tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: Make legacy configs user selectable

This option makes legacy Netfilter Kconfig user selectable, giving users
the option to configure iptables without enabling any other config.

Make the following KConfig entries user selectable:
* BRIDGE_NF_EBTABLES_LEGACY
* IP_NF_ARPTABLES
* IP_NF_IPTABLES_LEGACY
* IP6_NF_IPTABLES_LEGACY

Signed-off-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Breno Leitao and committed by
Pablo Neira Ayuso 6c959fd5 f66ebf37

+29 -4
+7 -1
net/bridge/netfilter/Kconfig
··· 41 41 42 42 # old sockopt interface and eval loop 43 43 config BRIDGE_NF_EBTABLES_LEGACY 44 - tristate 44 + tristate "Legacy EBTABLES support" 45 + depends on BRIDGE && NETFILTER_XTABLES 46 + default n 47 + help 48 + Legacy ebtables packet/frame classifier. 49 + This is not needed if you are using ebtables over nftables 50 + (iptables-nft). 45 51 46 52 menuconfig BRIDGE_NF_EBTABLES 47 53 tristate "Ethernet Bridge tables (ebtables) support"
+14 -2
net/ipv4/netfilter/Kconfig
··· 12 12 13 13 # old sockopt interface and eval loop 14 14 config IP_NF_IPTABLES_LEGACY 15 - tristate 15 + tristate "Legacy IP tables support" 16 + default n 17 + select NETFILTER_XTABLES 18 + help 19 + iptables is a legacy packet classifier. 20 + This is not needed if you are using iptables over nftables 21 + (iptables-nft). 16 22 17 23 config NF_SOCKET_IPV4 18 24 tristate "IPv4 socket lookup support" ··· 324 318 325 319 # ARP tables 326 320 config IP_NF_ARPTABLES 327 - tristate 321 + tristate "Legacy ARPTABLES support" 322 + depends on NETFILTER_XTABLES 323 + default n 324 + help 325 + arptables is a legacy packet classifier. 326 + This is not needed if you are using arptables over nftables 327 + (iptables-nft). 328 328 329 329 config NFT_COMPAT_ARP 330 330 tristate
+8 -1
net/ipv6/netfilter/Kconfig
··· 8 8 9 9 # old sockopt interface and eval loop 10 10 config IP6_NF_IPTABLES_LEGACY 11 - tristate 11 + tristate "Legacy IP6 tables support" 12 + depends on INET && IPV6 13 + select NETFILTER_XTABLES 14 + default n 15 + help 16 + ip6tables is a legacy packet classifier. 17 + This is not needed if you are using iptables over nftables 18 + (iptables-nft). 12 19 13 20 config NF_SOCKET_IPV6 14 21 tristate "IPv6 socket lookup support"