From fb5d8dbda5f1ab7f4a87ae2c34a3faefd2b6908d Mon Sep 17 00:00:00 2001
From: Trammell Hudson <hudson@trmm.net>
Date: Thu, 25 Oct 2018 18:55:58 -0400
Subject: [PATCH] enable iptables support in tiny config

---
 boards/qemu-tiny/qemu-tiny.config |  7 +++-
 config/linux-tiny.config          | 63 ++++++++++++++++++++++++++++++-
 2 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/boards/qemu-tiny/qemu-tiny.config b/boards/qemu-tiny/qemu-tiny.config
index 809a19c7..e7a2cc23 100644
--- a/boards/qemu-tiny/qemu-tiny.config
+++ b/boards/qemu-tiny/qemu-tiny.config
@@ -15,12 +15,15 @@ else
 CONFIG_KEXEC=y
 CONFIG_QRENCODE=n
 CONFIG_TPMTOTP=n
-CONFIG_POPT=n
 CONFIG_FLASHTOOLS=n
 CONFIG_FLASHROM=n
 CONFIG_PCIUTILS=y
 CONFIG_UTIL_LINUX=y
 CONFIG_CRYPTSETUP=y
+CONFIG_POPT=$(CONFIG_CRYPTSETUP)
+CONFIG_IPTABLES=y
+CONFIG_LIBNFTNL=$(CONFIG_IPTABLES)
+CONFIG_LIBMNL=$(CONFIG_IPTABLES)
 CONFIG_GPG2=n
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
@@ -46,7 +49,7 @@ run: $(build)/$(BOARD)/initrd.cpio
 		--netdev user,id=net0,hostfwd=tcp::5555-:22 \
 		--bios $(build)/qboot-git/bios.bin \
 		--kernel $(build)/$(BOARD)/bzImage \
-		--initrd $(build)/$(BOARD)/initrd.cpio
+		--initrd $<
 	stty sane
 
 $(build)/$(BOARD)/initrd.cpio: $(build)/$(BOARD)/initrd.cpio.xz
diff --git a/config/linux-tiny.config b/config/linux-tiny.config
index 521f30e3..567abcd7 100644
--- a/config/linux-tiny.config
+++ b/config/linux-tiny.config
@@ -69,6 +69,67 @@ CONFIG_SYN_COOKIES=y
 # CONFIG_INET_XFRM_MODE_BEET is not set
 # CONFIG_INET_DIAG is not set
 # CONFIG_IPV6 is not set
+CONFIG_NETFILTER=y
+CONFIG_NF_TABLES=y
+CONFIG_NF_TABLES_NETDEV=y
+CONFIG_NFT_EXTHDR=y
+CONFIG_NFT_META=y
+CONFIG_NFT_RT=y
+CONFIG_NFT_NUMGEN=y
+CONFIG_NFT_SET_RBTREE=y
+CONFIG_NFT_SET_HASH=y
+CONFIG_NFT_SET_BITMAP=y
+CONFIG_NFT_COUNTER=y
+CONFIG_NFT_LOG=y
+CONFIG_NFT_LIMIT=y
+CONFIG_NFT_OBJREF=y
+CONFIG_NFT_QUOTA=y
+CONFIG_NFT_REJECT=y
+CONFIG_NFT_COMPAT=y
+CONFIG_NFT_HASH=y
+CONFIG_NFT_DUP_NETDEV=y
+CONFIG_NFT_FWD_NETDEV=y
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+CONFIG_NETFILTER_XT_MATCH_BPF=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CPU=y
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+CONFIG_NETFILTER_XT_MATCH_IPCOMP=y
+CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
+CONFIG_NETFILTER_XT_MATCH_L2TP=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+CONFIG_NETFILTER_XT_MATCH_NFACCT=y
+CONFIG_NETFILTER_XT_MATCH_OSF=y
+CONFIG_NETFILTER_XT_MATCH_OWNER=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+CONFIG_NETFILTER_XT_MATCH_RATEEST=y
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+CONFIG_NETFILTER_XT_MATCH_RECENT=y
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+CONFIG_NETFILTER_XT_MATCH_TIME=y
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_NF_TABLES_IPV4=y
+CONFIG_NFT_CHAIN_ROUTE_IPV4=y
+CONFIG_NFT_DUP_IPV4=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_RAW=y
 # CONFIG_UEVENT_HELPER is not set
 CONFIG_DEVTMPFS=y
 # CONFIG_STANDALONE is not set
@@ -118,7 +179,7 @@ CONFIG_VIRTIO_MMIO=y
 # CONFIG_IOMMU_SUPPORT is not set
 CONFIG_NVMEM=y
 # CONFIG_FIRMWARE_MEMMAP is not set
-# CONFIG_FILE_LOCKING is not set
+# CONFIG_MANDATORY_FILE_LOCKING is not set
 # CONFIG_DNOTIFY is not set
 # CONFIG_INOTIFY_USER is not set
 # CONFIG_MISC_FILESYSTEMS is not set