Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3e8dc212 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: NFT_CHAIN_NAT_IPV* is independent of NFT_NAT 



Now that we have masquerading support in nf_tables, the NAT chain can
be use with it, not only for SNAT/DNAT. So make this chain type
independent of it.

While at it, move it inside the scope of 'if NF_NAT_IPV*' to simplify
dependencies.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 39e393bb

net/ipv4/netfilter/Kconfig

+9 −10
Original line number Diff line number Diff line
@@ -61,16 +61,6 @@ config NFT_CHAIN_ROUTE_IPV4 
	  fields such as the source, destination, type of service and

	  the packet mark.



config NFT_CHAIN_NAT_IPV4

	depends on NF_TABLES_IPV4

	depends on NF_NAT_IPV4 && NFT_NAT

	tristate "IPv4 nf_tables nat chain support"

	help

	  This option enables the "nat" chain for IPv4 in nf_tables. This

	  chain type is used to perform Network Address Translation (NAT)

	  packet transformations such as the source, destination address and

	  source and destination ports.



config NFT_REJECT_IPV4

	depends on NF_TABLES_IPV4

	default NFT_REJECT
@@ -94,6 +84,15 @@ config NF_NAT_IPV4 


if NF_NAT_IPV4



config NFT_CHAIN_NAT_IPV4

	depends on NF_TABLES_IPV4

	tristate "IPv4 nf_tables nat chain support"

	help

	  This option enables the "nat" chain for IPv4 in nf_tables. This

	  chain type is used to perform Network Address Translation (NAT)

	  packet transformations such as the source, destination address and

	  source and destination ports.



config NF_NAT_SNMP_BASIC

	tristate "Basic SNMP-ALG support"

	depends on NF_CONNTRACK_SNMP

net/ipv6/netfilter/Kconfig

+13 −10
Original line number Diff line number Diff line
@@ -40,16 +40,6 @@ config NFT_CHAIN_ROUTE_IPV6 
	  fields such as the source, destination, flowlabel, hop-limit and

	  the packet mark.



config NFT_CHAIN_NAT_IPV6

	depends on NF_TABLES_IPV6

	depends on NF_NAT_IPV6 && NFT_NAT

	tristate "IPv6 nf_tables nat chain support"

	help

	  This option enables the "nat" chain for IPv6 in nf_tables. This

	  chain type is used to perform Network Address Translation (NAT)

	  packet transformations such as the source, destination address and

	  source and destination ports.



config NFT_REJECT_IPV6

	depends on NF_TABLES_IPV6

	default NFT_REJECT
@@ -70,6 +60,19 @@ config NF_NAT_IPV6 
	  forms of full Network Address Port Translation. This can be

	  controlled by iptables or nft.



if NF_NAT_IPV6



config NFT_CHAIN_NAT_IPV6

	depends on NF_TABLES_IPV6

	tristate "IPv6 nf_tables nat chain support"

	help

	  This option enables the "nat" chain for IPv6 in nf_tables. This

	  chain type is used to perform Network Address Translation (NAT)

	  packet transformations such as the source, destination address and

	  source and destination ports.



endif # NF_NAT_IPV6



config IP6_NF_IPTABLES

	tristate "IP6 tables support (required for filtering)"

	depends on INET && IPV6