1 files changed, 160 insertions, 0 deletions

diff --git a/target/linux/patches/3.14.43/disable-netfilter.patch b/target/linux/patches/3.14.43/disable-netfilter.patch
new file mode 100644
index 000000000..7b1ca013a
--- /dev/null
+++ b/target/linux/patches/3.14.43/disable-netfilter.patch
@@ -0,0 +1,160 @@
+diff -Nur linux-3.7.3.orig/net/Kconfig linux-3.7.3/net/Kconfig
+--- linux-3.7.3.orig/net/Kconfig	2013-01-17 17:47:40.000000000 +0100
++++ linux-3.7.3/net/Kconfig	2013-01-19 18:19:55.000000000 +0100
+@@ -163,7 +163,7 @@
+ config NETFILTER_ADVANCED
+ 	bool "Advanced netfilter configuration"
+ 	depends on NETFILTER
+-	default y
++	default n
+ 	help
+ 	  If you say Y here you can select between all the netfilter modules.
+ 	  If you say N the more unusual ones will not be shown and the
+@@ -175,7 +175,7 @@
+ 	bool "Bridged IP/ARP packets filtering"
+ 	depends on BRIDGE && NETFILTER && INET
+ 	depends on NETFILTER_ADVANCED
+-	default y
++	default n
+ 	---help---
+ 	  Enabling this option will let arptables resp. iptables see bridged
+ 	  ARP resp. IP traffic. If you want a bridging firewall, you probably
+diff -Nur linux-3.7.3.orig/net/netfilter/Kconfig linux-3.7.3/net/netfilter/Kconfig
+--- linux-3.7.3.orig/net/netfilter/Kconfig	2013-01-17 17:47:40.000000000 +0100
++++ linux-3.7.3/net/netfilter/Kconfig	2013-01-19 18:21:41.000000000 +0100
+@@ -22,7 +22,6 @@
+ 	  
+ config NETFILTER_NETLINK_LOG
+ 	tristate "Netfilter LOG over NFNETLINK interface"
+-	default m if NETFILTER_ADVANCED=n
+ 	select NETFILTER_NETLINK
+ 	help
+ 	  If this option is enabled, the kernel will include support
+@@ -34,7 +33,6 @@
+ 
+ config NF_CONNTRACK
+ 	tristate "Netfilter connection tracking support"
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  Connection tracking keeps a record of what packets have passed
+ 	  through your machine, in order to figure out how they are related
+@@ -60,7 +58,6 @@
+ config NF_CONNTRACK_SECMARK
+ 	bool  'Connection tracking security mark support'
+ 	depends on NETWORK_SECMARK
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  This option enables security markings to be applied to
+ 	  connections.  Typically they are copied to connections from
+@@ -177,7 +174,6 @@
+ 
+ config NF_CONNTRACK_FTP
+ 	tristate "FTP protocol support"
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  Tracking FTP connections is problematic: special helpers are
+ 	  required for tracking them, and doing masquerading and other forms
+@@ -211,7 +207,6 @@
+ 
+ config NF_CONNTRACK_IRC
+ 	tristate "IRC protocol support"
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  There is a commonly-used extension to IRC called
+ 	  Direct Client-to-Client Protocol (DCC).  This enables users to send
+@@ -296,7 +291,6 @@
+ 
+ config NF_CONNTRACK_SIP
+ 	tristate "SIP protocol support"
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  SIP is an application-layer control protocol that can establish,
+ 	  modify, and terminate multimedia sessions (conferences) such as
+@@ -320,7 +314,6 @@
+ config NF_CT_NETLINK
+ 	tristate 'Connection tracking netlink interface'
+ 	select NETFILTER_NETLINK
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  This option enables support for a netlink-based userspace interface
+ 
+@@ -424,7 +417,6 @@
+ 
+ config NETFILTER_XTABLES
+ 	tristate "Netfilter Xtables support (required for ip_tables)"
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  This is required if you intend to use any of ip_tables,
+ 	  ip6_tables or arp_tables.
+@@ -435,7 +427,6 @@
+ 
+ config NETFILTER_XT_MARK
+ 	tristate 'nfmark target and match support'
+-	default m if NETFILTER_ADVANCED=n
+ 	---help---
+ 	This option adds the "MARK" target and "mark" match.
+ 
+@@ -527,7 +518,6 @@
+ config NETFILTER_XT_TARGET_CONNSECMARK
+ 	tristate '"CONNSECMARK" target support'
+ 	depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  The CONNSECMARK target copies security markings from packets
+ 	  to connections, and restores security markings from connections
+@@ -632,7 +622,6 @@
+ 
+ config NETFILTER_XT_TARGET_LOG
+ 	tristate "LOG target support"
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  This option adds a `LOG' target, which allows you to create rules in
+ 	  any iptables table which records the packet header to the syslog.
+@@ -660,7 +649,6 @@
+ 
+ config NETFILTER_XT_TARGET_NFLOG
+ 	tristate '"NFLOG" target support'
+-	default m if NETFILTER_ADVANCED=n
+ 	select NETFILTER_NETLINK_LOG
+ 	help
+ 	  This option enables the NFLOG target, which allows to LOG
+@@ -741,7 +729,6 @@
+ config NETFILTER_XT_TARGET_SECMARK
+ 	tristate '"SECMARK" target support'
+ 	depends on NETWORK_SECMARK
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  The SECMARK target allows security marking of network
+ 	  packets, for use with security subsystems.
+@@ -751,7 +738,6 @@
+ config NETFILTER_XT_TARGET_TCPMSS
+ 	tristate '"TCPMSS" target support'
+ 	depends on (IPV6 || IPV6=n)
+-	default m if NETFILTER_ADVANCED=n
+ 	---help---
+ 	  This option adds a `TCPMSS' target, which allows you to alter the
+ 	  MSS value of TCP SYN packets, to control the maximum size for that
+@@ -856,7 +842,6 @@
+ config NETFILTER_XT_MATCH_CONNTRACK
+ 	tristate '"conntrack" connection tracking match support'
+ 	depends on NF_CONNTRACK
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  This is a general conntrack match module, a superset of the state match.
+ 
+@@ -1063,7 +1048,6 @@
+ config NETFILTER_XT_MATCH_POLICY
+ 	tristate 'IPsec "policy" match support'
+ 	depends on XFRM
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  Policy matching allows you to match packets based on the
+ 	  IPsec policy that was used during decapsulation/will
+@@ -1170,7 +1154,6 @@
+ config NETFILTER_XT_MATCH_STATE
+ 	tristate '"state" match support'
+ 	depends on NF_CONNTRACK
+-	default m if NETFILTER_ADVANCED=n
+ 	help
+ 	  Connection state matching allows you to match packets based on their
+ 	  relationship to a tracked connection (ie. previous packets).  This