diff options
| author | Jo-Philipp Wich <jo@mein.io> | 2022-04-12 13:38:23 +0200 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2022-04-12 14:02:16 +0200 |
| commit | bea01fa57f5c9c333138bbbc5c9f83b9d7553fb5 (patch) | |
| tree | af87617f1931a7c9032113a4e3eb84dd019f91d7 /include | |
| parent | 5d5afd51772c9a992cb6bb9e0a9dce6feaa3fdef (diff) | |
| download | upstream-bea01fa57f5c9c333138bbbc5c9f83b9d7553fb5.tar.gz upstream-bea01fa57f5c9c333138bbbc5c9f83b9d7553fb5.tar.bz2 upstream-bea01fa57f5c9c333138bbbc5c9f83b9d7553fb5.zip | |
netfilter: move nf-log modules into separate packages
Both legacy iptables and nftables require nf-log modules for rule logging,
so move them into a separate package both firewall implementations can
depend on.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'include')
| -rw-r--r-- | include/netfilter.mk | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index 24255ebe6d..e49725fd31 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -48,9 +48,6 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comme $(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG)) -$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_common, lt 5.13)) -$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_V4)nf_log_ipv4, lt 5.13)) -$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_syslog, ge 5.13)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS)) $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT)) $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time)) @@ -157,7 +154,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV6, $(P_V6) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),)) -$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6,lt 5.13),)) $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6))) @@ -173,6 +169,13 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh)) $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag)) $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) +# log + +$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_COMMON, $(P_XT)nf_log_common, lt 5.13)) +$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_IPV4, $(P_V4)nf_log_ipv4, lt 5.13)) +$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_SYSLOG, $(P_XT)nf_log_syslog, ge 5.13)) +$(eval $(if $(NF_KMOD),$(call nf_add,NF_LOG6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6,lt 5.13),)) + # nat # kernel only |