aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2022-04-12 13:38:23 +0200
committerHauke Mehrtens <hauke@hauke-m.de>2022-04-19 23:57:14 +0200
commit204259356e7d421b359d3a7c67ec662a5eaecf76 (patch)
treeabc91d7d8bf22ee85eeb7b4b21781bf6ca3752b6 /include
parent688a59bd9433c0a64f15f04029ede5a4acac206c (diff)
downloadupstream-204259356e7d421b359d3a7c67ec662a5eaecf76.tar.gz
upstream-204259356e7d421b359d3a7c67ec662a5eaecf76.tar.bz2
upstream-204259356e7d421b359d3a7c67ec662a5eaecf76.zip
netfilter: move nf-log modules into separate packages
Both legacy iptables and nftables require nf-log modules for rule logging, so move them into a separate package both firewall implementations can depend on. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit bea01fa57f5c9c333138bbbc5c9f83b9d7553fb5)
Diffstat (limited to 'include')
-rw-r--r--include/netfilter.mk9
1 files changed, 6 insertions, 3 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 2ef8f83e4c..20a5a52313 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -48,8 +48,6 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comme
$(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster))
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_common))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_V4)nf_log_ipv4))
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
$(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time))
@@ -156,7 +154,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV6, $(P_V6)
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))
@@ -172,6 +169,12 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
+# log
+
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_COMMON, $(P_XT)nf_log_common))
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_IPV4, $(P_V4)nf_log_ipv4))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_LOG6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
+
# nat
# kernel only