netfilter: NFT_CHAIN_NAT_IPV* is independent of NFT_NAT
Now that we have masquerading support in nf_tables, the NAT chain can be use with it, not only for SNAT/DNAT. So make this chain type independent of it. While at it, move it inside the scope of 'if NF_NAT_IPV*' to simplify dependencies. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
39e393bb4f
commit
3e8dc212a0
2 changed files with 22 additions and 20 deletions
|
@ -61,16 +61,6 @@ config NFT_CHAIN_ROUTE_IPV4
|
|||
fields such as the source, destination, type of service and
|
||||
the packet mark.
|
||||
|
||||
config NFT_CHAIN_NAT_IPV4
|
||||
depends on NF_TABLES_IPV4
|
||||
depends on NF_NAT_IPV4 && NFT_NAT
|
||||
tristate "IPv4 nf_tables nat chain support"
|
||||
help
|
||||
This option enables the "nat" chain for IPv4 in nf_tables. This
|
||||
chain type is used to perform Network Address Translation (NAT)
|
||||
packet transformations such as the source, destination address and
|
||||
source and destination ports.
|
||||
|
||||
config NFT_REJECT_IPV4
|
||||
depends on NF_TABLES_IPV4
|
||||
default NFT_REJECT
|
||||
|
@ -94,6 +84,15 @@ config NF_NAT_IPV4
|
|||
|
||||
if NF_NAT_IPV4
|
||||
|
||||
config NFT_CHAIN_NAT_IPV4
|
||||
depends on NF_TABLES_IPV4
|
||||
tristate "IPv4 nf_tables nat chain support"
|
||||
help
|
||||
This option enables the "nat" chain for IPv4 in nf_tables. This
|
||||
chain type is used to perform Network Address Translation (NAT)
|
||||
packet transformations such as the source, destination address and
|
||||
source and destination ports.
|
||||
|
||||
config NF_NAT_SNMP_BASIC
|
||||
tristate "Basic SNMP-ALG support"
|
||||
depends on NF_CONNTRACK_SNMP
|
||||
|
|
|
@ -40,16 +40,6 @@ config NFT_CHAIN_ROUTE_IPV6
|
|||
fields such as the source, destination, flowlabel, hop-limit and
|
||||
the packet mark.
|
||||
|
||||
config NFT_CHAIN_NAT_IPV6
|
||||
depends on NF_TABLES_IPV6
|
||||
depends on NF_NAT_IPV6 && NFT_NAT
|
||||
tristate "IPv6 nf_tables nat chain support"
|
||||
help
|
||||
This option enables the "nat" chain for IPv6 in nf_tables. This
|
||||
chain type is used to perform Network Address Translation (NAT)
|
||||
packet transformations such as the source, destination address and
|
||||
source and destination ports.
|
||||
|
||||
config NFT_REJECT_IPV6
|
||||
depends on NF_TABLES_IPV6
|
||||
default NFT_REJECT
|
||||
|
@ -70,6 +60,19 @@ config NF_NAT_IPV6
|
|||
forms of full Network Address Port Translation. This can be
|
||||
controlled by iptables or nft.
|
||||
|
||||
if NF_NAT_IPV6
|
||||
|
||||
config NFT_CHAIN_NAT_IPV6
|
||||
depends on NF_TABLES_IPV6
|
||||
tristate "IPv6 nf_tables nat chain support"
|
||||
help
|
||||
This option enables the "nat" chain for IPv6 in nf_tables. This
|
||||
chain type is used to perform Network Address Translation (NAT)
|
||||
packet transformations such as the source, destination address and
|
||||
source and destination ports.
|
||||
|
||||
endif # NF_NAT_IPV6
|
||||
|
||||
config IP6_NF_IPTABLES
|
||||
tristate "IP6 tables support (required for filtering)"
|
||||
depends on INET && IPV6
|
||||
|
|
Loading…
Reference in a new issue