From dc5d9e714a15b8130f0d2a79f54d4f7132f39a28 Mon Sep 17 00:00:00 2001 From: Ralph Sennhauser Date: Mon, 7 Nov 2016 13:09:50 +0100 Subject: iptables: kernel: drop custom extension xt_id This extension was added specifically for use by firewall3. Since firewall-2016-11-06 no longer uses it remove it before it finds other creative uses. Should there already be such a use-case outside of OpenWrt I suggest to package this extension properly a la xtables-addons instead. Signed-off-by: Ralph Sennhauser --- include/netfilter.mk | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include/netfilter.mk') diff --git a/include/netfilter.mk b/include/netfilter.mk index 0a921f5d1c..2882d25fd7 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -38,13 +38,12 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptabl $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),)) # userland only -$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp xt_comment xt_id xt_set xt_SET))) +$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp xt_comment xt_set xt_SET))) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_LIMIT, $(P_XT)xt_limit)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_MAC, $(P_XT)xt_mac)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_MULTIPORT, $(P_XT)xt_multiport)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comment)) -$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_ID, $(P_XT)xt_id)) #cluster $(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster)) -- cgit v1.2.3