mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-18 21:28:02 +00:00
netfilter.mk: add conntrack support to nft bridge
This allows to implement statefull bridge filtering As the uncompressed size is only 7.6k (arm64), just add nf_conntrack_bridge.ko to kmod-nft-bridge package Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This commit is contained in:
parent
d2ae4821c2
commit
01e58f8bee
@ -332,6 +332,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_EBT)nf_conntrack_bridge),))
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),))
|
||||
|
Loading…
Reference in New Issue
Block a user