From 2d27ebbb9338c114b3b5403cd4eb6fc05ef1ed6a Mon Sep 17 00:00:00 2001
From: Kristian Evensen <kristian.evensen@gmail.com>
Date: Mon, 22 Jan 2018 18:52:28 +0100
Subject: iptables: Support building connlabel module

It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
---
 include/netfilter.mk | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'include/netfilter.mk')

diff --git a/include/netfilter.mk b/include/netfilter.mk
index c99b6fb3f7..bad599b378 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -86,6 +86,10 @@ $(eval $(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_MATCH_RECENT, $(P_X
 
 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_CONNMARK, $(P_XT)xt_CONNMARK)))
 
+#conntrack-label
+
+$(eval $(call nf_add,IPT_CONNTRACK_LABEL,CONFIG_NETFILTER_XT_MATCH_CONNLABEL, $(P_XT)xt_connlabel))
+
 # extra
 
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, $(if $(NF_KMOD),$(P_XT)xt_addrtype,$(P_XT)ipt_addrtype)))
-- 
cgit v1.2.3