git.monstr.eu Git - linux-2.6-microblaze.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 24 Jan 2024 09:21:11 +0000 (10:21 +0100)
committer	Florian Westphal <fw@strlen.de>
	Mon, 29 Jan 2024 14:43:21 +0000 (15:43 +0100)
commit	a9525c7f6219cee9284c0031c5930e8d41384677
tree	33ac522cfa5efa0aa3bdf50a8dd70b92ac446430	tree
parent	4654467dc7e111e84f43ed1b70322873ae77e7be	commit \| diff

netfilter: xtables: allow xtables-nft only builds

Add hidden IP(6)_NF_IPTABLES_LEGACY symbol.

When any of the "old" builtin tables are enabled the "old" iptables
interface will be supported.

To disable the old set/getsockopt interface the existing options
for the builtin tables need to be turned off:

CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER is not set
CONFIG_IP_NF_NAT is not set
CONFIG_IP_NF_MANGLE is not set
CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_SECURITY is not set

Same for CONFIG_IP6_NF_ variants.

This allows to build a kernel that only supports ip(6)tables-nft
(iptables-over-nftables api).

In the future the _LEGACY symbol will become visible and the select
statements will be turned into 'depends on', but for now be on safe side
so "make oldconfig" won't break things.

Signed-off-by: Florian Westphal <fw@strlen.de>

net/ipv4/netfilter/Kconfig		diff \| blob \| history
net/ipv4/netfilter/Makefile		diff \| blob \| history
net/ipv6/netfilter/Kconfig		diff \| blob \| history
net/ipv6/netfilter/Makefile		diff \| blob \| history
net/netfilter/Kconfig		diff \| blob \| history