Changeset 3651

Timestamp:

11/18/07 19:50:57 (1 year ago)

Author:

n0-1

Message:

hackishly fix stateful firewalling for kernel 2.6

* there are major differences between 2.4 and 2.6,

as 2.6 makes use of layer 3 independent conntrack

* anyways, the whole iptables subsystem is FUBAR ATM.

Surprisingly, I have a complete rewrite of it in my
queue, which will also fix this issue in a better way.

Files:

• trunk/freewrt/mk/modules.mk (modified) (1 diff)
• trunk/freewrt/package/shorewall-common/Config.in (modified) (1 diff)
• trunk/freewrt/target/linux/config/Config.in.netfilter (modified) (1 diff)

trunk/freewrt/mk/modules.mk

@@ -314 +314 @@
-$(eval $(call KMOD_template,IP_NF_MATCH_STATE,nf-ip-match-state,\
-        $(MODULES_DIR)/kernel/net/ipv4/netfilter/ipt_state \
+,55))
+else
+$(eval $(call KMOD_template,IP_NF_MATCH_STATE,nf-ip-match-state,\
+        $(MODULES_DIR)/kernel/net/netfilter/xt_state \
-,55))
-endif

trunk/freewrt/package/shorewall-common/Config.in

@@ -3 +3 @@
-        tristate
-        default n
+        select FWRT_PACKAGE_IPTABLES
-        help
-          The Shoreline Firewall, more commonly known as "Shorewall", is a 

trunk/freewrt/target/linux/config/Config.in.netfilter

@@ -107 +107 @@
-config FWRT_KPACKAGE_KMOD_IP_NF_MATCH_STATE
-        tristate
+        select FWRT_KPACKAGE_KMOD_NETFILTER_XT_MATCH_STATE if FWRT_LINUX_2_6
+        default n
+
+config FWRT_KPACKAGE_KMOD_NETFILTER_XT_MATCH_STATE
+        tristate
+        depends on FWRT_LINUX_2_6
-        default n
-