[Buildroot] [PATCH/next v4 4/5] package/firewalld: bear the kernel options munging

aduskett at gmail.com aduskett at gmail.com
Thu May 7 23:14:56 UTC 2020


From: Adam Duskett <Aduskett at gmail.com>

To run, Firewalld requires enabling almost every single nftables option in the
kernel menuconfig. Indeed for a regular user, this task is quite a
time-consuming operation, and missing even one required nftables option results
in firewalld failing to start.

Through a mix of trial and error and talking to the upstream developers,
attached is the minimum amount of kernel options required for runtime.
Understandably this list is daunting. However, these options have passed
run-time tests with kernel 4.18 (the minimum kernel version required) and
kernel 5.6.11 (the latest kernel version as of this commit log.)

As such, it is safe to say these options will work for anybody wanting to
use firewalld with a supported kernel version of 4.18 or higher.

Signed-off-by: Adam Duskett <Aduskett at gmail.com>
---
Changes v1 -> v4:
  - Add this patch to the series

 package/firewalld/firewalld.mk | 252 +++++++++++++++++++++++++++++++++
 1 file changed, 252 insertions(+)

diff --git a/package/firewalld/firewalld.mk b/package/firewalld/firewalld.mk
index 8fcd01ec32..dd0f284a5c 100644
--- a/package/firewalld/firewalld.mk
+++ b/package/firewalld/firewalld.mk
@@ -78,4 +78,256 @@ define FIREWALLD_INSTALL_INIT_SYSV
 		$(TARGET_DIR)/etc/init.d/S41firewalld
 endef
 
+# Firewalld requires almost every single nftables rule enabled in the kernel to
+# properly start. As such, if a user selects the firewalld package, it is much
+# easier to select these options for them, much like we do for systemd or
+# iptables.
+define FIREWALLD_LINUX_CONFIG_FIXUPS
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_BRIDGE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_LOG_COMMON)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_LOG_NETDEV)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_CONNCOUNT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_MARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_ZONES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_PROCFS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_EVENTS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_TIMEOUT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_TIMESTAMP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_LABELS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CT_PROTO_DCCP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CT_PROTO_GRE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CT_PROTO_SCTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CT_PROTO_UDPLITE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_AMANDA)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_FTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_H323)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_IRC)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_BROADCAST)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_NETBIOS_NS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_SNMP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_PPTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_SANE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_SIP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CONNTRACK_TFTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CT_NETLINK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CT_NETLINK_TIMEOUT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_CT_NETLINK_HELPER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_NETLINK_GLUE_CT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_NEEDED)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_PROTO_DCCP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_PROTO_UDPLITE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_PROTO_SCTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_AMANDA)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_FTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_IRC)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_SIP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_TFTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_REDIRECT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_SYNPROXY)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_TABLES_SET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_TABLES_NETDEV)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_NUMGEN)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_CT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_FLOW_OFFLOAD)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_COUNTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_CONNLIMIT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_LOG)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_LIMIT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_MASQ)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_REDIR)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_NAT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_TUNNEL)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_OBJREF)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_QUEUE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_QUOTA)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_BRIDGE_META)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_REJECT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_REJECT_INET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_COMPAT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_HASH)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_FIB)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_FIB_INET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_SOCKET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_OSF)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_TPROXY)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_DUP_NETDEV)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_DUP_NETDEV)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_FWD_NETDEV)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_FIB_NETDEV)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_FLOW_TABLE_INET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_FLOW_TABLE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XTABLES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_CONNMARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_SET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_CHECKSUM)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_CLASSIFY)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_CONNMARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_CT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_DSCP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_HMARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_IDLETIMER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_LED)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_LOG)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_MARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_NFLOG)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_NFQUEUE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_NOTRACK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_RATEEST)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_TEE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_TPROXY)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_TRACE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_TCPMSS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_BPF)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CGROUP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CLUSTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_COMMENT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CONNBYTES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CONNLABEL)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CONNLIMIT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CONNMARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CONNTRACK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_CPU)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_DCCP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_DEVGROUP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_DSCP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_ESP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_HASHLIMIT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_HELPER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_IPCOMP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_IPRANGE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_L2TP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_LENGTH)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_LIMIT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_MAC)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_MARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_MULTIPORT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_NFACCT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_OSF)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_OWNER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_POLICY)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_PHYSDEV)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_PKTTYPE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_QUOTA)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_RATEEST)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_REALM)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_RECENT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_SCTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_SOCKET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_STATE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_STATISTIC)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_STRING)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_TCPMSS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_TIME)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XT_MATCH_U32)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_BITMAP_IP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_BITMAP_IPMAC)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_BITMAP_PORT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_IP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_IPMARK)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_IPPORT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_IPPORTIP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_IPPORTNET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_IPMAC)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_MAC)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_NETPORTNET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_NET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_NETNET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_NETPORT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_HASH_NETIFACE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_SET_LIST_SET)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_DEFRAG_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_SOCKET_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_TPROXY_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_TABLES_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_CHAIN_ROUTE_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_REJECT_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_DUP_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_FIB_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_TABLES_ARP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_NETLINK_ACCT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_NETLINK_QUEUE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_NETLINK_LOG)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_FLOW_TABLE_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_DUP_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_LOG_ARP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_LOG_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_REJECT_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_MASQUERADE_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_CHAIN_NAT_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_MASQ_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_REDIR_IPV4)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_SNMP_BASIC)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_PROTO_GRE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_PPTP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_H323)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_IPTABLES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_MATCH_AH)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_MATCH_ECN)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_MATCH_RPFILTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_MATCH_TTL)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_FILTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_REJECT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_SYNPROXY)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_NAT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_MASQUERADE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_NETMAP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_REDIRECT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_MANGLE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_CLUSTERIP)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_ECN)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_TARGET_TTL)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_RAW)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_ARPTABLES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_ARPFILTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_ARP_MANGLE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_SOCKET_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_TPROXY_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_TABLES_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_CHAIN_ROUTE_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_CHAIN_NAT_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_MASQ_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_REDIR_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_REJECT_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_DUP_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_FIB_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_FLOW_TABLE_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_DUP_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_REJECT_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_LOG_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_NAT_MASQUERADE_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_IPTABLES)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_AH)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_EUI64)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_FRAG)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_OPTS)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_HL)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_IPV6HEADER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_MH)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_RPFILTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_RT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MATCH_SRH)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_TARGET_HL)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_FILTER)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_TARGET_REJECT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_TARGET_SYNPROXY)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_MANGLE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_RAW)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_NAT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_TARGET_MASQUERADE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_IP6_NF_TARGET_NPT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_DEFRAG_IPV6)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_TABLES_BRIDGE)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NFT_BRIDGE_REJECT)
+	$(call KCONFIG_ENABLE_OPT,CONFIG_NF_LOG_BRIDGE)
+endef
+
 $(eval $(autotools-package))
-- 
2.26.2



More information about the buildroot mailing list