[openwrt/openwrt] netfilter.mk: add conntrack support to nft bridge
LEDE Commits
lede-commits at lists.infradead.org
Fri Jan 28 15:11:19 PST 2022
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/01e58f8bee2f4f33abcb4ab73c1f7b5ebfd10c5d
commit 01e58f8bee2f4f33abcb4ab73c1f7b5ebfd10c5d
Author: Etienne Champetier <champetier.etienne at gmail.com>
AuthorDate: Mon Jan 24 17:30:43 2022 -0500
netfilter.mk: add conntrack support to nft bridge
This allows to implement statefull bridge filtering
As the uncompressed size is only 7.6k (arm64), just add
nf_conntrack_bridge.ko to kmod-nft-bridge package
Signed-off-by: Etienne Champetier <champetier.etienne at gmail.com>
---
include/netfilter.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 803749d931..65e8e3b8f0 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -332,6 +332,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_EBT)nf_conntrack_bridge),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),))
More information about the lede-commits
mailing list