IPOPT)
114 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
115 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPOPT-m)))
118 define KernelPackage/ipt-ipopt/description
119 Netfilter (IPv4) modules for matching/changing IP packet options
147 $(eval $(call KernelPackage,ipt-ipopt))
150 define KernelPackage/ipt-ipsec
151 $(call KernelPackage/ipt/Depends,)
152 TITLE:=Modules for matching IPSec packets
153 KCONFIG:=$(KCONFIG_IPT_IPSEC)
154 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
155 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSEC-m)))
158 define KernelPackage/ipt-ipsec/description
159 Netfilter (IPv4) modules for matching IPSec packets
167 $(eval $(call KernelPackage,ipt-ipsec))
170 define KernelPackage/ipt-nat
171 $(call KernelPackage/ipt/Depends,+kmod-ipt-conntrack)
172 TITLE:=Basic NAT targets
173 KCONFIG:=$(KCONFIG_IPT_NAT)
174 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
175 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT-m)))
178 define KernelPackage/ipt-nat/description
179 Netfilter (IPv4) kernel modules for basic NAT targets
184 $(eval $(call KernelPackage,ipt-nat))
187 define KernelPackage/ipt-nat-extra
188 $(call KernelPackage/ipt/Depends,+kmod-ipt-nat)
189 TITLE:=Extra NAT targets
190 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
191 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
192 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT_EXTRA-m)))
195 define KernelPackage/ipt-nat-extra/description
196 Netfilter (IPv4) kernel modules for extra NAT targets
203 $(eval $(call KernelPackage,ipt-nat-extra))
206 define KernelPackage/ipt-nathelper
207 $(call KernelPackage/ipt/Depends,+kmod-ipt-nat)
208 TITLE:=Basic Conntrack and NAT helpers
209 KCONFIG:=$(KCONFIG_IPT_NATHELPER)
210 FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
211 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER-m)))
214 define KernelPackage/ipt-nathelper/description
215 Default Netfilter (IPv4) Conntrack and NAT helpers
230 $(eval $(call KernelPackage,ipt-nathelper))
233 define KernelPackage/ipt-nathelper-extra
234 $(call KernelPackage/ipt/Depends,+kmod-ipt-nat +LINUX_2_6:kmod-textsearch)
235 TITLE:=Extra Conntrack and NAT helpers
236 KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
237 FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
238 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m)))
241 define KernelPackage/ipt-nathelper-extra/description
242 Extra Netfilter (IPv4) Conntrack and NAT helpers
244 - ip_conntrack_amanda
245 - nf_conntrack_amanda
247 - ip_conntrack_proto_gre
249 - nf_conntrack_proto_gre
273 $(eval $(call KernelPackage,ipt-nathelper-extra))
276 define KernelPackage/ipt-imq
277 $(call KernelPackage/ipt/Depends,)
278 TITLE:=Intermediate Queueing support
281 CONFIG_IMQ_BEHAVIOR_BA=y \
282 CONFIG_IMQ_NUM_DEVS=2 \
283 CONFIG_NETFILTER_XT_TARGET_IMQ
285 $(LINUX_DIR)/drivers/net/imq.$(LINUX_KMOD_SUFFIX) \
286 $(foreach mod,$(IPT_IMQ-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
287 AUTOLOAD:=$(call AutoLoad,45,$(notdir \
293 define KernelPackage/ipt-imq/description
294 Kernel support for Intermediate Queueing devices
297 $(eval $(call KernelPackage,ipt-imq))
300 define KernelPackage/ipt-queue
301 $(call KernelPackage/ipt/Depends,)
302 TITLE:=Module for user-space packet queueing
303 KCONFIG:=$(KCONFIG_IPT_QUEUE)
304 FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
305 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_QUEUE-m)))
308 define KernelPackage/ipt-queue/description
309 Netfilter (IPv4) module for user-space packet queueing
314 $(eval $(call KernelPackage,ipt-queue))
317 define KernelPackage/ipt-ulog
318 $(call KernelPackage/ipt/Depends,)
319 TITLE:=Module for user-space packet logging
320 KCONFIG:=$(KCONFIG_IPT_ULOG)
321 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
322 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_ULOG-m)))
325 define KernelPackage/ipt-ulog/description
326 Netfilter (IPv4) module for user-space packet logging
331 $(eval $(call KernelPackage,ipt-ulog))
334 define KernelPackage/ipt-iprange
335 $(call KernelPackage/ipt/Depends,)
336 TITLE:=Module for matching ip ranges
337 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
338 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
339 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPRANGE-m)))
342 define KernelPackage/ipt-iprange/description
343 Netfilter (IPv4) module for matching ip ranges
348 $(eval $(call KernelPackage,ipt-iprange))
351 define KernelPackage/ipt-extra
352 $(call KernelPackage/ipt/Depends,)
354 KCONFIG:=$(KCONFIG_IPT_EXTRA)
355 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
356 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_EXTRA-m)))
359 define KernelPackage/ipt-extra/description
360 Other Netfilter (IPv4) kernel modules
370 $(eval $(call KernelPackage,ipt-extra))
373 define KernelPackage/ip6tables
377 KCONFIG:=$(KCONFIG_IPT_IPV6)
378 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
379 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
382 define KernelPackage/ip6tables/description
383 Netfilter IPv6 firewalling support
386 $(eval $(call KernelPackage,ip6tables))
389 define KernelPackage/arptables
391 TITLE:=ARP firewalling modules
392 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)
393 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
394 CONFIG_IP_NF_ARPFILTER \
395 CONFIG_IP_NF_ARP_MANGLE
396 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.$(LINUX_KMOD_SUFFIX),%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)))))
399 define KernelPackage/arptables/description
400 Kernel modules for ARP firewalling
403 $(eval $(call KernelPackage,arptables))
406 define KernelPackage/ebtables
408 TITLE:=Bridge firewalling modules
410 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
411 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
413 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES-m)))
416 define KernelPackage/ebtables/description
417 ebtables is a general, extensible frame/packet identification
418 framework. It provides you to do Ethernet
419 filtering/NAT/brouting on the Ethernet bridge.
422 $(eval $(call KernelPackage,ebtables))
425 define KernelPackage/ebtables/Depends
427 DEPENDS:=kmod-ebtables $(1)
431 define KernelPackage/ebtables-ipv4
432 $(call KernelPackage/ebtables/Depends,)
433 TITLE:=ebtables: IPv4 support
434 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
435 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
436 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP4-m)))
439 define KernelPackage/ebtables-ipv4/description
440 This option adds the IPv4 support to ebtables, which allows basic
441 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
444 $(eval $(call KernelPackage,ebtables-ipv4))
447 define KernelPackage/ebtables-ipv6
448 $(call KernelPackage/ebtables/Depends,)
449 TITLE:=ebtables: IPv6 support
450 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
451 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
452 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP6-m)))
455 define KernelPackage/ebtables-ipv6/description
456 This option adds the IPv6 support to ebtables, which allows basic
457 IPv6 header field filtering and target support.
460 $(eval $(call KernelPackage,ebtables-ipv6))
463 define KernelPackage/ebtables-watchers
464 $(call KernelPackage/ebtables/Depends,)
465 TITLE:=ebtables: watchers support
466 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
467 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
468 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_WATCHERS-m)))
471 define KernelPackage/ebtables-watchers/description
472 This option adds the log watchers, that you can use in any rule
473 in any ebtables table.
476 $(eval $(call KernelPackage,ebtables-watchers))
479 define KernelPackage/nfnetlink
481 TITLE:=Netlink-based userspace interface
482 DEPENDS:=@LINUX_2_6 +kmod-ipt-core
483 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.$(LINUX_KMOD_SUFFIX)
484 KCONFIG:=CONFIG_NETFILTER_NETLINK
485 AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
488 define KernelPackage/nfnetlink/description
489 Kernel modules support for a netlink-based userspace interface
492 $(eval $(call KernelPackage,nfnetlink))
495 define KernelPackage/nfnetlink/Depends
497 DEPENDS:=@LINUX_2_6 +kmod-nfnetlink $(1)
501 define KernelPackage/nfnetlink-log
502 $(call KernelPackage/nfnetlink/Depends,)
503 TITLE:=Netfilter LOG over NFNETLINK interface
504 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.$(LINUX_KMOD_SUFFIX)
505 KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
506 AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log)
509 define KernelPackage/nfnetlink-log/description
510 Kernel modules support for logging packets via NFNETLINK
513 $(eval $(call KernelPackage,nfnetlink-log))
516 define KernelPackage/nfnetlink-queue
517 $(call KernelPackage/nfnetlink/Depends,)
518 TITLE:=Netfilter QUEUE over NFNETLINK interface
519 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.$(LINUX_KMOD_SUFFIX)
520 KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
521 AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue)
524 define KernelPackage/nfnetlink-queue/description
525 Kernel modules support for queueing packets via NFNETLINK
528 $(eval $(call KernelPackage,nfnetlink-queue))
531 define KernelPackage/nf-conntrack-netlink
532 $(call KernelPackage/nfnetlink/Depends,+kmod-ipt-conntrack)
533 TITLE:=Connection tracking netlink interface
534 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.$(LINUX_KMOD_SUFFIX)
535 KCONFIG:=CONFIG_NF_CT_NETLINK
536 AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink)
539 define KernelPackage/nf-conntrack-netlink/description
540 Kernel modules support for a netlink-based connection tracking
544 $(eval $(call KernelPackage,nf-conntrack-netlink))