diff options
| author | Kristian Evensen <kristian.evensen@gmail.com> | 2018-01-22 18:52:28 +0100 |
|---|---|---|
| committer | John Crispin <john@phrozen.org> | 2018-02-13 10:01:52 +0100 |
| commit | 2d27ebbb9338c114b3b5403cd4eb6fc05ef1ed6a (patch) | |
| tree | d221a0c6ef81d236547b5b67a5b127112e1daa6c /include/netfilter.mk | |
| parent | f226e652f6e8bdca5ce552ef1e0e8ec98bf8ce9a (diff) | |
| download | upstream-2d27ebbb9338c114b3b5403cd4eb6fc05ef1ed6a.tar.gz upstream-2d27ebbb9338c114b3b5403cd4eb6fc05ef1ed6a.tar.bz2 upstream-2d27ebbb9338c114b3b5403cd4eb6fc05ef1ed6a.zip | |
iptables: Support building connlabel module
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Diffstat (limited to 'include/netfilter.mk')
| -rw-r--r-- | include/netfilter.mk | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index c99b6fb3f7..bad599b378 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -86,6 +86,10 @@ $(eval $(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_MATCH_RECENT, $(P_X $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_CONNMARK, $(P_XT)xt_CONNMARK))) +#conntrack-label + +$(eval $(call nf_add,IPT_CONNTRACK_LABEL,CONFIG_NETFILTER_XT_MATCH_CONNLABEL, $(P_XT)xt_connlabel)) + # extra $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, $(if $(NF_KMOD),$(P_XT)xt_addrtype,$(P_XT)ipt_addrtype))) |