iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: NFT_CHAIN_NAT_IPV* is independent of NFT_NAT

Browse Source 
Now that we have masquerading support in nf_tables, the NAT chain can
be use with it, not only for SNAT/DNAT. So make this chain type
independent of it.

While at it, move it inside the scope of 'if NF_NAT_IPV*' to simplify
dependencies.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
2014-09-11 17:42:00 +02:00
parent 39e393bb4f
commit 3e8dc212a0
2 changed files with 22 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
net/ipv4/netfilter/Kconfig
View File

@ -61,16 +61,6 @@ config NFT_CHAIN_ROUTE_IPV4
fields such as the source, destination, type of service and fields such as the source, destination, type of service and
the packet mark. the packet mark.
config NFT_CHAIN_NAT_IPV4
depends on NF_TABLES_IPV4
depends on NF_NAT_IPV4 && NFT_NAT
tristate "IPv4 nf_tables nat chain support"
help
This option enables the "nat" chain for IPv4 in nf_tables. This
chain type is used to perform Network Address Translation (NAT)
packet transformations such as the source, destination address and
source and destination ports.
config NFT_REJECT_IPV4 config NFT_REJECT_IPV4
depends on NF_TABLES_IPV4 depends on NF_TABLES_IPV4
default NFT_REJECT default NFT_REJECT
@ -94,6 +84,15 @@ config NF_NAT_IPV4
if NF_NAT_IPV4 if NF_NAT_IPV4
config NFT_CHAIN_NAT_IPV4
depends on NF_TABLES_IPV4
tristate "IPv4 nf_tables nat chain support"
help
This option enables the "nat" chain for IPv4 in nf_tables. This
chain type is used to perform Network Address Translation (NAT)
packet transformations such as the source, destination address and
source and destination ports.
config NF_NAT_SNMP_BASIC config NF_NAT_SNMP_BASIC
tristate "Basic SNMP-ALG support" tristate "Basic SNMP-ALG support"
depends on NF_CONNTRACK_SNMP depends on NF_CONNTRACK_SNMP

23
net/ipv6/netfilter/Kconfig
View File

@ -40,16 +40,6 @@ config NFT_CHAIN_ROUTE_IPV6
fields such as the source, destination, flowlabel, hop-limit and fields such as the source, destination, flowlabel, hop-limit and
the packet mark. the packet mark.
config NFT_CHAIN_NAT_IPV6
depends on NF_TABLES_IPV6
depends on NF_NAT_IPV6 && NFT_NAT
tristate "IPv6 nf_tables nat chain support"
help
This option enables the "nat" chain for IPv6 in nf_tables. This
chain type is used to perform Network Address Translation (NAT)
packet transformations such as the source, destination address and
source and destination ports.
config NFT_REJECT_IPV6 config NFT_REJECT_IPV6
depends on NF_TABLES_IPV6 depends on NF_TABLES_IPV6
default NFT_REJECT default NFT_REJECT
@ -70,6 +60,19 @@ config NF_NAT_IPV6
forms of full Network Address Port Translation. This can be forms of full Network Address Port Translation. This can be
controlled by iptables or nft. controlled by iptables or nft.
if NF_NAT_IPV6
config NFT_CHAIN_NAT_IPV6
depends on NF_TABLES_IPV6
tristate "IPv6 nf_tables nat chain support"
help
This option enables the "nat" chain for IPv6 in nf_tables. This
chain type is used to perform Network Address Translation (NAT)
packet transformations such as the source, destination address and
source and destination ports.
endif # NF_NAT_IPV6
config IP6_NF_IPTABLES config IP6_NF_IPTABLES
tristate "IP6 tables support (required for filtering)" tristate "IP6 tables support (required for filtering)"
depends on INET && IPV6 depends on INET && IPV6