summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73>2005-11-11 18:59:20 +0000
committernico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73>2005-11-11 18:59:20 +0000
commit49be26db3b5a96efbc912becc474a7043ac26318 (patch)
treebc31e6c1c27e5666ab1c6a221ba2945219cd1fd3
parent6688a39d5faccd3a23fe0fbeb157d558ffd5ce81 (diff)
backport netfilter modules split introduced by changeset:2083 in whiterussian (fix ticket:40)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2430 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--target/linux/Config.in132
-rw-r--r--target/linux/control/kmod-imq.control4
-rw-r--r--target/linux/control/kmod-ipt-conntrack.control4
-rw-r--r--target/linux/control/kmod-ipt-extra.control4
-rw-r--r--target/linux/control/kmod-ipt-filter.control4
-rw-r--r--target/linux/control/kmod-ipt-ipopt.control4
-rw-r--r--target/linux/control/kmod-ipt-ipsec.control4
-rw-r--r--target/linux/control/kmod-ipt-nat-extra.control4
-rw-r--r--target/linux/control/kmod-ipt-nat.control4
-rw-r--r--target/linux/control/kmod-ipt-queue.control4
-rw-r--r--target/linux/control/kmod-ipt-ulog.control4
-rw-r--r--target/linux/linux-2.4/Makefile48
-rw-r--r--target/linux/linux-2.6/Makefile48
-rw-r--r--target/linux/netfilter.mk136
-rw-r--r--target/linux/rules.mk4
15 files changed, 395 insertions, 13 deletions
diff --git a/target/linux/Config.in b/target/linux/Config.in
index ba8e4113c..cd7febae7 100644
--- a/target/linux/Config.in
+++ b/target/linux/Config.in
@@ -188,21 +188,141 @@ config BR2_PACKAGE_KMOD_EBTABLES
help
Kernel modules for bridge firewalling
-config BR2_PACKAGE_KMOD_IPTABLES_V4
- prompt "kmod-iptables..................... Basic set of kernel modules for iptables"
+config BR2_PACKAGE_KMOD_IPTABLES
+ prompt "kmod-iptables..................... Core Netfilter modules for IPv4 firewalling"
tristate
default y
help
Kernel modules for IPv4 firewalling
-config BR2_PACKAGE_KMOD_IPTABLES_V4_EXTRA
- prompt "kmod-iptables-extra............... Extra modules for iptables"
+config BR2_PACKAGE_KMOD_IPTABLES_EXTRA
+ prompt "kmod-iptables-extra............... Extra Netfilter modules for IPv4 firewalling (meta-package)"
tristate
default m
+ select BR2_PACKAGE_KMOD_IPT_CONNTRACK
+ select BR2_PACKAGE_KMOD_IPT_FILTER
+ select BR2_PACKAGE_KMOD_IPT_IPOPT
+ select BR2_PACKAGE_KMOD_IPT_IPSEC
+ select BR2_PACKAGE_KMOD_IPT_NAT
+ select BR2_PACKAGE_KMOD_IPT_NAT_EXTRA
+ select BR2_PACKAGE_KMOD_IPT_QUEUE
+ select BR2_PACKAGE_KMOD_IPT_ULOG
+ select BR2_PACKAGE_KMOD_IPT_EXTRA
help
- Extra kernel modules for IPv4 firewalling
+ Extra Netfilter kernel modules for IPv4 firewalling (meta-package)
-config BR2_PACKAGE_KMOD_IPTABLES_V6
+config BR2_PACKAGE_KMOD_IPT_CONNTRACK
+ prompt "kmod-ipt-conntrack................ Netfilter modules for connection tracking"
+ tristate
+ default m
+ help
+ Netfilter (IPv4) kernel modules for connection tracking
+
+ Includes:
+ * ipt_conntrack
+ * ipt_helper
+ * ipt_connmark/CONNMARK
+
+config BR2_PACKAGE_KMOD_IPT_FILTER
+ prompt "kmod-ipt-filter................... Netfilter modules for packet content inspection"
+ tristate
+ default m
+ help
+ Netfilter (IPv4) kernel modules for packet content inspection
+
+ Includes:
+ * ipt_ipp2p
+ * ipt_layer7
+
+config BR2_PACKAGE_KMOD_IPT_IPOPT
+ prompt "kmod-ipt-ipopt.................... Netfilter modules for matching/changing IP packet options"
+ tristate
+ default m
+ help
+ Netfilter (IPv4) kernel modules for matching/changing IP packet options
+
+ Includes:
+ * ipt_dscp/DSCP
+ * ipt_ecn/ECN
+ * ipt_length
+ * ipt_mac
+ * ipt_tos/TOS
+ * ipt_tcpmms
+ * ipt_ttl/TTL
+ * ipt_unclean
+
+config BR2_PACKAGE_KMOD_IPT_IPSEC
+ prompt "kmod-ipt-ipsec.................... Netfilter modules for matching IPsec packets"
+ tristate
+ default m
+ help
+ Netfilter (IPv4) kernel modules for matching IPsec packets
+
+ Includes:
+ * ipt_ah
+ * ipt_esp
+
+config BR2_PACKAGE_KMOD_IPT_NAT
+ prompt "kmod-ipt-nat...................... Netfilter modules for different NAT targets"
+ tristate
+ default m
+ help
+ Netfilter (IPv4) kernel modules for different NAT targets
+
+ Includes:
+ * ipt_REDIRECT
+
+config BR2_PACKAGE_KMOD_IPT_NAT_EXTRA
+ prompt "kmod-ipt-nat-extra................ Extra Netfilter NAT modules for special protocols"
+ tristate
+ default m
+ help
+ Extra Netfilter (IPv4) NAT kernel modules for special protocols
+
+ Includes:
+ * ip_conntrack_amanda
+ * ip_conntrack_proto_gre
+ * ip_nat_proto_gre
+ * ip_conntrack_pptp
+ * ip_nat_pptp
+ * ip_nat_snmp_basic
+ * ip_conntrack_tftp
+
+config BR2_PACKAGE_KMOD_IPT_QUEUE
+ prompt "kmod-ipt-queue.................... Netfilter module for user-space packet queueing"
+ tristate
+ default m
+ help
+ Netfilter (IPv4) module for user-space packet queueing
+
+ Includes:
+ * ipt_QUEUE
+
+config BR2_PACKAGE_KMOD_IPT_ULOG
+ prompt "kmod-ipt-ulog..................... Netfilter module for user-space packet logging"
+ tristate
+ default m
+ help
+ Netfilter (IPv4) module for user-space packet logging
+
+ Includes:
+ * ipt_ULOG
+
+config BR2_PACKAGE_KMOD_IPT_EXTRA
+ prompt "kmod-ipt-extra.................... Other extra Netfilter modules"
+ tristate
+ default m
+ help
+ Other extra Netfilter (IPv4) kernel modules
+
+ Includes:
+ * ipt_limit
+ * ipt_owner
+ * ipt_physdev
+ * ipt_pkttype
+ * ipt_recent
+
+config BR2_PACKAGE_KMOD_IP6TABLES
prompt "kmod-ip6tables.................... Kernel modules for ip6tables"
tristate
default m
diff --git a/target/linux/control/kmod-imq.control b/target/linux/control/kmod-imq.control
new file mode 100644
index 000000000..78925a40b
--- /dev/null
+++ b/target/linux/control/kmod-imq.control
@@ -0,0 +1,4 @@
+Package: kmod-imq
+Priority: optional
+Section: net
+Description: Kernel support for the Intermediate Queueing device
diff --git a/target/linux/control/kmod-ipt-conntrack.control b/target/linux/control/kmod-ipt-conntrack.control
new file mode 100644
index 000000000..3528ec4e0
--- /dev/null
+++ b/target/linux/control/kmod-ipt-conntrack.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-conntrack
+Priority: optional
+Section: net
+Description: Extra Netfilter (IPv4) kernel modules for connection tracking
diff --git a/target/linux/control/kmod-ipt-extra.control b/target/linux/control/kmod-ipt-extra.control
new file mode 100644
index 000000000..d336cc300
--- /dev/null
+++ b/target/linux/control/kmod-ipt-extra.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-extra
+Priority: optional
+Section: net
+Description: Other extra Netfilter (IPv4) kernel modules
diff --git a/target/linux/control/kmod-ipt-filter.control b/target/linux/control/kmod-ipt-filter.control
new file mode 100644
index 000000000..8f5684d49
--- /dev/null
+++ b/target/linux/control/kmod-ipt-filter.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-filter
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel modules for packet content inspection
diff --git a/target/linux/control/kmod-ipt-ipopt.control b/target/linux/control/kmod-ipt-ipopt.control
new file mode 100644
index 000000000..f0c9856d0
--- /dev/null
+++ b/target/linux/control/kmod-ipt-ipopt.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-ipopt
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel modules for matching/changing IP packet options
diff --git a/target/linux/control/kmod-ipt-ipsec.control b/target/linux/control/kmod-ipt-ipsec.control
new file mode 100644
index 000000000..6baa3d444
--- /dev/null
+++ b/target/linux/control/kmod-ipt-ipsec.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-ipsec
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel modules for matching special IPsec packets
diff --git a/target/linux/control/kmod-ipt-nat-extra.control b/target/linux/control/kmod-ipt-nat-extra.control
new file mode 100644
index 000000000..84b429453
--- /dev/null
+++ b/target/linux/control/kmod-ipt-nat-extra.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-nat-extra
+Priority: optional
+Section: net
+Description: Extra Netfilter (IPv4) NAT kernel modules for special protocols
diff --git a/target/linux/control/kmod-ipt-nat.control b/target/linux/control/kmod-ipt-nat.control
new file mode 100644
index 000000000..89fc8434b
--- /dev/null
+++ b/target/linux/control/kmod-ipt-nat.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-nat
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel modules for different NAT targets
diff --git a/target/linux/control/kmod-ipt-queue.control b/target/linux/control/kmod-ipt-queue.control
new file mode 100644
index 000000000..ba96eb5c2
--- /dev/null
+++ b/target/linux/control/kmod-ipt-queue.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-queue
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel module for user-space packet queuing
diff --git a/target/linux/control/kmod-ipt-ulog.control b/target/linux/control/kmod-ipt-ulog.control
new file mode 100644
index 000000000..2ce0fdcae
--- /dev/null
+++ b/target/linux/control/kmod-ipt-ulog.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-ulog
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel module for user-space packet logging
diff --git a/target/linux/linux-2.4/Makefile b/target/linux/linux-2.4/Makefile
index 76e5268a5..5a16a7ed6 100644
--- a/target/linux/linux-2.4/Makefile
+++ b/target/linux/linux-2.4/Makefile
@@ -50,6 +50,7 @@ ifeq ($(BOARD),ar7)
include ./ar7.mk
endif
+include ../netfilter.mk
# Networking
@@ -62,6 +63,11 @@ $(eval $(call KMOD_template,GRE,gre,\
$(MODULES_DIR)/kernel/net/ipv4/ip_gre.o \
,CONFIG_NET_IPGRE))
+$(eval $(call KMOD_template,IMQ,imq,\
+ $(MODULES_DIR)/kernel/net/*/netfilter/*IMQ*.o \
+ $(MODULES_DIR)/kernel/drivers/net/imq.o \
+))
+
$(eval $(call KMOD_template,IPV6,ipv6,\
$(MODULES_DIR)/kernel/net/ipv6/ipv6.o \
,CONFIG_IPV6,,20,ipv6))
@@ -107,11 +113,47 @@ $(eval $(call KMOD_template,EBTABLES,ebtables,\
$(MODULES_DIR)/kernel/net/bridge/netfilter/*.o \
,CONFIG_BRIDGE_NF_EBTABLES))
-$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\
- $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.o \
+# metapackage for compatibility ...
+$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\
+,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd))
+
+$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
+ $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
+ $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
+ $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
+ $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
+ $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\
+ $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\
+ $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m)))
+
+$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\
+ $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\
+ $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
))
-$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\
+$(eval $(call KMOD_template,IP6TABLES,ip6tables,\
$(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \
,CONFIG_IP6_NF_IPTABLES,kmod-ipv6))
diff --git a/target/linux/linux-2.6/Makefile b/target/linux/linux-2.6/Makefile
index f0ba690b5..8b96ff9bf 100644
--- a/target/linux/linux-2.6/Makefile
+++ b/target/linux/linux-2.6/Makefile
@@ -51,6 +51,7 @@ ifeq ($(BOARD),x86)
include ./x86.mk
endif
+include ../netfilter.mk
# Networking
@@ -63,6 +64,11 @@ $(eval $(call KMOD_template,GRE,gre,\
$(MODULES_DIR)/kernel/net/ipv4/ip_gre.ko \
,CONFIG_NET_IPGRE))
+$(eval $(call KMOD_template,IMQ,imq,\
+ $(MODULES_DIR)/kernel/net/*/netfilter/*IMQ*.ko \
+ $(MODULES_DIR)/kernel/drivers/net/imq.ko \
+))
+
$(eval $(call KMOD_template,IPV6,ipv6,\
$(MODULES_DIR)/kernel/net/ipv6/ipv6.ko \
,CONFIG_IPV6,,20,ipv6))
@@ -105,11 +111,47 @@ $(eval $(call KMOD_template,EBTABLES,ebtables,\
$(MODULES_DIR)/kernel/net/bridge/netfilter/*.ko \
,CONFIG_BRIDGE_NF_EBTABLES))
-$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\
- $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.ko \
+# metapackage for compatibility ...
+$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\
+,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd))
+
+$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
+ $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
+ $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
+ $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
+ $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
+ $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\
+ $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\
+ $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m)))
+
+$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\
+ $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\
+ $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
))
-$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\
+$(eval $(call KMOD_template,IP6TABLES,ip6tables,\
$(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.ko \
,CONFIG_IP6_NF_IPTABLES,kmod-ipv6))
diff --git a/target/linux/netfilter.mk b/target/linux/netfilter.mk
new file mode 100644
index 000000000..433c386d6
--- /dev/null
+++ b/target/linux/netfilter.mk
@@ -0,0 +1,136 @@
+# $Id: netfilter.mk 2411 2005-11-11 03:41:43Z nico $
+
+#
+# kernel modules
+#
+
+IPKG_KMOD_IPT_CONNTRACK-m :=
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPKG_KMOD_IPT_EXTRA-m :=
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += multiport
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPKG_KMOD_IPT_FILTER-m :=
+IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPKG_KMOD_IPT_IPOPT-m :=
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPKG_KMOD_IPT_IPSEC-m :=
+IPKG_KMOD_IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPKG_KMOD_IPT_NAT-m :=
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPKG_KMOD_IPT_NAT_EXTRA-m :=
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp
+
+IPKG_KMOD_IPT_QUEUE-m :=
+IPKG_KMOD_IPT_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue
+
+IPKG_KMOD_IPT_ULOG-m :=
+IPKG_KMOD_IPT_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+
+#
+# iptables extensions
+#
+
+IPKG_IPTABLES-y := ipt_standard
+IPKG_IPTABLES-y := ipt_icmp ipt_tcp ipt_udp
+
+IPKG_IPTABLES_MOD_CONNTRACK-m :=
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPKG_IPTABLES_MOD_EXTRA-m :=
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPKG_IPTABLES_MOD_FILTER-m :=
+IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPKG_IPTABLES_MOD_IMQ-m :=
+IPKG_IPTABLES_MOD_IMQ-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ
+
+IPKG_IPTABLES_MOD_IPOPT-m :=
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPKG_IPTABLES_MOD_IPSEC-m :=
+IPKG_IPTABLES_MOD_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPKG_IPTABLES_MOD_NAT-m :=
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_NAT) += ipt_SNAT ipt_DNAT
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPKG_IPTABLES_MOD_ULOG-m :=
+IPKG_IPTABLES_MOD_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_CONNTRACK-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_EXTRA-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_FILTER-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IMQ-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPOPT-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPSEC-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_NAT-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_ULOG-y)
diff --git a/target/linux/rules.mk b/target/linux/rules.mk
index f7e108658..be151ea10 100644
--- a/target/linux/rules.mk
+++ b/target/linux/rules.mk
@@ -37,10 +37,12 @@ endif
$$(PKG_$(1)): $(LINUX_DIR)/.modules_done
rm -rf $$(I_$(1))
- mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION)
$(SCRIPT_DIR)/make-ipkg-dir.sh $$(I_$(1)) ../control/kmod-$(2).control $(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE) $(ARCH)
echo "Depends: $$(IDEPEND_$(1))" >> $$(I_$(1))/CONTROL/control
+ifneq ($(strip $(3)),)
+ mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION)
cp $(3) $$(I_$(1))/lib/modules/$(LINUX_VERSION)
+endif
ifneq ($(6),)
mkdir -p $$(I_$(1))/etc/modules.d
for module in $(7); do \