summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2006-11-19 01:03:47 +0000
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2006-11-19 01:03:47 +0000
commit74a5d18a1f951ef6ae29ee72b72198e41ffe51c4 (patch)
treeaad29c03ca9825007b47b992f24090bdd9efb3a1
parent6ed76af34a2393bf63049295954821f32e4e075c (diff)
reorganize nat helper packages, move ftp and irc nat to a package that is enabled by default, for security reasons - see #917 for more information
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@5581 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--include/netfilter.mk8
-rw-r--r--package/kernel/modules/netfilter.mk20
-rw-r--r--target/linux/ar531x-2.4/config8
-rw-r--r--target/linux/ar7-2.4/config8
-rw-r--r--target/linux/aruba-2.6/config4
-rw-r--r--target/linux/au1000-2.6/config8
-rw-r--r--target/linux/brcm-2.4/config8
-rw-r--r--target/linux/brcm-2.6/config8
-rw-r--r--target/linux/brcm63xx-2.6/config8
-rw-r--r--target/linux/ixp4xx-2.6/config8
-rw-r--r--target/linux/magicbox-2.6/config4
-rw-r--r--target/linux/rb532-2.6/config8
-rw-r--r--target/linux/sibyte-2.6/config8
-rw-r--r--target/linux/x86-2.6/config8
14 files changed, 69 insertions, 47 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index ba1512e14a..1d8f4d880e 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -85,6 +85,13 @@ IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += $(P_V4)ipt_MIRROR
IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += $(P_V4)ipt_REDIRECT
IPT_NAT-$(CONFIG_IP_NF_TARGET_NETMAP) += $(P_V4)ipt_NETMAP
+IPT_NAT_DEFAULT-m :=
+IPT_NAT_DEFAULT-$(CONFIG_IP_NF_FTP) += $(P_V4)ip_conntrack_ftp
+IPT_NAT_DEFAULT-$(CONFIG_IP_NF_NAT_FTP) += $(P_V4)ip_nat_ftp
+IPT_NAT_DEFAULT-$(CONFIG_IP_NF_IRC) += $(P_V4)ip_conntrack_irc
+IPT_NAT_DEFAULT-$(CONFIG_IP_NF_NAT_IRC) += $(P_V4)ip_nat_irc
+IPT_NAT_DEFAULT-$(CONFIG_IP_NF_TFTP) += $(P_V4)ip_conntrack_tftp
+
IPT_NAT_EXTRA-m :=
IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += $(P_V4)ip_conntrack_amanda
IPT_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += $(P_V4)ip_conntrack_proto_gre
@@ -102,7 +109,6 @@ IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SIP) += $(P_V4)ip_nat_sip
IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += $(P_V4)ip_nat_snmp_basic
IPT_NAT_EXTRA-$(CONFIG_IP_NF_SIP) += $(P_V4)ip_conntrack_sip
IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SIP) += $(P_V4)ip_nat_sip
-IPT_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += $(P_V4)ip_conntrack_tftp
IPT_QUEUE-m :=
IPT_QUEUE-$(CONFIG_IP_NF_QUEUE) += $(P_V4)ip_queue
diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk
index 6f3994c121..8a99a27ecf 100644
--- a/package/kernel/modules/netfilter.mk
+++ b/package/kernel/modules/netfilter.mk
@@ -81,6 +81,23 @@ endef
$(eval $(call KernelPackage,ipt-nat))
define KernelPackage/ipt-nathelper
+ TITLE:=Default Conntrack and NAT helpers
+ DEFAULT:=y
+ DESCRIPTION:=\
+ Default Netfilter (IPv4) Conntrack and NAT helpers \\\
+ \\\
+ Includes: \\\
+ - ip_conntrack_ftp \\\
+ - ip_nat_ftp \\\
+ - ip_conntrack_irc \\\
+ - ip_nat_irc \\\
+ - ip_conntrack_tftp
+ FILES:=$(foreach mod,$(IPT_NAT_DEFAULT-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
+ SUBMENU:=$(NFMENU)
+endef
+$(eval $(call KernelPackage,ipt-nathelper))
+
+define KernelPackage/ipt-nathelper-extra
TITLE:=Extra Conntrack and NAT helpers
DESCRIPTION:=\
Extra Netfilter (IPv4) Conntrack and NAT helpers \\\
@@ -93,8 +110,7 @@ define KernelPackage/ipt-nathelper
- ip_nat_pptp \\\
- ip_conntrack_sip \\\
- ip_nat_sip \\\
- - ip_nat_snmp_basic \\\
- - ip_conntrack_tftp
+ - ip_nat_snmp_basic
FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/$(mod).$(LINUX_KMOD_SUFFIX))
SUBMENU:=$(NFMENU)
endef
diff --git a/target/linux/ar531x-2.4/config b/target/linux/ar531x-2.4/config
index b779045163..49b26cdd00 100644
--- a/target/linux/ar531x-2.4/config
+++ b/target/linux/ar531x-2.4/config
@@ -357,10 +357,10 @@ CONFIG_NET_IPGRE=m
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CONNTRACK_MARK=y
-CONFIG_IP_NF_FTP=y
+CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_TFTP=m
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_CT_ACCT=m
CONFIG_IP_NF_MATCH_CONNBYTES=m
CONFIG_IP_NF_CT_PROTO_GRE=m
@@ -422,8 +422,8 @@ CONFIG_IP_NF_NAT_H323=m
CONFIG_IP_NF_NAT_RTSP=m
CONFIG_IP_NF_NAT_MMS=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=m
diff --git a/target/linux/ar7-2.4/config b/target/linux/ar7-2.4/config
index 2d3acae5e4..adc39d56e3 100644
--- a/target/linux/ar7-2.4/config
+++ b/target/linux/ar7-2.4/config
@@ -339,10 +339,10 @@ CONFIG_NET_IPGRE=m
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CONNTRACK_MARK=y
-CONFIG_IP_NF_FTP=y
+CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_TFTP=m
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_CT_ACCT=m
CONFIG_IP_NF_MATCH_CONNBYTES=m
CONFIG_IP_NF_CT_PROTO_GRE=m
@@ -405,8 +405,8 @@ CONFIG_IP_NF_NAT_MMS=m
CONFIG_IP_NF_NAT_RTSP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=m
diff --git a/target/linux/aruba-2.6/config b/target/linux/aruba-2.6/config
index a0df432a8d..438bb881ac 100644
--- a/target/linux/aruba-2.6/config
+++ b/target/linux/aruba-2.6/config
@@ -313,7 +313,7 @@ CONFIG_IP_NF_CT_ACCT=y
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
-CONFIG_IP_NF_FTP=y
+CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=m
@@ -352,7 +352,7 @@ CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
diff --git a/target/linux/au1000-2.6/config b/target/linux/au1000-2.6/config
index 7452a4a915..b1b221f40b 100644
--- a/target/linux/au1000-2.6/config
+++ b/target/linux/au1000-2.6/config
@@ -380,8 +380,8 @@ CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
-CONFIG_IP_NF_FTP=y
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_FTP=m
+CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
@@ -418,8 +418,8 @@ CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
diff --git a/target/linux/brcm-2.4/config b/target/linux/brcm-2.4/config
index 68299fbe14..fed5af7a71 100644
--- a/target/linux/brcm-2.4/config
+++ b/target/linux/brcm-2.4/config
@@ -353,10 +353,10 @@ CONFIG_NET_IPGRE=m
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CONNTRACK_MARK=y
-CONFIG_IP_NF_FTP=y
+CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_TFTP=m
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_CT_ACCT=m
CONFIG_IP_NF_MATCH_CONNBYTES=m
CONFIG_IP_NF_CT_PROTO_GRE=m
@@ -418,8 +418,8 @@ CONFIG_IP_NF_NAT_H323=m
CONFIG_IP_NF_NAT_RTSP=m
CONFIG_IP_NF_NAT_MMS=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=m
diff --git a/target/linux/brcm-2.6/config b/target/linux/brcm-2.6/config
index 65c82729bb..9c3c5f6513 100644
--- a/target/linux/brcm-2.6/config
+++ b/target/linux/brcm-2.6/config
@@ -355,8 +355,8 @@ CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
-CONFIG_IP_NF_FTP=y
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_FTP=m
+CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
@@ -393,8 +393,8 @@ CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
diff --git a/target/linux/brcm63xx-2.6/config b/target/linux/brcm63xx-2.6/config
index 2146e8309c..ec86fa3b9f 100644
--- a/target/linux/brcm63xx-2.6/config
+++ b/target/linux/brcm63xx-2.6/config
@@ -381,8 +381,8 @@ CONFIG_IP_NF_CT_ACCT=y
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
-CONFIG_IP_NF_FTP=y
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_FTP=m
+CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_AMANDA=m
@@ -419,8 +419,8 @@ CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
diff --git a/target/linux/ixp4xx-2.6/config b/target/linux/ixp4xx-2.6/config
index 90292ec9f8..a9b2418fcf 100644
--- a/target/linux/ixp4xx-2.6/config
+++ b/target/linux/ixp4xx-2.6/config
@@ -317,8 +317,8 @@ CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
-CONFIG_IP_NF_FTP=y
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_FTP=m
+CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
# CONFIG_IP_NF_TFTP is not set
# CONFIG_IP_NF_AMANDA is not set
@@ -355,8 +355,8 @@ CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_H323=m
CONFIG_IP_NF_NAT_SIP=m
CONFIG_IP_NF_MANGLE=y
diff --git a/target/linux/magicbox-2.6/config b/target/linux/magicbox-2.6/config
index c96576d1c8..ab75eab923 100644
--- a/target/linux/magicbox-2.6/config
+++ b/target/linux/magicbox-2.6/config
@@ -264,7 +264,7 @@ CONFIG_IP_NF_CT_ACCT=y
# CONFIG_IP_NF_CONNTRACK_MARK is not set
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
-CONFIG_IP_NF_FTP=y
+CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=m
@@ -303,7 +303,7 @@ CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=m
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
diff --git a/target/linux/rb532-2.6/config b/target/linux/rb532-2.6/config
index 0e04b1fa33..2d2138261a 100644
--- a/target/linux/rb532-2.6/config
+++ b/target/linux/rb532-2.6/config
@@ -340,8 +340,8 @@ CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
-CONFIG_IP_NF_FTP=y
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_FTP=m
+CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
@@ -378,8 +378,8 @@ CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
diff --git a/target/linux/sibyte-2.6/config b/target/linux/sibyte-2.6/config
index ebb32c48ad..aa0991c94d 100644
--- a/target/linux/sibyte-2.6/config
+++ b/target/linux/sibyte-2.6/config
@@ -362,8 +362,8 @@ CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
# CONFIG_IP_NF_CT_PROTO_SCTP is not set
-CONFIG_IP_NF_FTP=y
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_FTP=m
+CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
@@ -401,8 +401,8 @@ CONFIG_IP_NF_TARGET_ROUTE=m
# CONFIG_IP_NF_TARGET_NETMAP is not set
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
diff --git a/target/linux/x86-2.6/config b/target/linux/x86-2.6/config
index 708f4c0804..cd1893ec74 100644
--- a/target/linux/x86-2.6/config
+++ b/target/linux/x86-2.6/config
@@ -392,8 +392,8 @@ CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
# CONFIG_IP_NF_CONNTRACK_EVENTS is not set
CONFIG_IP_NF_CT_PROTO_SCTP=m
-CONFIG_IP_NF_FTP=y
-CONFIG_IP_NF_IRC=y
+CONFIG_IP_NF_FTP=m
+CONFIG_IP_NF_IRC=m
# CONFIG_IP_NF_NETBIOS_NS is not set
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
@@ -430,8 +430,8 @@ CONFIG_IP_NF_TARGET_ROUTE=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
-CONFIG_IP_NF_NAT_IRC=y
-CONFIG_IP_NF_NAT_FTP=y
+CONFIG_IP_NF_NAT_IRC=m
+CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m