domenico/openwrt-R7800-nss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

iptables: Support building connlabel module

Browse Source 
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
This commit is contained in:
Kristian Evensen
2018-01-22 18:52:28 +01:00
committed by John Crispin
parent f226e652f6
commit 2d27ebbb93
3 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/netfilter.mk
View File

@@ -86,6 +86,10 @@ $(eval $(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_MATCH_RECENT, $(P_X
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_CONNMARK, $(P_XT)xt_CONNMARK)))
#conntrack-label
$(eval $(call nf_add,IPT_CONNTRACK_LABEL,CONFIG_NETFILTER_XT_MATCH_CONNLABEL, $(P_XT)xt_connlabel))
# extra
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, $(if $(NF_KMOD),$(P_XT)xt_addrtype,$(P_XT)ipt_addrtype)))