aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/netfilter.mk13
-rw-r--r--package/iptables/Makefile9
-rw-r--r--package/kernel/modules/netfilter.mk11
3 files changed, 33 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index a602f9d71f..531f8c7a73 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -88,6 +88,18 @@ IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += $(P_V4)ipt_ah $(P_V4)ipt_esp
IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH) += $(P_V4)ipt_ah
IPT_IPSEC-$(CONFIG_NETFILTER_XT_MATCH_ESP) += $(P_XT)xt_esp
+IPT_IPSET-m :=
+IPT_IPSET-$(CONFIG_IP_NF_SET) += $(P_V4)ip_set
+IPT_IPSET-$(CONFIG_IP_NF_MATCH_SET) += $(P_V4)ipt_set
+IPT_IPSET-$(CONFIG_IP_NF_SET_IPMAP) += $(P_V4)ip_set_ipmap
+IPT_IPSET-$(CONFIG_IP_NF_SET_MACIPMAP) += $(P_V4)ip_set_macipmap
+IPT_IPSET-$(CONFIG_IP_NF_SET_PORTMAP) += $(P_V4)ip_set_portmap
+IPT_IPSET-$(CONFIG_IP_NF_SET_IPHASH) += $(P_V4)ip_set_iphash
+IPT_IPSET-$(CONFIG_IP_NF_SET_NETHASH) += $(P_V4)ip_set_nethash
+IPT_IPSET-$(CONFIG_IP_NF_SET_IPPORTHASH) += $(P_V4)ip_set_ipporthash
+IPT_IPSET-$(CONFIG_IP_NF_SET_IPTREE) += $(P_V4)ip_set_iptree
+IPT_IPSET-$(CONFIG_IP_NF_TARGET_SET) += $(P_V4)ipt_SET
+
IPT_NAT-m :=
ifneq ($(NF_KMOD),1)
IPT_NAT-$(CONFIG_IP_NF_NAT) += $(P_V4)ipt_SNAT $(P_V4)ipt_DNAT
@@ -139,5 +151,6 @@ IPT_BUILTIN += $(IPT_FILTER-y)
IPT_BUILTIN += $(IPT_IMQ-y)
IPT_BUILTIN += $(IPT_IPOPT-y)
IPT_BUILTIN += $(IPT_IPSEC-y)
+IPT_BUILTIN += $(IPT_IPSET-y)
IPT_BUILTIN += $(IPT_NAT-y)
IPT_BUILTIN += $(IPT_ULOG-y)
diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index bd85322ff3..bfd28a16aa 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -160,6 +160,14 @@ define Package/iptables-mod-extra
- libipt_NOTRACK
endef
+define Package/iptables-mod-ipset
+ $(call Package/iptables/Default)
+ DEPENDS:=iptables +kmod-ipt-ipset
+ TITLE:=ipset iptables extension
+ DESCRIPTION:=\
+ ipset
+endef
+
define Package/iptables-utils
$(call Package/iptables/Default)
DEPENDS:=iptables
@@ -263,6 +271,7 @@ $(eval $(call BuildPackage,iptables))
$(eval $(call BuildPackage,iptables-utils))
$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
+$(eval $(call BuildPlugin,iptables-mod-ipset,$(IPT_IPSET-m)))
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
$(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk
index d3b3396e86..ad6066fc86 100644
--- a/package/kernel/modules/netfilter.mk
+++ b/package/kernel/modules/netfilter.mk
@@ -174,6 +174,17 @@ define KernelPackage/ipt-iprange
endef
$(eval $(call KernelPackage,ipt-iprange))
+define KernelPackage/ipt-ipset
+ TITLE:=IPSET Modules
+ DESCRIPTION:=\
+ Netfilter kernel modules for ipset
+ FILES:=$(foreach mod,$(IPT_IPSET-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
+ SUBMENU:=$(NFMENU)
+ AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPSET-m)))
+endef
+$(eval $(call KernelPackage,ipt-ipset))
+
+
define KernelPackage/ipt-extra
TITLE:=Extra modules
DESCRIPTION:=\