diff options
| author | Florian Westphal <fw@strlen.de> | 2024-01-24 10:21:11 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2024-01-29 15:43:21 +0100 |
| commit | a9525c7f6219cee9284c0031c5930e8d41384677 (patch) | |
| tree | 33ac522cfa5efa0aa3bdf50a8dd70b92ac446430 /mm/memblock.c | |
| parent | 4654467dc7e111e84f43ed1b70322873ae77e7be (diff) | |
netfilter: xtables: allow xtables-nft only builds
Add hidden IP(6)_NF_IPTABLES_LEGACY symbol.
When any of the "old" builtin tables are enabled the "old" iptables
interface will be supported.
To disable the old set/getsockopt interface the existing options
for the builtin tables need to be turned off:
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER is not set
CONFIG_IP_NF_NAT is not set
CONFIG_IP_NF_MANGLE is not set
CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_SECURITY is not set
Same for CONFIG_IP6_NF_ variants.
This allows to build a kernel that only supports ip(6)tables-nft
(iptables-over-nftables api).
In the future the _LEGACY symbol will become visible and the select
statements will be turned into 'depends on', but for now be on safe side
so "make oldconfig" won't break things.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'mm/memblock.c')
0 files changed, 0 insertions, 0 deletions