[OpenWrt-Devel] [patch] firewall feature

Sun, 28 Feb 2010 22:19:02 -0800 

Hi devs,

Any objections adding a firewall "feature" ? That would help preventing
netfilter related modules and utilities from being build on systems
where CONFIG_NETFILTER is not set ?

Proposed patch attached

Regards,
--
-{Nico}


Index: include/target.mk
===================================================================
--- include/target.mk	(revision 19922)
+++ include/target.mk	(working copy)
@@ -138,6 +138,9 @@
     .SILENT: $(TMP_CONFIG)
     .PRECIOUS: $(TMP_CONFIG)
 
+    ifneq ($(CONFIG_NETFILTER),)
+      FEATURES += firewall
+    endif
     ifneq ($(CONFIG_GENERIC_GPIO),)
       FEATURES += gpio
     endif
Index: target/Config.in
===================================================================
--- target/Config.in	(revision 19922)
+++ target/Config.in	(working copy)
@@ -17,6 +17,9 @@
 config DISPLAY_SUPPORT
 	bool
 
+config FIREWALL_SUPPORT
+	bool
+
 config GPIO_SUPPORT
 	bool
 
Index: scripts/metadata.pl
===================================================================
--- scripts/metadata.pl	(revision 19922)
+++ scripts/metadata.pl	(working copy)
@@ -154,6 +154,7 @@
 		/broken/ and $ret .= "\tdepends BROKEN\n";
 		/audio/ and $ret .= "\tselect AUDIO_SUPPORT\n";
 		/display/ and $ret .= "\tselect DISPLAY_SUPPORT\n";
+		/firewall/ and $ret .= "\tselect FIREWALL_SUPPORT\n";
 		/gpio/ and $ret .= "\tselect GPIO_SUPPORT\n";
 		/pci/ and $ret .= "\tselect PCI_SUPPORT\n";
 		/pcie/ and $ret .= "\tselect PCIE_SUPPORT\n";
Index: package/arptables/Makefile
===================================================================
--- package/arptables/Makefile	(revision 19922)
+++ package/arptables/Makefile	(working copy)
@@ -22,7 +22,7 @@
   SECTION:=net
   CATEGORY:=Network
   TITLE:=ARP firewalling software
-  DEPENDS:=+kmod-arptables
+  DEPENDS:= @FIREWALL_SUPPORT +kmod-arptables
   URL:=http://ebtables.sourceforge.net
 endef
 
Index: package/ebtables/Makefile
===================================================================
--- package/ebtables/Makefile	(revision 19922)
+++ package/ebtables/Makefile	(working copy)
@@ -22,7 +22,7 @@
 define Package/ebtables
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+kmod-ebtables
+  DEPENDS:= @FIREWALL_SUPPORT +kmod-ebtables
   TITLE:=Ethernet bridge firewall administration utility
   URL:=http://ebtables.sourceforge.net/
 endef
Index: package/ipset/Makefile
===================================================================
--- package/ipset/Makefile	(revision 19922)
+++ package/ipset/Makefile	(working copy)
@@ -19,7 +19,7 @@
 include $(INCLUDE_DIR)/package.mk
 
 define Package/ipset/Default
-  DEPENDS:= @LINUX_2_6 @(!(TARGET_ps3||TARGET_pxcab)||BROKEN)
+  DEPENDS:= @FIREWALL_SUPPORT @LINUX_2_6
 endef
 
 define Package/ipset
Index: package/iptables/Makefile
===================================================================
--- package/iptables/Makefile	(revision 19922)
+++ package/iptables/Makefile	(working copy)
@@ -33,6 +33,7 @@
   SECTION:=net
   CATEGORY:=Network
   URL:=http://netfilter.org/
+  DEPENDS:= @FIREWALL_SUPPORT
 endef
 
 define Package/iptables/Module
Index: package/kernel/modules/netfilter.mk
===================================================================
--- package/kernel/modules/netfilter.mk	(revision 19922)
+++ package/kernel/modules/netfilter.mk	(working copy)
@@ -16,6 +16,7 @@
   KCONFIG:=$(KCONFIG_IPT_CORE)
   FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
   AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
+  DEPENDS:= @FIREWALL_SUPPORT
 endef
 
 define KernelPackage/ipt-core/description
@@ -319,7 +320,7 @@
 define KernelPackage/ip6tables
   SUBMENU:=$(NF_MENU)
   TITLE:=IPv6 modules
-  DEPENDS:=+kmod-ipv6
+  DEPENDS:= @FIREWALL_SUPPORT +kmod-ipv6
   KCONFIG:=$(KCONFIG_IPT_IPV6)
   FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
@@ -340,6 +341,7 @@
     CONFIG_IP_NF_ARPFILTER \
     CONFIG_IP_NF_ARP_MANGLE
   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.$(LINUX_KMOD_SUFFIX),%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)))))
+  DEPENDS:= @FIREWALL_SUPPORT
 endef
 
 define KernelPackage/arptables/description
@@ -352,7 +354,7 @@
 define KernelPackage/ebtables
   SUBMENU:=$(NF_MENU)
   TITLE:=Bridge firewalling modules
-  DEPENDS:=...@linux_2_6
+  DEPENDS:= @FIREWALL_SUPPORT @LINUX_2_6
   FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
   KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
 	$(KCONFIG_EBTABLES)
@@ -425,7 +427,7 @@
 define KernelPackage/nfnetlink
   SUBMENU:=$(NF_MENU)
   TITLE:=Netlink-based userspace interface
-  DEPENDS:=...@linux_2_6 +kmod-ipt-core
+  DEPENDS:= @FIREWALL_SUPPORT @LINUX_2_6 +kmod-ipt-core
   FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.$(LINUX_KMOD_SUFFIX)
   KCONFIG:=CONFIG_NETFILTER_NETLINK
   AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
@@ -440,7 +442,7 @@
 
 define KernelPackage/nfnetlink/Depends
   SUBMENU:=$(NF_MENU)
-  DEPENDS:=...@linux_2_6 +kmod-nfnetlink $(1)
+  DEPENDS:= @FIREWALL_SUPPORT @LINUX_2_6 +kmod-nfnetlink $(1)
 endef
 
 


_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to