Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

netfilter: NFT_CHAIN_NAT_IPV* is independent of NFT_NAT

Now that we have masquerading support in nf_tables, the NAT chain can
be use with it, not only for SNAT/DNAT. So make this chain type
independent of it.

While at it, move it inside the scope of 'if NF_NAT_IPV*' to simplify
dependencies.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso 11 years ago
parent
39e393bb4f
commit
3e8dc212a0
2 changed files with 22 additions and 20 deletions
Unified View Show Diff Stats
  1. 9 10
      net/ipv4/netfilter/Kconfig
  2. 13 10
      net/ipv6/netfilter/Kconfig

+ 9 - 10
net/ipv4/netfilter/Kconfig
View File 

@@ -61,16 +61,6 @@ config NFT_CHAIN_ROUTE_IPV4
 
 	  fields such as the source, destination, type of service and
 
 	  fields such as the source, destination, type of service and
 
 	  the packet mark.
 
 	  the packet mark.
 
 
 
-config NFT_CHAIN_NAT_IPV4
 
-	depends on NF_TABLES_IPV4
 
-	depends on NF_NAT_IPV4 && NFT_NAT
 
-	tristate "IPv4 nf_tables nat chain support"
 
-	help
 
-	  This option enables the "nat" chain for IPv4 in nf_tables. This
 
-	  chain type is used to perform Network Address Translation (NAT)
 
-	  packet transformations such as the source, destination address and
 
-	  source and destination ports.
 
-
 
 config NFT_REJECT_IPV4
 
 config NFT_REJECT_IPV4
 
 	depends on NF_TABLES_IPV4
 
 	depends on NF_TABLES_IPV4
 
 	default NFT_REJECT
 
 	default NFT_REJECT
 
@@ -94,6 +84,15 @@ config NF_NAT_IPV4
 
 
 
 if NF_NAT_IPV4
 
 if NF_NAT_IPV4
 
 
 
+config NFT_CHAIN_NAT_IPV4
 
+	depends on NF_TABLES_IPV4
 
+	tristate "IPv4 nf_tables nat chain support"
 
+	help
 
+	  This option enables the "nat" chain for IPv4 in nf_tables. This
 
+	  chain type is used to perform Network Address Translation (NAT)
 
+	  packet transformations such as the source, destination address and
 
+	  source and destination ports.
 
+
 
 config NF_NAT_SNMP_BASIC
 
 config NF_NAT_SNMP_BASIC
 
 	tristate "Basic SNMP-ALG support"
 
 	tristate "Basic SNMP-ALG support"
 
 	depends on NF_CONNTRACK_SNMP
 
 	depends on NF_CONNTRACK_SNMP

+ 13 - 10
net/ipv6/netfilter/Kconfig
View File 

@@ -40,16 +40,6 @@ config NFT_CHAIN_ROUTE_IPV6
 
 	  fields such as the source, destination, flowlabel, hop-limit and
 
 	  fields such as the source, destination, flowlabel, hop-limit and
 
 	  the packet mark.
 
 	  the packet mark.
 
 
 
-config NFT_CHAIN_NAT_IPV6
 
-	depends on NF_TABLES_IPV6
 
-	depends on NF_NAT_IPV6 && NFT_NAT
 
-	tristate "IPv6 nf_tables nat chain support"
 
-	help
 
-	  This option enables the "nat" chain for IPv6 in nf_tables. This
 
-	  chain type is used to perform Network Address Translation (NAT)
 
-	  packet transformations such as the source, destination address and
 
-	  source and destination ports.
 
-
 
 config NFT_REJECT_IPV6
 
 config NFT_REJECT_IPV6
 
 	depends on NF_TABLES_IPV6
 
 	depends on NF_TABLES_IPV6
 
 	default NFT_REJECT
 
 	default NFT_REJECT
 
@@ -70,6 +60,19 @@ config NF_NAT_IPV6
 
 	  forms of full Network Address Port Translation. This can be
 
 	  forms of full Network Address Port Translation. This can be
 
 	  controlled by iptables or nft.
 
 	  controlled by iptables or nft.
 
 
 
+if NF_NAT_IPV6
 
+
 
+config NFT_CHAIN_NAT_IPV6
 
+	depends on NF_TABLES_IPV6
 
+	tristate "IPv6 nf_tables nat chain support"
 
+	help
 
+	  This option enables the "nat" chain for IPv6 in nf_tables. This
 
+	  chain type is used to perform Network Address Translation (NAT)
 
+	  packet transformations such as the source, destination address and
 
+	  source and destination ports.
 
+
 
+endif # NF_NAT_IPV6
 
+
 
 config IP6_NF_IPTABLES
 
 config IP6_NF_IPTABLES
 
 	tristate "IP6 tables support (required for filtering)"
 
 	tristate "IP6 tables support (required for filtering)"
 
 	depends on INET && IPV6
 
 	depends on INET && IPV6