Patchwork [1/5] iptables: update RRECOMMENDS

login
register
mail settings
Submitter Kang Kai
Date June 23, 2014, 2:32 a.m.
Message ID <a55237b35d54e1c135ac51d273317ae3002a4906.1403490121.git.kai.kang@windriver.com>
Download mbox | patch
Permalink /patch/74225/
State New
Headers show

Comments

Kang Kai - June 23, 2014, 2:32 a.m.
Update RRECOMMENDS for iptables that some iptables basic rules need
these kernel modules.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
 meta/recipes-extended/iptables/iptables_1.4.21.bb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)
Anders Darander - June 24, 2014, 6:11 a.m.
* Kai Kang <kai.kang@windriver.com> [140623 04:34]:

> @@ -15,7 +15,13 @@ RRECOMMENDS_${PN} = "kernel-module-x-tables \
>                       kernel-module-nf-conntrack \
>                       kernel-module-nf-conntrack-ipv4 \
>                       kernel-module-nf-nat \
> -                     kernel-module-ipt-masquerade"
> +                     kernel-module-ipt-masquerade \
> +                     kernel-module-xt-tcpudp \
> +                     kernel-module-xt-conntrack \
> +                     kernel-module-ipt-reject \
> +                     kernel-module-ip6-tables \
> +                     kernel-module-ip6table-filter \
> +                    "

As it's for RRECOMMENDS_${PN} your patch will likely work for everyong.
Though, you should really only add the ip6* kernel modules if ipv6 is in
DISTRO_FEATURES.

Cheers,
Anders

(And as a completely unrelated side note, I wonder if it isn't time to
start looking at adding an ipv4 DISTRO_FEATURE to make it easier to
build IPv6 only devices...)
Kang Kai - June 25, 2014, 6:27 a.m.
On 2014?06?24? 14:11, Anders Darander wrote:
> * Kai Kang <kai.kang@windriver.com> [140623 04:34]:
>
>> @@ -15,7 +15,13 @@ RRECOMMENDS_${PN} = "kernel-module-x-tables \
>>                        kernel-module-nf-conntrack \
>>                        kernel-module-nf-conntrack-ipv4 \
>>                        kernel-module-nf-nat \
>> -                     kernel-module-ipt-masquerade"
>> +                     kernel-module-ipt-masquerade \
>> +                     kernel-module-xt-tcpudp \
>> +                     kernel-module-xt-conntrack \
>> +                     kernel-module-ipt-reject \
>> +                     kernel-module-ip6-tables \
>> +                     kernel-module-ip6table-filter \
>> +                    "
> As it's for RRECOMMENDS_${PN} your patch will likely work for everyong.
> Though, you should really only add the ip6* kernel modules if ipv6 is in
> DISTRO_FEATURES.

OK.

Thanks,
Kai



>
> Cheers,
> Anders
>
> (And as a completely unrelated side note, I wonder if it isn't time to
> start looking at adding an ipv4 DISTRO_FEATURE to make it easier to
> build IPv6 only devices...)
>

Patch

diff --git a/meta/recipes-extended/iptables/iptables_1.4.21.bb b/meta/recipes-extended/iptables/iptables_1.4.21.bb
index dc17d57..ba4e8e4 100644
--- a/meta/recipes-extended/iptables/iptables_1.4.21.bb
+++ b/meta/recipes-extended/iptables/iptables_1.4.21.bb
@@ -15,7 +15,13 @@  RRECOMMENDS_${PN} = "kernel-module-x-tables \
                      kernel-module-nf-conntrack \
                      kernel-module-nf-conntrack-ipv4 \
                      kernel-module-nf-nat \
-                     kernel-module-ipt-masquerade"
+                     kernel-module-ipt-masquerade \
+                     kernel-module-xt-tcpudp \
+                     kernel-module-xt-conntrack \
+                     kernel-module-ipt-reject \
+                     kernel-module-ip6-tables \
+                     kernel-module-ip6table-filter \
+                    "
 FILES_${PN} =+ "${libdir}/xtables/ ${datadir}/xtables"
 FILES_${PN}-dbg =+ "${libdir}/xtables/.debug"