Add iptables, Add SSL CA pem, ADD ALSR Support
This commit is contained in:
parent
64b2ea45ca
commit
ead711e571
|
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
|
||||
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
|
||||
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
|
||||
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
|
||||
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
|
||||
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
|
||||
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
|
||||
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
|
||||
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
|
||||
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
|
||||
jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
|
||||
AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
|
||||
U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
|
||||
N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
|
||||
o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
|
||||
5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
|
||||
rqXRfboQnoZsG4q5WTP468SQvvG5
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF
|
||||
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
|
||||
b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL
|
||||
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
|
||||
b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK
|
||||
gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ
|
||||
W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg
|
||||
1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K
|
||||
8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r
|
||||
2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me
|
||||
z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR
|
||||
8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj
|
||||
mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz
|
||||
7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6
|
||||
+XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI
|
||||
0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
|
||||
Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm
|
||||
UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2
|
||||
LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
|
||||
+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS
|
||||
k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl
|
||||
7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm
|
||||
btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl
|
||||
urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+
|
||||
fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63
|
||||
n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE
|
||||
76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H
|
||||
9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT
|
||||
4PsJYGw=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5
|
||||
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
|
||||
Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG
|
||||
A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg
|
||||
Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl
|
||||
ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j
|
||||
QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr
|
||||
ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr
|
||||
BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM
|
||||
YyRIHN8wfdVoOw==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5
|
||||
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
|
||||
Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG
|
||||
A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg
|
||||
Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi
|
||||
9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk
|
||||
M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB
|
||||
/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB
|
||||
MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw
|
||||
CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW
|
||||
1KyLa2tJElMzrdfkviT8tQp21KW8EA==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -14,6 +14,10 @@ SRC_URI_append = " \
|
|||
file://ring_buf.patch \
|
||||
file://echo.patch \
|
||||
file://syslog.conf \
|
||||
file://ssl/AmazonRootCA1.pem \
|
||||
file://ssl/AmazonRootCA2.pem \
|
||||
file://ssl/AmazonRootCA3.pem \
|
||||
file://ssl/AmazonRootCA4.pem \
|
||||
"
|
||||
|
||||
inherit systemd
|
||||
|
|
@ -24,6 +28,7 @@ FILES_${PN}-syslog_append = " ${systemd_unitdir}/system/busybox-syslog.service \
|
|||
"
|
||||
|
||||
do_install_append() {
|
||||
install -d ${D}${sysconfdir}/ssl/certs
|
||||
cp ${WORKDIR}/syslogctl ${D}/bin/syslogctl
|
||||
cp ${WORKDIR}/mdlogctl ${D}/bin/mdlogctl
|
||||
cp ${WORKDIR}/syslog-start ${D}/bin/syslog-start
|
||||
|
|
@ -34,6 +39,10 @@ do_install_append() {
|
|||
install -d ${D}${sysconfdir}/systemd/system
|
||||
install -d ${D}${sysconfdir}/systemd/system/multi-user.target.wants
|
||||
install -m 0644 ${WORKDIR}/tcpdump.service.in ${D}${systemd_unitdir}/system/tcpdump.service
|
||||
install -m 0644 ${WORKDIR}/ssl/AmazonRootCA1.pem ${D}${sysconfdir}/ssl/certs/AmazonRootCA1.pem
|
||||
install -m 0644 ${WORKDIR}/ssl/AmazonRootCA2.pem ${D}${sysconfdir}/ssl/certs/AmazonRootCA2.pem
|
||||
install -m 0644 ${WORKDIR}/ssl/AmazonRootCA3.pem ${D}${sysconfdir}/ssl/certs/AmazonRootCA3.pem
|
||||
install -m 0644 ${WORKDIR}/ssl/AmazonRootCA4.pem ${D}${sysconfdir}/ssl/certs/AmazonRootCA4.pem
|
||||
ln -sf ${systemd_unitdir}/system/busybox-syslog.service ${D}${sysconfdir}/systemd/system/syslog.service
|
||||
ln -sf ${systemd_unitdir}/system/busybox-syslog.service ${D}${sysconfdir}/systemd/system/multi-user.target.wants/busybox-syslog.service
|
||||
ln -sf ${systemd_unitdir}/system/busybox-klogd.service ${D}${sysconfdir}/systemd/system/multi-user.target.wants/busybox-klogd.service
|
||||
|
|
|
|||
|
|
@ -0,0 +1,25 @@
|
|||
# Generated by iptables-save v1.8.7 on Tue Jul 12 01:22:18 2022
|
||||
*raw
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
COMMIT
|
||||
# Completed on Tue Jul 12 01:22:18 2022
|
||||
# Generated by iptables-save v1.8.7 on Tue Jul 12 01:22:18 2022
|
||||
*mangle
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
COMMIT
|
||||
# Completed on Tue Jul 12 01:22:18 2022
|
||||
# Generated by iptables-save v1.8.7 on Tue Jul 12 01:22:18 2022
|
||||
*filter
|
||||
:INPUT DROP [0:0]
|
||||
:FORWARD DROP [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
-A OUTPUT -j ACCEPT
|
||||
COMMIT
|
||||
# Completed on Tue Jul 12 01:22:18 2022
|
||||
|
|
@ -5,8 +5,8 @@ Wants=network-pre.target
|
|||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
|
||||
ExecReload=@SBINDIR@/iptables-restore -w -- @RULESDIR@/iptables.rules
|
||||
ExecStart=/usr/sbin/iptables-restore < /etc/iptables.rules
|
||||
ExecReload=/usr/sbin/iptables-restore < /etc/iptables.rules
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ SRC_URI[sha256sum] = "c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5
|
|||
inherit autotools pkgconfig
|
||||
|
||||
EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \
|
||||
--disable-ipv6 \
|
||||
"
|
||||
PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
|
||||
"
|
||||
|
|
@ -40,5 +41,12 @@ do_configure_prepend() {
|
|||
rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
|
||||
}
|
||||
|
||||
do_install_append() {
|
||||
install -d ${D}${sysconfdir}/
|
||||
install -d ${D}${sysconfdir}/systemd/system/
|
||||
install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables.rules
|
||||
install -m 0644 ${WORKDIR}/iptables.service ${D}${sysconfdir}/systemd/system/iptables.service
|
||||
}
|
||||
|
||||
FILES_${PN} += "${libdir}/xtables/*"
|
||||
INSANE_SKIP_${PN} = "dev-so"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
#!/bin/sh
|
||||
# start appmainprog
|
||||
echo 2 > /proc/sys/kernel/randomize_va_space
|
||||
/usr/sbin/iptables-restore < /etc/iptables.rules
|
||||
echo auostart appmainprog
|
||||
hwclock -w
|
||||
/usr/bin/appmainprog
|
||||
|
||||
|
|
|
|||
|
|
@ -534,3 +534,176 @@ CONFIG_SUNRPC_BACKCHANNEL=y
|
|||
# CONFIG_NCP_FS is not set
|
||||
# CONFIG_CODA_FS is not set
|
||||
# CONFIG_AFS_FS is not set
|
||||
|
||||
|
||||
#
|
||||
# Core Netfilter Configuration
|
||||
#
|
||||
CONFIG_NETFILTER_INGRESS=y
|
||||
CONFIG_NETFILTER_NETLINK=y
|
||||
# CONFIG_NETFILTER_NETLINK_ACCT is not set
|
||||
CONFIG_NETFILTER_NETLINK_QUEUE=y
|
||||
# CONFIG_NETFILTER_NETLINK_LOG is not set
|
||||
CONFIG_NF_CONNTRACK=y
|
||||
CONFIG_NF_CONNTRACK_MARK=y
|
||||
CONFIG_NF_CONNTRACK_PROCFS=y
|
||||
CONFIG_NF_CONNTRACK_EVENTS=y
|
||||
# CONFIG_NF_CONNTRACK_TIMEOUT is not set
|
||||
# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
|
||||
# CONFIG_NF_CT_PROTO_DCCP is not set
|
||||
# CONFIG_NF_CT_PROTO_SCTP is not set
|
||||
CONFIG_NF_CT_PROTO_UDPLITE=y
|
||||
# CONFIG_NF_CONNTRACK_AMANDA is not set
|
||||
# CONFIG_NF_CONNTRACK_FTP is not set
|
||||
# CONFIG_NF_CONNTRACK_H323 is not set
|
||||
# CONFIG_NF_CONNTRACK_IRC is not set
|
||||
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
|
||||
# CONFIG_NF_CONNTRACK_SNMP is not set
|
||||
# CONFIG_NF_CONNTRACK_PPTP is not set
|
||||
# CONFIG_NF_CONNTRACK_SANE is not set
|
||||
# CONFIG_NF_CONNTRACK_SIP is not set
|
||||
# CONFIG_NF_CONNTRACK_TFTP is not set
|
||||
CONFIG_NF_CT_NETLINK=y
|
||||
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
|
||||
# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
|
||||
# CONFIG_NF_TABLES is not set
|
||||
CONFIG_NETFILTER_XTABLES=y
|
||||
|
||||
#
|
||||
# Xtables combined modules
|
||||
#
|
||||
CONFIG_NETFILTER_XT_MARK=y
|
||||
CONFIG_NETFILTER_XT_CONNMARK=y
|
||||
|
||||
#
|
||||
# Xtables targets
|
||||
#
|
||||
# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_CT is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_HL is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_LOG is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_MARK=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||
|
||||
#
|
||||
# Xtables matches
|
||||
#
|
||||
# CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_CPU is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_ECN is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_HELPER is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_HL is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_L2TP is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
|
||||
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
|
||||
CONFIG_NETFILTER_XT_MATCH_MAC=y
|
||||
CONFIG_NETFILTER_XT_MATCH_MARK=y
|
||||
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_OSF is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_POLICY=y
|
||||
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_QTAGUID=y
|
||||
CONFIG_NETFILTER_XT_MATCH_QUOTA=y
|
||||
CONFIG_NETFILTER_XT_MATCH_QUOTA2=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_REALM=y
|
||||
CONFIG_NETFILTER_XT_MATCH_RECENT=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_SOCKET=y
|
||||
CONFIG_NETFILTER_XT_MATCH_STATE=y
|
||||
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
|
||||
CONFIG_NETFILTER_XT_MATCH_STRING=y
|
||||
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
|
||||
CONFIG_NETFILTER_XT_MATCH_TIME=y
|
||||
CONFIG_NETFILTER_XT_MATCH_U32=y
|
||||
# CONFIG_IP_SET is not set
|
||||
# CONFIG_IP_VS is not set
|
||||
|
||||
#
|
||||
# IP: Netfilter Configuration
|
||||
#
|
||||
CONFIG_NF_DEFRAG_IPV4=y
|
||||
CONFIG_NF_CONNTRACK_IPV4=y
|
||||
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
|
||||
# CONFIG_NF_DUP_IPV4 is not set
|
||||
# CONFIG_NF_LOG_ARP is not set
|
||||
# CONFIG_NF_LOG_IPV4 is not set
|
||||
CONFIG_NF_REJECT_IPV4=y
|
||||
# CONFIG_NF_NAT_IPV4 is not set
|
||||
CONFIG_IP_NF_IPTABLES=y
|
||||
# CONFIG_IP_NF_MATCH_AH is not set
|
||||
# CONFIG_IP_NF_MATCH_ECN is not set
|
||||
# CONFIG_IP_NF_MATCH_RPFILTER is not set
|
||||
# CONFIG_IP_NF_MATCH_TTL is not set
|
||||
CONFIG_IP_NF_FILTER=y
|
||||
CONFIG_IP_NF_TARGET_REJECT=y
|
||||
# CONFIG_IP_NF_TARGET_SYNPROXY is not set
|
||||
# CONFIG_IP_NF_NAT is not set
|
||||
CONFIG_IP_NF_MANGLE=y
|
||||
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
|
||||
# CONFIG_IP_NF_TARGET_ECN is not set
|
||||
# CONFIG_IP_NF_TARGET_TTL is not set
|
||||
CONFIG_IP_NF_RAW=y
|
||||
# CONFIG_IP_NF_SECURITY is not set
|
||||
CONFIG_IP_NF_ARPTABLES=y
|
||||
# CONFIG_IP_NF_ARPFILTER is not set
|
||||
# CONFIG_IP_NF_ARP_MANGLE is not set
|
||||
# CONFIG_BRIDGE_NF_EBTABLES is not set
|
||||
# CONFIG_IP_DCCP is not set
|
||||
# CONFIG_IP_SCTP is not set
|
||||
# CONFIG_RDS is not set
|
||||
# CONFIG_TIPC is not set
|
||||
# CONFIG_ATM is not set
|
||||
# CONFIG_L2TP is not set
|
||||
CONFIG_STP=y
|
||||
CONFIG_BRIDGE=y
|
||||
CONFIG_BRIDGE_IGMP_SNOOPING=y
|
||||
# CONFIG_BRIDGE_VLAN_FILTERING is not set
|
||||
CONFIG_HAVE_NET_DSA=y
|
||||
CONFIG_VLAN_8021Q=y
|
||||
# CONFIG_VLAN_8021Q_GVRP is not set
|
||||
# CONFIG_VLAN_8021Q_MVRP is not set
|
||||
# CONFIG_DECNET is not set
|
||||
CONFIG_LLC=y
|
||||
# CONFIG_LLC2 is not set
|
||||
# CONFIG_IPX is not set
|
||||
# CONFIG_ATALK is not set
|
||||
# CONFIG_X25 is not set
|
||||
# CONFIG_LAPB is not set
|
||||
# CONFIG_PHONET is not set
|
||||
# CONFIG_IEEE802154 is not set
|
||||
CONFIG_NET_SCHED=y
|
||||
Loading…
Reference in New Issue