Hi devs,
Any objections adding a firewall "feature" ? That would help preventing
netfilter related modules and utilities from being build on systems
where CONFIG_NETFILTER is not set ?
Proposed patch attached
Regards,
--
-{Nico}
Index: include/target.mk
===================================================================
--- include/target.mk (revision 19922)
+++ include/target.mk (working copy)
@@ -138,6 +138,9 @@
.SILENT: $(TMP_CONFIG)
.PRECIOUS: $(TMP_CONFIG)
+ ifneq ($(CONFIG_NETFILTER),)
+ FEATURES += firewall
+ endif
ifneq ($(CONFIG_GENERIC_GPIO),)
FEATURES += gpio
endif
Index: target/Config.in
===================================================================
--- target/Config.in (revision 19922)
+++ target/Config.in (working copy)
@@ -17,6 +17,9 @@
config DISPLAY_SUPPORT
bool
+config FIREWALL_SUPPORT
+ bool
+
config GPIO_SUPPORT
bool
Index: scripts/metadata.pl
===================================================================
--- scripts/metadata.pl (revision 19922)
+++ scripts/metadata.pl (working copy)
@@ -154,6 +154,7 @@
/broken/ and $ret .= "\tdepends BROKEN\n";
/audio/ and $ret .= "\tselect AUDIO_SUPPORT\n";
/display/ and $ret .= "\tselect DISPLAY_SUPPORT\n";
+ /firewall/ and $ret .= "\tselect FIREWALL_SUPPORT\n";
/gpio/ and $ret .= "\tselect GPIO_SUPPORT\n";
/pci/ and $ret .= "\tselect PCI_SUPPORT\n";
/pcie/ and $ret .= "\tselect PCIE_SUPPORT\n";
Index: package/arptables/Makefile
===================================================================
--- package/arptables/Makefile (revision 19922)
+++ package/arptables/Makefile (working copy)
@@ -22,7 +22,7 @@
SECTION:=net
CATEGORY:=Network
TITLE:=ARP firewalling software
- DEPENDS:=+kmod-arptables
+ DEPENDS:= @FIREWALL_SUPPORT +kmod-arptables
URL:=http://ebtables.sourceforge.net
endef
Index: package/ebtables/Makefile
===================================================================
--- package/ebtables/Makefile (revision 19922)
+++ package/ebtables/Makefile (working copy)
@@ -22,7 +22,7 @@
define Package/ebtables
SECTION:=net
CATEGORY:=Network
- DEPENDS:=+kmod-ebtables
+ DEPENDS:= @FIREWALL_SUPPORT +kmod-ebtables
TITLE:=Ethernet bridge firewall administration utility
URL:=http://ebtables.sourceforge.net/
endef
Index: package/ipset/Makefile
===================================================================
--- package/ipset/Makefile (revision 19922)
+++ package/ipset/Makefile (working copy)
@@ -19,7 +19,7 @@
include $(INCLUDE_DIR)/package.mk
define Package/ipset/Default
- DEPENDS:= @LINUX_2_6 @(!(TARGET_ps3||TARGET_pxcab)||BROKEN)
+ DEPENDS:= @FIREWALL_SUPPORT @LINUX_2_6
endef
define Package/ipset
Index: package/iptables/Makefile
===================================================================
--- package/iptables/Makefile (revision 19922)
+++ package/iptables/Makefile (working copy)
@@ -33,6 +33,7 @@
SECTION:=net
CATEGORY:=Network
URL:=http://netfilter.org/
+ DEPENDS:= @FIREWALL_SUPPORT
endef
define Package/iptables/Module
Index: package/kernel/modules/netfilter.mk
===================================================================
--- package/kernel/modules/netfilter.mk (revision 19922)
+++ package/kernel/modules/netfilter.mk (working copy)
@@ -16,6 +16,7 @@
KCONFIG:=$(KCONFIG_IPT_CORE)
FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
+ DEPENDS:= @FIREWALL_SUPPORT
endef
define KernelPackage/ipt-core/description
@@ -319,7 +320,7 @@
define KernelPackage/ip6tables
SUBMENU:=$(NF_MENU)
TITLE:=IPv6 modules
- DEPENDS:=+kmod-ipv6
+ DEPENDS:= @FIREWALL_SUPPORT +kmod-ipv6
KCONFIG:=$(KCONFIG_IPT_IPV6)
FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
@@ -340,6 +341,7 @@
CONFIG_IP_NF_ARPFILTER \
CONFIG_IP_NF_ARP_MANGLE
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.$(LINUX_KMOD_SUFFIX),%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)))))
+ DEPENDS:= @FIREWALL_SUPPORT
endef
define KernelPackage/arptables/description
@@ -352,7 +354,7 @@
define KernelPackage/ebtables
SUBMENU:=$(NF_MENU)
TITLE:=Bridge firewalling modules
- DEPENDS:=...@linux_2_6
+ DEPENDS:= @FIREWALL_SUPPORT @LINUX_2_6
FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
$(KCONFIG_EBTABLES)
@@ -425,7 +427,7 @@
define KernelPackage/nfnetlink
SUBMENU:=$(NF_MENU)
TITLE:=Netlink-based userspace interface
- DEPENDS:=...@linux_2_6 +kmod-ipt-core
+ DEPENDS:= @FIREWALL_SUPPORT @LINUX_2_6 +kmod-ipt-core
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.$(LINUX_KMOD_SUFFIX)
KCONFIG:=CONFIG_NETFILTER_NETLINK
AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
@@ -440,7 +442,7 @@
define KernelPackage/nfnetlink/Depends
SUBMENU:=$(NF_MENU)
- DEPENDS:=...@linux_2_6 +kmod-nfnetlink $(1)
+ DEPENDS:= @FIREWALL_SUPPORT @LINUX_2_6 +kmod-nfnetlink $(1)
endef
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
