From 2d27ebbb9338c114b3b5403cd4eb6fc05ef1ed6a Mon Sep 17 00:00:00 2001 From: Kristian Evensen Date: Mon, 22 Jan 2018 18:52:28 +0100 Subject: iptables: Support building connlabel module It is currently possible to enable connlabel-support in iptables. However, in order for connlabel to work properly, the kernel module must also be present. This patch adds support for building the connlabel-module, and selects it by default when connlabel-support is enabled. Signed-off-by: Kristian Evensen --- package/network/utils/iptables/Makefile | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'package/network/utils/iptables/Makefile') diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 207676e290..9c6abfb943 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -124,6 +124,20 @@ Extra iptables extensions for connection tracking. endef +define Package/iptables-mod-conntrack-label +$(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL) + TITLE:=Connection tracking labeling extension + DEFAULT:=y if IPTABLES_CONNLABEL +endef + +define Package/iptables-mod-conntrack-label/description +Match and set label(s) on connection tracking entries + + Matches: + - connlabel + +endef + define Package/iptables-mod-filter $(call Package/iptables/Module, +kmod-ipt-filter) TITLE:=Content inspection extensions @@ -592,6 +606,7 @@ endef $(eval $(call BuildPackage,iptables)) $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m))) +$(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m))) $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m))) $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m))) -- cgit v1.2.3