linux-sg2042/net/ipv4/netfilter
Pablo Neira Ayuso 8993cf8edf netfilter: move NAT Kconfig switches out of the iptables scope
Currently, the NAT configs depend on iptables and ip6tables. However,
users should be capable of enabling NAT for nft without having to
switch on iptables.

Fix this by adding new specific IP_NF_NAT and IP6_NF_NAT config
switches for iptables and ip6tables NAT support. I have also moved
the original NF_NAT_IPV4 and NF_NAT_IPV6 configs out of the scope
of iptables to make them independent of it.

This patch also adds NETFILTER_XT_NAT which selects the xt_nat
combo that provides snat/dnat for iptables. We cannot use NF_NAT
anymore since nf_tables can select this.

Reported-by: Matteo Croce <technoboy85@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-08-18 21:55:54 +02:00
..
Kconfig netfilter: move NAT Kconfig switches out of the iptables scope 2014-08-18 21:55:54 +02:00
Makefile netfilter: move NAT Kconfig switches out of the iptables scope 2014-08-18 21:55:54 +02:00
arp_tables.c netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
ip_tables.c netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
ipt_CLUSTERIP.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-11-04 19:46:58 -05:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: nf_conntrack: don't send destroy events from iterator 2013-08-09 12:03:33 +02:00
ipt_REJECT.c netfilter: REJECT: separate reusable code 2013-12-30 15:04:41 +01:00
ipt_SYNPROXY.c netfilter: SYNPROXY target: restrict to INPUT/FORWARD 2013-12-11 11:30:25 +01:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_rpfilter.c ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif 2014-04-16 15:05:11 -04:00
iptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_mangle.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_nat.c netfilter: add helper for adding nat extension 2014-04-29 20:56:22 +02:00
iptable_raw.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_security.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_conntrack: remove exceptional & on function name 2014-07-25 14:50:58 +02:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_proto_icmp.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_defrag_ipv4.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_log_arp.c netfilter: add generic ARP packet logger 2014-06-27 13:20:38 +02:00
nf_log_ipv4.c netfilter: log: nf_log_packet() as real unified interface 2014-06-27 13:20:13 +02:00
nf_nat_h323.c netfilter: nf_nat_h323: fix crash in nf_ct_unlink_expect_report() 2014-02-05 17:46:05 +01:00
nf_nat_l3proto_ipv4.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_pptp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_gre.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_icmp.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_snmp_basic.c netfilter: nf_nat_snmp_basic: fix duplicates in if/else branches 2014-02-14 11:37:36 +01:00
nf_tables_arp.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
nf_tables_ipv4.c netfilter: nf_tables: fix error path in the init functions 2014-01-09 23:25:48 +01:00
nft_chain_nat_ipv4.c netfilter: add helper for adding nat extension 2014-04-29 20:56:22 +02:00
nft_chain_route_ipv4.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
nft_reject_ipv4.c netfilter: nf_tables: add reject module for NFPROTO_INET 2014-02-06 09:44:18 +01:00