From 3c06e2a90a2fc048e6ecf7634f87b238b7814ce2 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Tue, 19 May 2015 17:01:46 -0500 Subject: update netfilter configs, enable support for 3.14 kernels --- target/linux/config/Config.in.netfilter | 49 ++----------- target/linux/config/Config.in.netfilter.core | 2 - target/linux/config/Config.in.netfilter.ebt | 102 ++++++--------------------- target/linux/config/Config.in.netfilter.ip6 | 8 +-- 4 files changed, 30 insertions(+), 131 deletions(-) (limited to 'target/linux/config') diff --git a/target/linux/config/Config.in.netfilter b/target/linux/config/Config.in.netfilter index 900e9ae64..877e32357 100644 --- a/target/linux/config/Config.in.netfilter +++ b/target/linux/config/Config.in.netfilter @@ -1,114 +1,84 @@ menu "Netfilter" config ADK_KERNEL_NETFILTER - boolean - default y if ADK_PACKAGE_IPTABLES - default n + bool config ADK_KERNEL_NETFILTER_ADVANCED - boolean - default y if ADK_PACKAGE_IPTABLES - default n + bool config ADK_KERNEL_BRIDGE_NETFILTER - boolean - default y if ADK_PACKAGE_EBTABLES - default n + bool config ADK_KERNEL_NETFILTER_XTABLES tristate select ADK_KERNEL_NETFILTER select ADK_KERNEL_NETFILTER_ADVANCED - default y if ADK_PACKAGE_IPTABLES - default n config ADK_KERNEL_NETFILTER_DEBUG - boolean - default n + bool config ADK_KERNEL_IP_NF_MATCH_LAYER7_DEBUG - boolean - default n + bool config ADK_KERNEL_IP_NF_TARGET_MIRROR tristate - default n config ADK_KERNEL_IP_NF_NAT_SNMP_BASIC tristate - default n config ADK_KERNEL_IP_NF_TARGET_DSCP tristate - default n config ADK_KERNEL_IP_NF_TARGET_MARK tristate - default n config ADK_KERNEL_IP_NF_TARGET_CLASSIFY tristate - default n config ADK_KERNEL_IP_NF_TARGET_IMQ tristate - default n config ADK_KERNEL_IP_NF_TARGET_CONNMARK tristate - default n config ADK_KERNEL_IP_NF_ARPTABLES tristate - default n config ADK_KERNEL_IP_NF_COMPAT_IPCHAINS tristate - default n config ADK_KERNEL_IP_NF_COMPAT_IPFWADM tristate - default n config ADK_KERNEL_IP6_NF_QUEUE tristate - default n config ADK_KERNEL_IP6_NF_IPTABLES tristate - default n config ADK_KERNEL_IP_ROUTE_FWMARK - boolean - default n + bool config ADK_KERNEL_IP_NF_QUEUE tristate - default n config ADK_KERNEL_IP_NF_MATCH_TIME tristate - default n config ADK_KERNEL_IP_NF_MATCH_CONDITION tristate - default n config ADK_KERNEL_IP_NF_MATCH_DSCP tristate - default n config ADK_KERNEL_IP_NF_MATCH_AH_ESP tristate - default n config ADK_KERNEL_IP_NF_MATCH_LENGTH tristate - default n config ADK_KERNEL_IP_NF_MATCH_HELPER tristate - default n # cannot be ADK_KERNEL_IP_NF_MATCH_STATE because # netfilter is built as a module -> this'll always be @@ -116,34 +86,27 @@ config ADK_KERNEL_IP_NF_MATCH_HELPER config ADK_KERNEL_IP_NF_MATCH_STATE tristate select ADK_KERNEL_NETFILTER_XT_MATCH_STATE - default n config ADK_KERNEL_NETFILTER_XT_NAT tristate - default n config ADK_KERNEL_NETFILTER_XT_MATCH_STATE tristate - default n # cannot be ADK_KERNEL_IP_NF_MATCH_CONNTRACK because # netfilter is built as a module -> this'll always be # a module, too config ADK_KERNEL_NETFILTER_XT_MATCH_CONNTRACK tristate - default n config ADK_KERNEL_NETFILTER_XT_MATCH_CONNMARK tristate - default n config ADK_KERNEL_IP_NF_MATCH_UNCLEAN tristate - default n config ADK_KERNEL_IP_NF_MATCH_STRING tristate - default n menu "Core Netfilter Configuration" source target/linux/config/Config.in.netfilter.core diff --git a/target/linux/config/Config.in.netfilter.core b/target/linux/config/Config.in.netfilter.core index 4b3cb48eb..cab6278aa 100644 --- a/target/linux/config/Config.in.netfilter.core +++ b/target/linux/config/Config.in.netfilter.core @@ -138,7 +138,6 @@ config ADK_KERNEL_NETFILTER_XT_TARGET_CHECKSUM select ADK_KERNEL_NETFILTER_XTABLES select ADK_KERNEL_IP_NF_MANGLE select ADK_KERNEL_NETFILTER_ADVANCED - help config ADK_KERNEL_NETFILTER_XT_TARGET_CLASSIFY tristate '"CLASSIFY" target support' @@ -189,6 +188,5 @@ config ADK_KERNEL_NETFILTER_XT_TARGET_LOG config ADK_KERNEL_NETFILTER_XT_TARGET_TCPMSS tristate '"TCPMSS" target support' select ADK_KERNEL_NETFILTER_XTABLES - help endmenu diff --git a/target/linux/config/Config.in.netfilter.ebt b/target/linux/config/Config.in.netfilter.ebt index 16d2cab5a..ba24b49b7 100644 --- a/target/linux/config/Config.in.netfilter.ebt +++ b/target/linux/config/Config.in.netfilter.ebt @@ -1,6 +1,5 @@ config ADK_KERNEL_BRIDGE_NF_EBTABLES - prompt 'Ethernet Bridge tables support' - tristate + tristate 'Ethernet Bridge tables support' select ADK_KERNEL_BRIDGE_NETFILTER default n help @@ -9,8 +8,7 @@ config ADK_KERNEL_BRIDGE_NF_EBTABLES filtering/NAT/brouting on the Ethernet bridge. config ADK_KERNEL_BRIDGE_EBT_BROUTE - prompt "broute table support" - tristate + tristate "broute table support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -22,8 +20,7 @@ config ADK_KERNEL_BRIDGE_EBT_BROUTE To compile it as a module, choose M here. If unsure, say N. config ADK_KERNEL_BRIDGE_EBT_T_FILTER - prompt "filter table support" - tristate + tristate "filter table support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -34,8 +31,7 @@ config ADK_KERNEL_BRIDGE_EBT_T_FILTER To compile it as a module, choose M here. If unsure, say N. config ADK_KERNEL_BRIDGE_EBT_T_NAT - prompt "nat table support" - tristate + tristate "nat table support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -43,23 +39,18 @@ config ADK_KERNEL_BRIDGE_EBT_T_NAT source address (MAC SNAT) or the MAC destination address (MAC DNAT). See the man page for ebtables(8). - To compile it as a module, choose M here. If unsure, say N. # # matches # config ADK_KERNEL_BRIDGE_EBT_802_3 - prompt "802.3 filter support" - tristate + tristate "802.3 filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds matching support for 802.3 Ethernet frames. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_AMONG - prompt "among filter support" - tristate + tristate "among filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -67,44 +58,32 @@ config ADK_KERNEL_BRIDGE_EBT_AMONG and/or destination address on a list of addresses. Optionally, MAC/IP address pairs can be matched, f.e. for anti-spoofing rules. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_ARP - prompt "ARP filter support" - tristate + tristate "ARP filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds the ARP match, which allows ARP and RARP header field filtering. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_IP - prompt "IP filter support" - tristate + tristate "IP filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds the IP match, which allows basic IP header field filtering. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_IP6 - prompt "IP6 filter support" - tristate + tristate "IP6 filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES && ADK_KERNEL_IPV6 default n help This option adds the IP6 match, which allows basic IPV6 header field filtering. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_LIMIT - prompt "limit match support" - tristate + tristate "limit match support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -112,12 +91,8 @@ config ADK_KERNEL_BRIDGE_EBT_LIMIT the rate at which a rule can be matched. This match is the equivalent of the iptables limit match. - If you want to compile it as a module, say M here and read - . If unsure, say `N'. - config ADK_KERNEL_BRIDGE_EBT_MARK - prompt "mark filter support" - tristate + tristate "mark filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -126,11 +101,8 @@ config ADK_KERNEL_BRIDGE_EBT_MARK This value is the same as the one used in the iptables mark match and target. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_PKTTYPE - prompt "packet type filter support" - tristate + tristate "packet type filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -139,57 +111,43 @@ config ADK_KERNEL_BRIDGE_EBT_PKTTYPE the generic networking code): broadcast, multicast, for this host alone or for another host. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_STP - prompt "STP filter support" - tristate + tristate "STP filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds the Spanning Tree Protocol match, which allows STP header field filtering. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_VLAN - prompt "802.1Q VLAN filter support" - tristate + tristate "802.1Q VLAN filter support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds the 802.1Q vlan match, which allows the filtering of 802.1Q vlan fields. - To compile it as a module, choose M here. If unsure, say N. # # targets # config ADK_KERNEL_BRIDGE_EBT_ARPREPLY - prompt "arp reply target support" - tristate + tristate "arp reply target support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds the arp reply target, which allows automatically sending arp replies to arp requests. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_DNAT - prompt "dnat target support" - tristate + tristate "dnat target support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds the MAC DNAT target, which allows altering the MAC destination address of frames. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_MARK_T - prompt "mark target support" - tristate + tristate "mark target support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -198,35 +156,27 @@ config ADK_KERNEL_BRIDGE_EBT_MARK_T This value is the same as the one used in the iptables mark match and target. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_REDIRECT - prompt "redirect target support" - tristate + tristate "redirect target support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds the MAC redirect target, which allows altering the MAC destination address of a frame to that of the device it arrived on. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_SNAT - prompt "snat target support" - tristate + tristate "snat target support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help This option adds the MAC SNAT target, which allows altering the MAC source address of frames. - To compile it as a module, choose M here. If unsure, say N. # # watchers # config ADK_KERNEL_BRIDGE_EBT_LOG - prompt "log support" - tristate + tristate "log support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -234,11 +184,8 @@ config ADK_KERNEL_BRIDGE_EBT_LOG in any ebtables table. It records info about the frame header to the syslog. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_ULOG - prompt "ulog support" - tristate + tristate "ulog support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -253,11 +200,8 @@ config ADK_KERNEL_BRIDGE_EBT_ULOG sent to userspace instead of a descriptive text and that netlink multicast sockets are used instead of the syslog. - To compile it as a module, choose M here. If unsure, say N. - config ADK_KERNEL_BRIDGE_EBT_NFLOG - prompt "nflog support" - tristate + tristate "nflog support" depends on ADK_KERNEL_BRIDGE_NF_EBTABLES default n help @@ -269,5 +213,3 @@ config ADK_KERNEL_BRIDGE_EBT_NFLOG This option adds the nflog watcher, that you can use in any rule in any ebtables table. - To compile it as a module, choose M here. If unsure, say N. - diff --git a/target/linux/config/Config.in.netfilter.ip6 b/target/linux/config/Config.in.netfilter.ip6 index 1999f21b6..1690d3d32 100644 --- a/target/linux/config/Config.in.netfilter.ip6 +++ b/target/linux/config/Config.in.netfilter.ip6 @@ -3,7 +3,6 @@ config ADK_KERNEL_NF_CONNTRACK_IPV6 tristate select ADK_KERNEL_NF_CONNTRACK select ADK_KERNEL_IPV6 - default y if ADK_TARGET_IPTABLES default n help Connection tracking keeps a record of what packets have passed @@ -20,7 +19,6 @@ config ADK_KERNEL_IP6_NF_IPTABLES tristate "IP6 tables support (required for filtering)" select ADK_KERNEL_NETFILTER_XTABLES select ADK_KERNEL_IPV6 - default y if ADK_TARGET_IPTABLES default n help ip6tables is a general, extensible packet identification framework. @@ -91,9 +89,7 @@ config ADK_KERNEL_IP6_NF_MATCH_RT # The targets config ADK_KERNEL_IP6_NF_FILTER - prompt "Packet filtering" - tristate - default y if ADK_TARGET_IPTABLES + tristate "Packet filtering" default n help Packet filtering defines a table `filter', which has a series of @@ -122,7 +118,7 @@ config ADK_KERNEL_IP6_NF_MANGLE To compile it as a module, choose M here. If unsure, say N. config ADK_KERNEL_IP6_NF_RAW - tristate 'raw table support (required for TRACE)' + tristate 'raw table support (required for TRACE)' help This option adds a `raw' table to ip6tables. This table is the very first in the netfilter framework and hooks in at the PREROUTING -- cgit v1.2.3