diff options
author | Felix Fietkau <nbd@openwrt.org> | 2014-11-03 22:01:45 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2014-11-03 22:01:45 +0000 |
commit | 224bfe9779e7702748a450cc700742ec065c0fa2 (patch) | |
tree | 78f139902a1d4008c5aefc5209b07f749d7d9e62 /include | |
parent | 1b0343012a2aeb8fd6e06fadd79daba7a2db59d9 (diff) | |
download | upstream-224bfe9779e7702748a450cc700742ec065c0fa2.tar.gz upstream-224bfe9779e7702748a450cc700742ec065c0fa2.tar.bz2 upstream-224bfe9779e7702748a450cc700742ec065c0fa2.zip |
netfilter: Enable compiling iptables match cluster
This patch adds the userspace and kernelspace for
- match NETFILTER_XT_MATCH_CLUSTER
This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
This module allows you to configure a simple cluster of nodes
that share a certain IP and MAC address
without an explicit load balancer in front of them.
Connections are statically distributed between the nodes in this cluster.
This is used i.e. by strongswan-ha.
Signed-off-by: Christian Scheele <cs@embedd.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43174 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'include')
-rw-r--r-- | include/netfilter.mk | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index fd119c5f85..72c66d955e 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -46,6 +46,9 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_MULTIPORT, $(P_XT)xt_mul $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comment)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_ID, $(P_XT)xt_id)) +#cluster +$(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster)) + $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG, ge 3.4.0)) $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_LOG, $(P_V4)ipt_LOG, lt 3.4.0)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS)) @@ -126,6 +129,8 @@ $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_HL, $(P_XT)xt_HL)) # iprange $(eval $(call nf_add,IPT_IPRANGE,CONFIG_NETFILTER_XT_MATCH_IPRANGE, $(P_XT)xt_iprange)) +#clusterip +$(eval $(call nf_add,IPT_CLUSTERIP,CONFIG_IP_NF_TARGET_CLUSTERIP, $(P_V4)ipt_CLUSTERIP)) # ipsec $(eval $(call nf_add,IPT_IPSEC,CONFIG_IP_NF_MATCH_AH, $(P_V4)ipt_ah)) @@ -346,6 +351,8 @@ IPT_BUILTIN += $(IPT_EXTRA-y) IPT_BUILTIN += $(IPT_FILTER-y) IPT_BUILTIN += $(IPT_IPOPT-y) IPT_BUILTIN += $(IPT_IPRANGE-y) +IPT_BUILTIN += $(IPT_CLUSTER-y) +IPT_BUILTIN += $(IPT_CLUSTERIP-y) IPT_BUILTIN += $(IPT_IPSEC-y) IPT_BUILTIN += $(IPT_IPV6-y) $(IPT_IPV6-m) IPT_BUILTIN += $(NF_NAT-y) |