Skip to content

Commit 6c959fd

Browse files
leitaoummakynes
leitao
authored and
ummakynes
committed
netfilter: Make legacy configs user selectable
This option makes legacy Netfilter Kconfig user selectable, giving users the option to configure iptables without enabling any other config. Make the following KConfig entries user selectable: * BRIDGE_NF_EBTABLES_LEGACY * IP_NF_ARPTABLES * IP_NF_IPTABLES_LEGACY * IP6_NF_IPTABLES_LEGACY Signed-off-by: Breno Leitao <leitao@debian.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 parent f66ebf3 commit 6c959fd

File tree

3 files changed

+29
-4
lines changed

3 files changed

+29
-4
lines changed

net/bridge/netfilter/Kconfig

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,13 @@ config NF_CONNTRACK_BRIDGE
4141

4242
# old sockopt interface and eval loop
4343
config BRIDGE_NF_EBTABLES_LEGACY
44-
tristate
44+
tristate "Legacy EBTABLES support"
45+
depends on BRIDGE && NETFILTER_XTABLES
46+
default n
47+
help
48+
Legacy ebtables packet/frame classifier.
49+
This is not needed if you are using ebtables over nftables
50+
(iptables-nft).
4551

4652
menuconfig BRIDGE_NF_EBTABLES
4753
tristate "Ethernet Bridge tables (ebtables) support"

net/ipv4/netfilter/Kconfig

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,13 @@ config NF_DEFRAG_IPV4
1212

1313
# old sockopt interface and eval loop
1414
config IP_NF_IPTABLES_LEGACY
15-
tristate
15+
tristate "Legacy IP tables support"
16+
default n
17+
select NETFILTER_XTABLES
18+
help
19+
iptables is a legacy packet classifier.
20+
This is not needed if you are using iptables over nftables
21+
(iptables-nft).
1622

1723
config NF_SOCKET_IPV4
1824
tristate "IPv4 socket lookup support"
@@ -318,7 +324,13 @@ endif # IP_NF_IPTABLES
318324

319325
# ARP tables
320326
config IP_NF_ARPTABLES
321-
tristate
327+
tristate "Legacy ARPTABLES support"
328+
depends on NETFILTER_XTABLES
329+
default n
330+
help
331+
arptables is a legacy packet classifier.
332+
This is not needed if you are using arptables over nftables
333+
(iptables-nft).
322334

323335
config NFT_COMPAT_ARP
324336
tristate

net/ipv6/netfilter/Kconfig

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,14 @@ menu "IPv6: Netfilter Configuration"
88

99
# old sockopt interface and eval loop
1010
config IP6_NF_IPTABLES_LEGACY
11-
tristate
11+
tristate "Legacy IP6 tables support"
12+
depends on INET && IPV6
13+
select NETFILTER_XTABLES
14+
default n
15+
help
16+
ip6tables is a legacy packet classifier.
17+
This is not needed if you are using iptables over nftables
18+
(iptables-nft).
1219

1320
config NF_SOCKET_IPV6
1421
tristate "IPv6 socket lookup support"

0 commit comments

Comments
 (0)