* [bug#37398] [PATCH 0/2]: services: Add nftables-service-type. @ 2019-09-13 10:06 宋文武 2019-09-13 10:17 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 2019-09-18 11:05 ` bug#37398: [PATCH 0/2]: services: Add nftables-service-type 宋文武 0 siblings, 2 replies; 10+ messages in thread From: 宋文武 @ 2019-09-13 10:06 UTC (permalink / raw) To: 37398 Hello, nftables is the successor to iptables. This first patch will enable nftables modules for our linux-libre packages (4.4 have them enabled already, but later doesn't), I manual edited those files and haven't build any kernel yet. This second patch makes nftables-service-type available, I tested it with my custom kernel. ^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. 2019-09-13 10:06 [bug#37398] [PATCH 0/2]: services: Add nftables-service-type 宋文武 @ 2019-09-13 10:17 ` 宋文武 2019-09-13 10:17 ` [bug#37398] [PATCH 2/2] services: Add nftables-service-type 宋文武 2019-09-13 14:06 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 2019-09-18 11:05 ` bug#37398: [PATCH 0/2]: services: Add nftables-service-type 宋文武 1 sibling, 2 replies; 10+ messages in thread From: 宋文武 @ 2019-09-13 10:17 UTC (permalink / raw) To: 37398; +Cc: 宋文武 * gnu/packages/aux-files/linux-libre/4.19-arm.conf, gnu/packages/aux-files/linux-libre/4.19-arm64.conf, gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-arm.conf, gnu/packages/aux-files/linux-libre/5.2-arm64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. --- gnu/packages/aux-files/linux-libre/4.19-arm.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-arm64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-i686.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-x86_64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-arm.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-arm64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-i686.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-x86_64.conf | 12 ++++++------ 8 files changed, 48 insertions(+), 48 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm.conf b/gnu/packages/aux-files/linux-libre/4.19-arm.conf index 184f73276f..795b51d453 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm.conf @@ -1176,8 +1176,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1361,8 +1361,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1401,7 +1401,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1430,7 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf index 73cd300c18..32d9c5f75f 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf @@ -1120,8 +1120,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_COUNTER=m @@ -1303,8 +1303,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1342,7 +1342,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1370,7 +1370,7 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..a254a8bf01 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1394,8 +1394,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1434,7 +1434,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1468,7 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..59744266f0 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1404,8 +1404,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1444,7 +1444,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1478,7 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm.conf b/gnu/packages/aux-files/linux-libre/5.2-arm.conf index 4ac8ed642d..92ef9bfa78 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm.conf @@ -1157,8 +1157,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1345,8 +1345,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1383,7 +1383,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1412,7 +1412,7 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf index 4ad652a78f..d95494508e 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf @@ -1118,8 +1118,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_COUNTER=m @@ -1304,8 +1304,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1341,7 +1341,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1369,7 +1369,7 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..a16b00de22 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1335,8 +1335,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1373,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1409,7 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..d2af5eaaaf 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1356,8 +1356,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1394,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1430,7 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#37398] [PATCH 2/2] services: Add nftables-service-type. 2019-09-13 10:17 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 @ 2019-09-13 10:17 ` 宋文武 2019-09-13 14:06 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 1 sibling, 0 replies; 10+ messages in thread From: 宋文武 @ 2019-09-13 10:17 UTC (permalink / raw) To: 37398; +Cc: 宋文武 * gnu/services/networking.scm (%default-nftables-ruleset): New variable. (<nftables-configuration>): New record type. (nftables-shepherd-service): New procedure. (nftables-service-type): New service type. * doc/guix.texi (Networking Services): Document it. --- doc/guix.texi | 27 ++++++++++++ gnu/services/networking.scm | 82 ++++++++++++++++++++++++++++++++++++- 2 files changed, 108 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 39d4b865f6..e71f0a44c9 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13041,6 +13041,33 @@ objects}). @end table @end deftp +@cindex nftables +@defvr {Scheme Variable} nftables-service-type +This is the service type to set up a nftables configuration. nftables is a +netfilter project that aims to replace the existing iptables, ip6tables, +arptables and ebtables framework. It provides a new packet filtering +framework, a new user-space utility @command{nft}, and a compatibility layer +for iptables. This service comes with a default ruleset +@code{%default-nftables-ruleset} that rejecting all incomming connections +except those to the ssh port 22. To use it, simply write: + +@lisp +(service nftables-service-type) +@end lisp +@end defvr + +@deftp {Data Type} nftables-configuration +The data type representing the configuration of nftables. + +@table @asis +@item @code{package} (default: @code{nftables}) +The nftables package that provides @command{nft}. +@item @code{ruleset} (default: @code{%default-nftables-ruleset}) +The nftables ruleset to use. This may be any ``file-like'' object +(@pxref{G-Expressions, file-like objects}). +@end table +@end deftp + @cindex NTP (Network Time Protocol), service @cindex ntpd, service for the Network Time Protocol daemon @cindex real time clock diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index c775242f99..dd63009116 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net> ;;; Copyright © 2019 Florian Pelz <pelzflorian@pelzflorian.de> ;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer@gmail.com> +;;; Copyright © 2019 Sou Bunnbu <iyzsong@member.fsf.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -144,7 +145,14 @@ iptables-configuration-iptables iptables-configuration-ipv4-rules iptables-configuration-ipv6-rules - iptables-service-type)) + iptables-service-type + + nftables-service-type + nftables-configuration + nftables-configuration? + nftables-configuration-package + nftables-configuration-ruleset + %default-nftables-ruleset)) ;;; Commentary: ;;; @@ -1415,4 +1423,76 @@ COMMIT (list (service-extension shepherd-root-service-type (compose list iptables-shepherd-service)))))) +;;; +;;; nftables +;;; + +(define %default-nftables-ruleset + (plain-file "nftables.conf" + "# A simple and safe firewall +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + # early drop of invalid connections + ct state invalid drop + + # allow established/related connections + ct state { established, related } accept + + # allow from loopback + iifname lo accept + + # allow icmp + ip protocol icmp accept + ip6 nexthdr icmpv6 accept + + # allow ssh + tcp dport ssh accept + + # reject everything else + reject with icmpx type port-unreachable + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} +")) + +(define-record-type* <nftables-configuration> + nftables-configuration + make-nftables-configuration + nftables-configuration? + (package nftables-configuration-package + (default nftables)) + (ruleset nftables-configuration-ruleset ; file-like object + (default %default-nftables-ruleset))) + +(define nftables-shepherd-service + (match-lambda + (($ <nftables-configuration> package ruleset) + (let ((nft (file-append package "/sbin/nft"))) + (shepherd-service + (documentation "Packet filtering and classification") + (provision '(nftables)) + (start #~(lambda _ + (invoke #$nft "--file" #$ruleset))) + (stop #~(lambda _ + (invoke #$nft "flush" "ruleset")))))))) + +(define nftables-service-type + (service-type + (name 'nftables) + (description + "Run @command{nft}, setting up the specified ruleset.") + (extensions + (list (service-extension shepherd-root-service-type + (compose list nftables-shepherd-service)) + (service-extension profile-service-type + (compose list nftables-configuration-package)))) + (default-value (nftables-configuration)))) + ;;; networking.scm ends here -- 2.19.2 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. 2019-09-13 10:17 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 2019-09-13 10:17 ` [bug#37398] [PATCH 2/2] services: Add nftables-service-type 宋文武 @ 2019-09-13 14:06 ` 宋文武 2019-09-13 15:41 ` Marius Bakke 1 sibling, 1 reply; 10+ messages in thread From: 宋文武 @ 2019-09-13 14:06 UTC (permalink / raw) To: 37398 宋文武 <iyzsong@member.fsf.org> writes: > * gnu/packages/aux-files/linux-libre/4.19-arm.conf, > gnu/packages/aux-files/linux-libre/4.19-arm64.conf, > gnu/packages/aux-files/linux-libre/4.19-i686.conf, > gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, > gnu/packages/aux-files/linux-libre/5.2-arm.conf, > gnu/packages/aux-files/linux-libre/5.2-arm64.conf, > gnu/packages/aux-files/linux-libre/5.2-i686.conf, > gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, > CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, > CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', will investigate it later... ^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. 2019-09-13 14:06 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 @ 2019-09-13 15:41 ` Marius Bakke 2019-09-14 4:02 ` 宋文武 0 siblings, 1 reply; 10+ messages in thread From: Marius Bakke @ 2019-09-13 15:41 UTC (permalink / raw) To: 宋文武, 37398 [-- Attachment #1: Type: text/plain, Size: 1613 bytes --] iyzsong@member.fsf.org (宋文武) writes: > 宋文武 <iyzsong@member.fsf.org> writes: > >> * gnu/packages/aux-files/linux-libre/4.19-arm.conf, >> gnu/packages/aux-files/linux-libre/4.19-arm64.conf, >> gnu/packages/aux-files/linux-libre/4.19-i686.conf, >> gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, >> gnu/packages/aux-files/linux-libre/5.2-arm.conf, >> gnu/packages/aux-files/linux-libre/5.2-arm64.conf, >> gnu/packages/aux-files/linux-libre/5.2-i686.conf, >> gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, >> CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, >> CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. > > I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', > will investigate it later... In general, when making changes to the kernel configuration, you need to use the interactive configuration system provided by the kernel build system. The reason is that many options have dependencies: if you set CONFIG_FOO=y, CONFIG_BAR might also need to be y. Using the configuration system ensures these dependencies are handled properly. Here is one way to do that on Guix: $ tar -xf $(guix build -S linux-libre) -C /tmp $ cd /tmp/linux-libre-5.2.13 $ guix environment linux-libre --ad-hoc ncurses $ cp /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf .config $ make oldconfig $ make nconfig $ cp .config /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf I don't have time to go into more details right now, but hope this helps! [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 487 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. 2019-09-13 15:41 ` Marius Bakke @ 2019-09-14 4:02 ` 宋文武 2019-09-14 10:02 ` Danny Milosavljevic 0 siblings, 1 reply; 10+ messages in thread From: 宋文武 @ 2019-09-14 4:02 UTC (permalink / raw) To: Marius Bakke; +Cc: 37398 [-- Attachment #1: Type: text/plain, Size: 2150 bytes --] Marius Bakke <mbakke@fastmail.com> writes: > iyzsong@member.fsf.org (宋文武) writes: > >> 宋文武 <iyzsong@member.fsf.org> writes: >> >>> * gnu/packages/aux-files/linux-libre/4.19-arm.conf, >>> gnu/packages/aux-files/linux-libre/4.19-arm64.conf, >>> gnu/packages/aux-files/linux-libre/4.19-i686.conf, >>> gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, >>> gnu/packages/aux-files/linux-libre/5.2-arm.conf, >>> gnu/packages/aux-files/linux-libre/5.2-arm64.conf, >>> gnu/packages/aux-files/linux-libre/5.2-i686.conf, >>> gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, >>> CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, >>> CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. >> >> I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', >> will investigate it later... > > In general, when making changes to the kernel configuration, you need to > use the interactive configuration system provided by the kernel build > system. The reason is that many options have dependencies: if you set > CONFIG_FOO=y, CONFIG_BAR might also need to be y. > > Using the configuration system ensures these dependencies are handled > properly. Here is one way to do that on Guix: > > $ tar -xf $(guix build -S linux-libre) -C /tmp > $ cd /tmp/linux-libre-5.2.13 > $ guix environment linux-libre --ad-hoc ncurses > $ cp /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf .config > $ make oldconfig > $ make nconfig > $ cp .config /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf > > I don't have time to go into more details right now, but hope this helps! Thanks, the interactive configuration system does the right thing. And I now have made configs for x86_64, 4.19 and 5.2. Since i686 is similar to x86_64, so I apply the x86_64 config diff to i686 config, no rejections, it should work. But the arm ones are different, and I don't know how to make them without an arm machine (a naive 'make nconfig' in my x86_64 environment generates a lot of diffs...), so I skip them for now: [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-gnu-linux-libre-intel-Enable-all-nftables-families.patch --] [-- Type: text/x-patch, Size: 10305 bytes --] From 3071ddc697bfaa5cff9324be3332a9dda9289b76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@member.fsf.org> Date: Sat, 14 Sep 2019 11:26:37 +0800 Subject: [PATCH 1/2] gnu: linux-libre: intel: Enable all nftables families. TODO: Adjust arm kernels accordingly. * gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and CONFIG_NF_TABLES_BRIDGE to 'y', and related options to 'm'. --- .../aux-files/linux-libre/4.19-i686.conf | 35 +++++++++++++++---- .../aux-files/linux-libre/4.19-x86_64.conf | 35 +++++++++++++++---- .../aux-files/linux-libre/5.2-i686.conf | 28 +++++++++++---- .../aux-files/linux-libre/5.2-x86_64.conf | 28 +++++++++++---- 4 files changed, 102 insertions(+), 24 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..75a18ec5ef 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1226,11 +1226,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1394,8 +1401,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1403,6 +1414,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1434,7 +1448,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1489,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..f151036410 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1236,11 +1236,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1404,8 +1411,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1413,6 +1424,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1444,7 +1458,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1499,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..8813a70d3d 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1158,17 +1158,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1335,8 +1343,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1384,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1423,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..e1d2c93f9a 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1179,17 +1179,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1356,8 +1364,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1405,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1444,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2 [-- Attachment #3: Type: text/plain, Size: 256 bytes --] I also use 'make nconfig' for 4.14, and the result is okay, so I guess since 4.19, those nftables families have to be enabled as 'y', while previously they can be built as modules. Is it fine to only update kernel configurations for intel architectures? ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. 2019-09-14 4:02 ` 宋文武 @ 2019-09-14 10:02 ` Danny Milosavljevic 2019-09-15 10:09 ` 宋文武 0 siblings, 1 reply; 10+ messages in thread From: Danny Milosavljevic @ 2019-09-14 10:02 UTC (permalink / raw) To: 宋文武; +Cc: 37398 [-- Attachment #1: Type: text/plain, Size: 382 bytes --] Add to your services field in operating-system: (service qemu-binfmt-service-type (qemu-binfmt-configuration (platforms (lookup-qemu-platforms "arm" "aarch64" "ppc" "mips64el")) (guix-support? #t))) and reconfigure. Then $ guix environment -s armhf-linux linux-libre (env)$ make oldconfig (env)$ make nconfig [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. 2019-09-14 10:02 ` Danny Milosavljevic @ 2019-09-15 10:09 ` 宋文武 2019-09-23 0:04 ` Vagrant Cascadian 0 siblings, 1 reply; 10+ messages in thread From: 宋文武 @ 2019-09-15 10:09 UTC (permalink / raw) To: Danny Milosavljevic; +Cc: Vagrant Cascadian, 37398 [-- Attachment #1: Type: text/plain, Size: 519 bytes --] Danny Milosavljevic <dannym@scratchpost.org> writes: > Add to your services field in operating-system: > > (service qemu-binfmt-service-type > (qemu-binfmt-configuration > (platforms (lookup-qemu-platforms "arm" "aarch64" "ppc" "mips64el")) > (guix-support? #t))) > > and reconfigure. > > Then > > $ guix environment -s armhf-linux linux-libre > (env)$ make oldconfig > (env)$ make nconfig Cool, with it I changed the kernel configs for arm and arm64, thank you! [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-gnu-linux-libre-Enable-all-nftables-families.patch --] [-- Type: text/x-patch, Size: 22095 bytes --] From 2dd03457c6f800693b0dca5c1649576dda377524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong@member.fsf.org> Date: Sat, 14 Sep 2019 11:26:37 +0800 Subject: [PATCH 1/2] gnu: linux-libre: Enable all nftables families. * gnu/packages/aux-files/linux-libre/4.19-arm.conf, gnu/packages/aux-files/linux-libre/4.19-arm64.conf, gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-arm.conf, gnu/packages/aux-files/linux-libre/5.2-arm64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and CONFIG_NF_TABLES_BRIDGE to 'y', and related options to 'm'. --- .../aux-files/linux-libre/4.19-arm.conf | 39 +++++++++++++---- .../aux-files/linux-libre/4.19-arm64.conf | 43 +++++++++++++++---- .../aux-files/linux-libre/4.19-i686.conf | 35 ++++++++++++--- .../aux-files/linux-libre/4.19-x86_64.conf | 35 ++++++++++++--- .../aux-files/linux-libre/5.2-arm.conf | 32 ++++++++++---- .../aux-files/linux-libre/5.2-arm64.conf | 42 +++++++++++++----- .../aux-files/linux-libre/5.2-i686.conf | 28 +++++++++--- .../aux-files/linux-libre/5.2-x86_64.conf | 28 +++++++++--- 8 files changed, 223 insertions(+), 59 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm.conf b/gnu/packages/aux-files/linux-libre/4.19-arm.conf index 184f73276f..72161c09ff 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm.conf @@ -1133,7 +1133,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_OSF=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m -# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_LOG_NETDEV=m CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y @@ -1176,8 +1176,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1189,15 +1189,22 @@ CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m -# CONFIG_NFT_OBJREF is not set +CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1361,8 +1368,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1370,6 +1381,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1401,7 +1415,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1451,9 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf index 73cd300c18..47ec3c9765 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf @@ -1120,10 +1120,11 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m +CONFIG_NFT_FLOW_OFFLOAD=m CONFIG_NFT_COUNTER=m CONFIG_NFT_CONNLIMIT=m CONFIG_NFT_LOG=m @@ -1136,12 +1137,20 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m -# CONFIG_NF_FLOW_TABLE is not set +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m # @@ -1303,14 +1312,22 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1342,7 +1359,15 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m +CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1358,7 +1383,7 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m -# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_MATCH_SRH=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m @@ -1370,7 +1395,9 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..75a18ec5ef 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1226,11 +1226,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1394,8 +1401,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1403,6 +1414,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1434,7 +1448,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1489,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..f151036410 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1236,11 +1236,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1404,8 +1411,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1413,6 +1424,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1444,7 +1458,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1499,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm.conf b/gnu/packages/aux-files/linux-libre/5.2-arm.conf index 4ac8ed642d..7cab0ab66c 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm.conf @@ -1117,7 +1117,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_OSF=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m -# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_LOG_NETDEV=m CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y @@ -1157,8 +1157,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1168,17 +1168,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m -# CONFIG_NFT_OBJREF is not set +CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1345,8 +1353,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1383,7 +1394,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1412,7 +1426,9 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf index 4ad652a78f..99ff63354f 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf @@ -1118,28 +1118,38 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m +# CONFIG_NFT_FLOW_OFFLOAD is not set CONFIG_NFT_COUNTER=m CONFIG_NFT_CONNLIMIT=m CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m -# CONFIG_NF_FLOW_TABLE is not set +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m # @@ -1304,8 +1314,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1341,7 +1355,11 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m +CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1355,7 +1373,7 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m -# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_MATCH_SRH=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m @@ -1369,7 +1387,9 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -8028,9 +8048,9 @@ CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set -CONFIG_JBD2=m +CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set -CONFIG_FS_MBCACHE=m +CONFIG_FS_MBCACHE=y CONFIG_REISERFS_FS=m # CONFIG_REISERFS_CHECK is not set # CONFIG_REISERFS_PROC_INFO is not set @@ -8687,7 +8707,7 @@ CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y # CONFIG_INDIRECT_PIO is not set CONFIG_CRC_CCITT=m -CONFIG_CRC16=m +CONFIG_CRC16=y CONFIG_CRC_T10DIF=y CONFIG_CRC_ITU_T=m CONFIG_CRC32=y diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..8813a70d3d 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1158,17 +1158,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1335,8 +1343,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1384,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1423,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..e1d2c93f9a 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1179,17 +1179,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1356,8 +1364,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1405,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1444,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2 [-- Attachment #3: Type: text/plain, Size: 220 bytes --] 5.2-arm-veyron.conf is skipped, CC to Timothy and Vagrant, is it worth to enable nftables for the "veyron" chromebooks? Unlike other kernel configs, this one doesn't have most netfilter (eg: iptables) options enabled. ^ permalink raw reply related [flat|nested] 10+ messages in thread
* [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. 2019-09-15 10:09 ` 宋文武 @ 2019-09-23 0:04 ` Vagrant Cascadian 0 siblings, 0 replies; 10+ messages in thread From: Vagrant Cascadian @ 2019-09-23 0:04 UTC (permalink / raw) To: 宋文武, Danny Milosavljevic; +Cc: 37398 [-- Attachment #1: Type: text/plain, Size: 799 bytes --] On 2019-09-15, 宋文武 wrote: > Danny Milosavljevic <dannym@scratchpost.org> writes: > 5.2-arm-veyron.conf is skipped, CC to Timothy and Vagrant, is it worth > to enable nftables for the "veyron" chromebooks? Unlike other kernel > configs, this one doesn't have most netfilter (eg: iptables) options > enabled. It would certainly be worth adding; unfortunately I haven't gotten a working kernel since the upgrade from 5.1.x to 5.2.x... so haven't been able to test it. Even better, getting the "regular" arm kernel working on the veyron... but I haven't tried that in a while. I've also been looking at syncing some new board support and features from the Debian arm and arm64 kernel configurations, but there is a fair amount of diff to go over... live well, vagrant [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 227 bytes --] ^ permalink raw reply [flat|nested] 10+ messages in thread
* bug#37398: [PATCH 0/2]: services: Add nftables-service-type. 2019-09-13 10:06 [bug#37398] [PATCH 0/2]: services: Add nftables-service-type 宋文武 2019-09-13 10:17 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 @ 2019-09-18 11:05 ` 宋文武 1 sibling, 0 replies; 10+ messages in thread From: 宋文武 @ 2019-09-18 11:05 UTC (permalink / raw) To: 37398-done iyzsong@member.fsf.org (宋文武) writes: > Hello, nftables is the successor to iptables. > > This first patch will enable nftables modules for our linux-libre > packages (4.4 have them enabled already, but later doesn't), I manual > edited those files and haven't build any kernel yet. > > This second patch makes nftables-service-type available, I tested it > with my custom kernel. Pushed! ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2019-09-23 0:05 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-09-13 10:06 [bug#37398] [PATCH 0/2]: services: Add nftables-service-type 宋文武 2019-09-13 10:17 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 2019-09-13 10:17 ` [bug#37398] [PATCH 2/2] services: Add nftables-service-type 宋文武 2019-09-13 14:06 ` [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules 宋文武 2019-09-13 15:41 ` Marius Bakke 2019-09-14 4:02 ` 宋文武 2019-09-14 10:02 ` Danny Milosavljevic 2019-09-15 10:09 ` 宋文武 2019-09-23 0:04 ` Vagrant Cascadian 2019-09-18 11:05 ` bug#37398: [PATCH 0/2]: services: Add nftables-service-type 宋文武
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.