diff options
| author | Florian Westphal <fw@strlen.de> | 2024-01-24 10:21:11 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2024-01-29 15:43:21 +0100 |
| commit | a9525c7f6219cee9284c0031c5930e8d41384677 (patch) | |
| tree | 33ac522cfa5efa0aa3bdf50a8dd70b92ac446430 /net/ipv4/netfilter/Makefile | |
| parent | 4654467dc7e111e84f43ed1b70322873ae77e7be (diff) | |
| download | linux-a9525c7f6219cee9284c0031c5930e8d41384677.tar.gz | |
netfilter: xtables: allow xtables-nft only builds
Add hidden IP(6)_NF_IPTABLES_LEGACY symbol.
When any of the "old" builtin tables are enabled the "old" iptables
interface will be supported.
To disable the old set/getsockopt interface the existing options
for the builtin tables need to be turned off:
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER is not set
CONFIG_IP_NF_NAT is not set
CONFIG_IP_NF_MANGLE is not set
CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_SECURITY is not set
Same for CONFIG_IP6_NF_ variants.
This allows to build a kernel that only supports ip(6)tables-nft
(iptables-over-nftables api).
In the future the _LEGACY symbol will become visible and the select
statements will be turned into 'depends on', but for now be on safe side
so "make oldconfig" won't break things.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'net/ipv4/netfilter/Makefile')
| -rw-r--r-- | net/ipv4/netfilter/Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 5a26f9de1ab923..85502d4dfbb4d2 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile @@ -25,7 +25,7 @@ obj-$(CONFIG_NFT_FIB_IPV4) += nft_fib_ipv4.o obj-$(CONFIG_NFT_DUP_IPV4) += nft_dup_ipv4.o # generic IP tables -obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o +obj-$(CONFIG_IP_NF_IPTABLES_LEGACY) += ip_tables.o # the three instances of ip_tables obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o |