diff options
| author | Etienne Champetier <champetier.etienne@gmail.com> | 2022-01-24 17:30:43 -0500 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-01-28 22:05:03 +0100 |
| commit | 01e58f8bee2f4f33abcb4ab73c1f7b5ebfd10c5d (patch) | |
| tree | d2dfdf8ba3cfe022eece7291be9e619edffdefc1 /include | |
| parent | d2ae4821c225f17e6484a8a7eeed20965901c9df (diff) | |
| download | upstream-01e58f8bee2f4f33abcb4ab73c1f7b5ebfd10c5d.tar.gz upstream-01e58f8bee2f4f33abcb4ab73c1f7b5ebfd10c5d.tar.bz2 upstream-01e58f8bee2f4f33abcb4ab73c1f7b5ebfd10c5d.zip | |
netfilter.mk: add conntrack support to nft bridge
This allows to implement statefull bridge filtering
As the uncompressed size is only 7.6k (arm64), just add
nf_conntrack_bridge.ko to kmod-nft-bridge package
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/netfilter.mk | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index 803749d931..65e8e3b8f0 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -332,6 +332,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_EBT)nf_conntrack_bridge),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),)) |