From e327b2365a9b1c11e77c537ce7a89c81c2f1cd4a Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Mon, 8 Jul 2013 15:30:08 +0200 Subject: update kernels --- target/linux/patches/3.9.8/disable-netfilter.patch | 160 +++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 target/linux/patches/3.9.8/disable-netfilter.patch (limited to 'target/linux/patches/3.9.8/disable-netfilter.patch') diff --git a/target/linux/patches/3.9.8/disable-netfilter.patch b/target/linux/patches/3.9.8/disable-netfilter.patch new file mode 100644 index 000000000..7b1ca013a --- /dev/null +++ b/target/linux/patches/3.9.8/disable-netfilter.patch @@ -0,0 +1,160 @@ +diff -Nur linux-3.7.3.orig/net/Kconfig linux-3.7.3/net/Kconfig +--- linux-3.7.3.orig/net/Kconfig 2013-01-17 17:47:40.000000000 +0100 ++++ linux-3.7.3/net/Kconfig 2013-01-19 18:19:55.000000000 +0100 +@@ -163,7 +163,7 @@ + config NETFILTER_ADVANCED + bool "Advanced netfilter configuration" + depends on NETFILTER +- default y ++ default n + help + If you say Y here you can select between all the netfilter modules. + If you say N the more unusual ones will not be shown and the +@@ -175,7 +175,7 @@ + bool "Bridged IP/ARP packets filtering" + depends on BRIDGE && NETFILTER && INET + depends on NETFILTER_ADVANCED +- default y ++ default n + ---help--- + Enabling this option will let arptables resp. iptables see bridged + ARP resp. IP traffic. If you want a bridging firewall, you probably +diff -Nur linux-3.7.3.orig/net/netfilter/Kconfig linux-3.7.3/net/netfilter/Kconfig +--- linux-3.7.3.orig/net/netfilter/Kconfig 2013-01-17 17:47:40.000000000 +0100 ++++ linux-3.7.3/net/netfilter/Kconfig 2013-01-19 18:21:41.000000000 +0100 +@@ -22,7 +22,6 @@ + + config NETFILTER_NETLINK_LOG + tristate "Netfilter LOG over NFNETLINK interface" +- default m if NETFILTER_ADVANCED=n + select NETFILTER_NETLINK + help + If this option is enabled, the kernel will include support +@@ -34,7 +33,6 @@ + + config NF_CONNTRACK + tristate "Netfilter connection tracking support" +- default m if NETFILTER_ADVANCED=n + help + Connection tracking keeps a record of what packets have passed + through your machine, in order to figure out how they are related +@@ -60,7 +58,6 @@ + config NF_CONNTRACK_SECMARK + bool 'Connection tracking security mark support' + depends on NETWORK_SECMARK +- default m if NETFILTER_ADVANCED=n + help + This option enables security markings to be applied to + connections. Typically they are copied to connections from +@@ -177,7 +174,6 @@ + + config NF_CONNTRACK_FTP + tristate "FTP protocol support" +- default m if NETFILTER_ADVANCED=n + help + Tracking FTP connections is problematic: special helpers are + required for tracking them, and doing masquerading and other forms +@@ -211,7 +207,6 @@ + + config NF_CONNTRACK_IRC + tristate "IRC protocol support" +- default m if NETFILTER_ADVANCED=n + help + There is a commonly-used extension to IRC called + Direct Client-to-Client Protocol (DCC). This enables users to send +@@ -296,7 +291,6 @@ + + config NF_CONNTRACK_SIP + tristate "SIP protocol support" +- default m if NETFILTER_ADVANCED=n + help + SIP is an application-layer control protocol that can establish, + modify, and terminate multimedia sessions (conferences) such as +@@ -320,7 +314,6 @@ + config NF_CT_NETLINK + tristate 'Connection tracking netlink interface' + select NETFILTER_NETLINK +- default m if NETFILTER_ADVANCED=n + help + This option enables support for a netlink-based userspace interface + +@@ -424,7 +417,6 @@ + + config NETFILTER_XTABLES + tristate "Netfilter Xtables support (required for ip_tables)" +- default m if NETFILTER_ADVANCED=n + help + This is required if you intend to use any of ip_tables, + ip6_tables or arp_tables. +@@ -435,7 +427,6 @@ + + config NETFILTER_XT_MARK + tristate 'nfmark target and match support' +- default m if NETFILTER_ADVANCED=n + ---help--- + This option adds the "MARK" target and "mark" match. + +@@ -527,7 +518,6 @@ + config NETFILTER_XT_TARGET_CONNSECMARK + tristate '"CONNSECMARK" target support' + depends on NF_CONNTRACK && NF_CONNTRACK_SECMARK +- default m if NETFILTER_ADVANCED=n + help + The CONNSECMARK target copies security markings from packets + to connections, and restores security markings from connections +@@ -632,7 +622,6 @@ + + config NETFILTER_XT_TARGET_LOG + tristate "LOG target support" +- default m if NETFILTER_ADVANCED=n + help + This option adds a `LOG' target, which allows you to create rules in + any iptables table which records the packet header to the syslog. +@@ -660,7 +649,6 @@ + + config NETFILTER_XT_TARGET_NFLOG + tristate '"NFLOG" target support' +- default m if NETFILTER_ADVANCED=n + select NETFILTER_NETLINK_LOG + help + This option enables the NFLOG target, which allows to LOG +@@ -741,7 +729,6 @@ + config NETFILTER_XT_TARGET_SECMARK + tristate '"SECMARK" target support' + depends on NETWORK_SECMARK +- default m if NETFILTER_ADVANCED=n + help + The SECMARK target allows security marking of network + packets, for use with security subsystems. +@@ -751,7 +738,6 @@ + config NETFILTER_XT_TARGET_TCPMSS + tristate '"TCPMSS" target support' + depends on (IPV6 || IPV6=n) +- default m if NETFILTER_ADVANCED=n + ---help--- + This option adds a `TCPMSS' target, which allows you to alter the + MSS value of TCP SYN packets, to control the maximum size for that +@@ -856,7 +842,6 @@ + config NETFILTER_XT_MATCH_CONNTRACK + tristate '"conntrack" connection tracking match support' + depends on NF_CONNTRACK +- default m if NETFILTER_ADVANCED=n + help + This is a general conntrack match module, a superset of the state match. + +@@ -1063,7 +1048,6 @@ + config NETFILTER_XT_MATCH_POLICY + tristate 'IPsec "policy" match support' + depends on XFRM +- default m if NETFILTER_ADVANCED=n + help + Policy matching allows you to match packets based on the + IPsec policy that was used during decapsulation/will +@@ -1170,7 +1154,6 @@ + config NETFILTER_XT_MATCH_STATE + tristate '"state" match support' + depends on NF_CONNTRACK +- default m if NETFILTER_ADVANCED=n + help + Connection state matching allows you to match packets based on their + relationship to a tracked connection (ie. previous packets). This -- cgit v1.2.3