From d9a16691575a6f751e64bd6cc25ffb2b1c0d10f0 Mon Sep 17 00:00:00 2001
From: Nicolas Thill <nico@openwrt.org>
Date: Sun, 26 Mar 2006 21:45:30 +0000
Subject: [PATCH] backport netfilter.mk changes, split nat support for common
 protocols into their own packages

SVN-Revision: 3498
---
 openwrt/package/iptables/Makefile             |  18 +-
 openwrt/target/linux/Config.in                |  20 +-
 .../linux/control/kmod-ipt-nat-h323.control   |   4 +
 .../linux/control/kmod-ipt-nat-pptp.control   |   4 +
 .../linux/control/kmod-ipt-nat-rtsp.control   |   4 +
 openwrt/target/linux/linux-2.4/Makefile       |  29 ++-
 openwrt/target/linux/netfilter.mk             | 225 +++++++-----------
 7 files changed, 144 insertions(+), 160 deletions(-)
 create mode 100644 openwrt/target/linux/control/kmod-ipt-nat-h323.control
 create mode 100644 openwrt/target/linux/control/kmod-ipt-nat-pptp.control
 create mode 100644 openwrt/target/linux/control/kmod-ipt-nat-rtsp.control

diff --git a/openwrt/package/iptables/Makefile b/openwrt/package/iptables/Makefile
index 50e92b0ed9..ac7a0a41fa 100644
--- a/openwrt/package/iptables/Makefile
+++ b/openwrt/package/iptables/Makefile
@@ -48,14 +48,14 @@ $(eval $(call PKG_template,IPTABLES_MOD_IPSEC,iptables-mod-ipsec,$(PKG_VERSION)-
 $(eval $(call PKG_template,IPTABLES_MOD_NAT,iptables-mod-nat,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
 $(eval $(call PKG_template,IPTABLES_MOD_ULOG,iptables-mod-ulog,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
 
-$(eval $(call IPKG_plugin_template,IPTABLES_MOD_CONNTRACK,$(IPKG_IPTABLES_MOD_CONNTRACK-m)))
-$(eval $(call IPKG_plugin_template,IPTABLES_MOD_EXTRA,$(IPKG_IPTABLES_MOD_EXTRA-m)))
-$(eval $(call IPKG_plugin_template,IPTABLES_MOD_FILTER,$(IPKG_IPTABLES_MOD_FILTER-m),layer7-install))
-$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IMQ,$(IPKG_IPTABLES_MOD_IMQ-m)))
-$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPOPT,$(IPKG_IPTABLES_MOD_IPOPT-m)))
-$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPSEC,$(IPKG_IPTABLES_MOD_IPSEC-m)))
-$(eval $(call IPKG_plugin_template,IPTABLES_MOD_NAT,$(IPKG_IPTABLES_MOD_NAT-m)))
-$(eval $(call IPKG_plugin_template,IPTABLES_MOD_ULOG,$(IPKG_IPTABLES_MOD_ULOG-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_CONNTRACK,$(IPT_CONNTRACK-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_EXTRA,$(IPT_EXTRA-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_FILTER,$(IPT_FILTER-m),layer7-install))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IMQ,$(IPT_IMQ-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPOPT,$(IPT_IPOPT-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPSEC,$(IPT_IPSEC-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_NAT,$(IPT_NAT-m)))
+$(eval $(call IPKG_plugin_template,IPTABLES_MOD_ULOG,$(IPT_ULOG-m)))
 
 $(PKG_BUILD_DIR)/.configured:
 	touch $@
@@ -83,7 +83,7 @@ $(IPKG_IPTABLES):
 	cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables $(IDIR_IPTABLES)/usr/sbin/
 	install -d -m0755 $(IDIR_IPTABLES)/usr/lib/iptables
 	(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
-		cp -fpR $(patsubst %,lib%.so,$(IPKG_IPTABLES-y)) $(IDIR_IPTABLES)/usr/lib/iptables/ \
+		cp -fpR $(patsubst %,lib%.so,$(IPT_BUILTIN)) $(IDIR_IPTABLES)/usr/lib/iptables/ \
 	)
 	$(RSTRIP) $(IDIR_IPTABLES)
 	$(IPKG_BUILD) $(IDIR_IPTABLES) $(PACKAGE_DIR)
diff --git a/openwrt/target/linux/Config.in b/openwrt/target/linux/Config.in
index 233711dee6..d9eb58a407 100644
--- a/openwrt/target/linux/Config.in
+++ b/openwrt/target/linux/Config.in
@@ -119,6 +119,24 @@ config BR2_PACKAGE_KMOD_IPT_NAT
 	  Includes: 
 	    * ipt_REDIRECT
 
+config BR2_PACKAGE_KMOD_IPT_NAT_H323
+	tristate "Netfilter NAT modules for H.323"
+	default m
+	help
+	  Netfilter (IPv4) NAT kernel modules for H.323
+
+config BR2_PACKAGE_KMOD_IPT_NAT_PPTP
+	tristate "Netfilter NAT modules for PPTP"
+	default m
+	help
+	  Netfilter (IPv4) NAT kernel modules for PPTP
+
+config BR2_PACKAGE_KMOD_IPT_NAT_RTSP
+	tristate "Netfilter NAT modules for RTSP"
+	default m
+	help
+	  Netfilter (IPv4) NAT kernel modules for RTSP
+
 config BR2_PACKAGE_KMOD_IPT_NAT_EXTRA
 	tristate "Extra Netfilter NAT modules for special protocols"
 	default m
@@ -129,8 +147,6 @@ config BR2_PACKAGE_KMOD_IPT_NAT_EXTRA
 	    * ip_conntrack_amanda
 	    * ip_conntrack_proto_gre
 	    * ip_nat_proto_gre
-	    * ip_conntrack_pptp
-	    * ip_nat_pptp
 	    * ip_nat_snmp_basic
 	    * ip_conntrack_tftp
 
diff --git a/openwrt/target/linux/control/kmod-ipt-nat-h323.control b/openwrt/target/linux/control/kmod-ipt-nat-h323.control
new file mode 100644
index 0000000000..7c93223326
--- /dev/null
+++ b/openwrt/target/linux/control/kmod-ipt-nat-h323.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-nat-h323
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) NAT kernel modules for H.323
diff --git a/openwrt/target/linux/control/kmod-ipt-nat-pptp.control b/openwrt/target/linux/control/kmod-ipt-nat-pptp.control
new file mode 100644
index 0000000000..b4ae5eaed8
--- /dev/null
+++ b/openwrt/target/linux/control/kmod-ipt-nat-pptp.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-nat-pptp
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) NAT kernel modules for PPTP
diff --git a/openwrt/target/linux/control/kmod-ipt-nat-rtsp.control b/openwrt/target/linux/control/kmod-ipt-nat-rtsp.control
new file mode 100644
index 0000000000..39fe830824
--- /dev/null
+++ b/openwrt/target/linux/control/kmod-ipt-nat-rtsp.control
@@ -0,0 +1,4 @@
+Package: kmod-ipt-nat-rtsp
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) NAT kernel modules for RTSP
diff --git a/openwrt/target/linux/linux-2.4/Makefile b/openwrt/target/linux/linux-2.4/Makefile
index e1d970be38..6400dbc202 100644
--- a/openwrt/target/linux/linux-2.4/Makefile
+++ b/openwrt/target/linux/linux-2.4/Makefile
@@ -62,31 +62,40 @@ $(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\
 ,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulog))
 
 $(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
-	$(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+	$(foreach mod,$(IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
 $(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
-	$(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+	$(foreach mod,$(IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
 $(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
-	$(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+	$(foreach mod,$(IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
 $(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
-	$(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+	$(foreach mod,$(IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
 $(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
-	$(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+	$(foreach mod,$(IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
 $(eval $(call KMOD_template,IPT_NAT,ipt-nat,\
-	$(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+	$(foreach mod,$(IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
+$(eval $(call KMOD_template,IPT_NAT_H323,ipt-nat-h323,\
+	$(foreach mod,$(IPT_NAT_H323-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+,,,40,$(IPT_NAT_H323-m)))
+$(eval $(call KMOD_template,IPT_NAT_PPTP,ipt-nat-pptp,\
+	$(foreach mod,$(IPT_NAT_PPTP-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+,,,40,$(IPT_NAT_PPTP-m)))
+$(eval $(call KMOD_template,IPT_NAT_RTSP,ipt-nat-rtsp,\
+	$(foreach mod,$(IPT_NAT_RTSP-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+,,,40,$(IPT_NAT_RTSP-m)))
 $(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\
-	$(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
-,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m)))
+	$(foreach mod,$(IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+,,,40,$(IPT_NAT_EXTRA-m)))
 $(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\
-	$(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+	$(foreach mod,$(IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
 $(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\
-	$(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+	$(foreach mod,$(IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
 
 $(eval $(call KMOD_template,IMQ,imq,\
diff --git a/openwrt/target/linux/netfilter.mk b/openwrt/target/linux/netfilter.mk
index f560d3b8db..c2d318d070 100644
--- a/openwrt/target/linux/netfilter.mk
+++ b/openwrt/target/linux/netfilter.mk
@@ -1,141 +1,88 @@
 # $Id$
 
-#
-# kernel modules
-#
-
-IPKG_KMOD_IPT_CONNTRACK-m :=
-IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
-IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
-IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
-IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
-IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
-
-IPKG_KMOD_IPT_EXTRA-m :=
-IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
-IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
-IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport
-IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
-IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
-IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
-IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
-IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
-
-IPKG_KMOD_IPT_FILTER-m :=
-IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
-IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
-
-IPKG_KMOD_IPT_IPOPT-m :=
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
-IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
-
-IPKG_KMOD_IPT_IPSEC-m :=
-IPKG_KMOD_IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
-
-IPKG_KMOD_IPT_NAT-m :=
-IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
-IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
-IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
-
-IPKG_KMOD_IPT_NAT_EXTRA-m := 
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_TFTP) += ip_nat_tftp
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_H323) += ip_conntrack_h323
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_H323) += ip_nat_h323
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_RTSP) += ip_conntrack_rtsp
-IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_RTSP) += ip_nat_rtsp
-
-IPKG_KMOD_IPT_QUEUE-m :=
-IPKG_KMOD_IPT_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue
-
-IPKG_KMOD_IPT_ULOG-m :=
-IPKG_KMOD_IPT_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
-
-
-#
-# iptables extensions
-#
-
-IPKG_IPTABLES-y := ipt_standard
-IPKG_IPTABLES-y += ipt_icmp ipt_tcp ipt_udp
-
-IPKG_IPTABLES_MOD_CONNTRACK-m :=
-IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
-IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
-IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
-IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
-IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
-
-IPKG_IPTABLES_MOD_EXTRA-m :=
-IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
-IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
-IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport
-IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
-IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
-IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
-IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
-IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
-
-IPKG_IPTABLES_MOD_FILTER-m :=
-IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
-IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
-
-IPKG_IPTABLES_MOD_IMQ-m :=
-IPKG_IPTABLES_MOD_IMQ-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ
-
-IPKG_IPTABLES_MOD_IPOPT-m :=
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
-IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
-
-IPKG_IPTABLES_MOD_IPSEC-m :=
-IPKG_IPTABLES_MOD_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
-
-IPKG_IPTABLES_MOD_NAT-m :=
-IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_NAT) += ipt_SNAT ipt_DNAT
-IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
-IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
-IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
-
-IPKG_IPTABLES_MOD_ULOG-m :=
-IPKG_IPTABLES_MOD_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
-
-IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_CONNTRACK-y)
-IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_EXTRA-y)
-IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_FILTER-y)
-IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IMQ-y)
-IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPOPT-y)
-IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPSEC-y)
-IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_NAT-y)
-IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_ULOG-y)
+IPT_CONNTRACK-m :=
+IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPT_EXTRA-m :=
+IPT_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPT_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPT_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport
+IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPT_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPT_FILTER-m :=
+IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPT_IMQ-m :=
+IPT_IMQ-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ
+
+IPT_IPOPT-m :=
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPT_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPT_IPSEC-m :=
+IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPT_NAT-m :=
+IPT_NAT-$(CONFIG_IP_NF_NAT) += ipt_SNAT ipt_DNAT
+IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPT_NAT_H323-m := 
+IPT_NAT_H323-$(CONFIG_IP_NF_H323) += ip_conntrack_h323
+IPT_NAT_H323-$(CONFIG_IP_NF_NAT_H323) += ip_nat_h323
+
+IPT_NAT_PPTP-m +=
+IPT_NAT_PPTP-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp
+IPT_NAT_PPTP-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp
+
+IPT_NAT_RTSP-m :=
+IPT_NAT_RTSP-$(CONFIG_IP_NF_RTSP) += ip_conntrack_rtsp
+IPT_NAT_RTSP-$(CONFIG_IP_NF_NAT_RTSP) += ip_nat_rtsp
+
+IPT_NAT_EXTRA-m := 
+IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda
+IPT_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre
+IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre
+IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic
+IPT_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp
+IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_TFTP) += ip_nat_tftp
+
+IPT_QUEUE-m :=
+IPT_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue
+
+IPT_ULOG-m :=
+IPT_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+IPT_BUILTIN := ipt_standard
+IPT_BUILTIN += ipt_icmp ipt_tcp ipt_udp
+IPT_BUILTIN += $(IPT_CONNTRACK-y)
+IPT_BUILTIN += $(IPT_EXTRA-y)
+IPT_BUILTIN += $(IPT_FILTER-y)
+IPT_BUILTIN += $(IPT_IMQ-y)
+IPT_BUILTIN += $(IPT_IPOPT-y)
+IPT_BUILTIN += $(IPT_IPSEC-y)
+IPT_BUILTIN += $(IPT_NAT-y)
+IPT_BUILTIN += $(IPT_ULOG-y)
-- 
2.30.2