Package: guix-patches;
Reported by: iyzsong <at> member.fsf.org (宋文武)
Date: Fri, 13 Sep 2019 10:08:01 UTC
Severity: normal
Tags: patch
Done: iyzsong <at> member.fsf.org (宋文武)
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 37398 in the body.
You can then email your comments to 37398 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Fri, 13 Sep 2019 10:08:01 GMT) Full text and rfc822 format available.iyzsong <at> member.fsf.org (宋文武):guix-patches <at> gnu.org.
(Fri, 13 Sep 2019 10:08:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: iyzsong <at> member.fsf.org (宋文武) To: guix-patches <at> gnu.org Subject: [PATCH 0/2]: services: Add nftables-service-type. Date: Fri, 13 Sep 2019 18:06:58 +0800
Hello, nftables is the successor to iptables. This first patch will enable nftables modules for our linux-libre packages (4.4 have them enabled already, but later doesn't), I manual edited those files and haven't build any kernel yet. This second patch makes nftables-service-type available, I tested it with my custom kernel.
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Fri, 13 Sep 2019 10:19:01 GMT) Full text and rfc822 format available.Message #8 received at 37398 <at> debbugs.gnu.org (full text, mbox):
From: 宋文武 <iyzsong <at> member.fsf.org> To: 37398 <at> debbugs.gnu.org Cc: 宋文武 <iyzsong <at> member.fsf.org> Subject: [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Date: Fri, 13 Sep 2019 18:17:53 +0800
* gnu/packages/aux-files/linux-libre/4.19-arm.conf, gnu/packages/aux-files/linux-libre/4.19-arm64.conf, gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-arm.conf, gnu/packages/aux-files/linux-libre/5.2-arm64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. --- gnu/packages/aux-files/linux-libre/4.19-arm.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-arm64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-i686.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-x86_64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-arm.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-arm64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-i686.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-x86_64.conf | 12 ++++++------ 8 files changed, 48 insertions(+), 48 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm.conf b/gnu/packages/aux-files/linux-libre/4.19-arm.conf index 184f73276f..795b51d453 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm.conf @@ -1176,8 +1176,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1361,8 +1361,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1401,7 +1401,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1430,7 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf index 73cd300c18..32d9c5f75f 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf @@ -1120,8 +1120,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_COUNTER=m @@ -1303,8 +1303,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1342,7 +1342,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1370,7 +1370,7 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..a254a8bf01 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1394,8 +1394,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1434,7 +1434,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1468,7 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..59744266f0 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1404,8 +1404,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1444,7 +1444,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1478,7 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm.conf b/gnu/packages/aux-files/linux-libre/5.2-arm.conf index 4ac8ed642d..92ef9bfa78 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm.conf @@ -1157,8 +1157,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1345,8 +1345,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1383,7 +1383,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1412,7 +1412,7 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf index 4ad652a78f..d95494508e 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf @@ -1118,8 +1118,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_COUNTER=m @@ -1304,8 +1304,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1341,7 +1341,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1369,7 +1369,7 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..a16b00de22 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1335,8 +1335,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1373,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1409,7 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..d2af5eaaaf 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1356,8 +1356,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1394,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1430,7 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Fri, 13 Sep 2019 10:19:02 GMT) Full text and rfc822 format available.Message #11 received at 37398 <at> debbugs.gnu.org (full text, mbox):
From: 宋文武 <iyzsong <at> member.fsf.org> To: 37398 <at> debbugs.gnu.org Cc: 宋文武 <iyzsong <at> member.fsf.org> Subject: [PATCH 2/2] services: Add nftables-service-type. Date: Fri, 13 Sep 2019 18:17:54 +0800
* gnu/services/networking.scm (%default-nftables-ruleset): New variable.
(<nftables-configuration>): New record type.
(nftables-shepherd-service): New procedure.
(nftables-service-type): New service type.
* doc/guix.texi (Networking Services): Document it.
---
doc/guix.texi | 27 ++++++++++++
gnu/services/networking.scm | 82 ++++++++++++++++++++++++++++++++++++-
2 files changed, 108 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 39d4b865f6..e71f0a44c9 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -13041,6 +13041,33 @@ objects}).
@end table
@end deftp
+@cindex nftables
+@defvr {Scheme Variable} nftables-service-type
+This is the service type to set up a nftables configuration. nftables is a
+netfilter project that aims to replace the existing iptables, ip6tables,
+arptables and ebtables framework. It provides a new packet filtering
+framework, a new user-space utility @command{nft}, and a compatibility layer
+for iptables. This service comes with a default ruleset
+@code{%default-nftables-ruleset} that rejecting all incomming connections
+except those to the ssh port 22. To use it, simply write:
+
+@lisp
+(service nftables-service-type)
+@end lisp
+@end defvr
+
+@deftp {Data Type} nftables-configuration
+The data type representing the configuration of nftables.
+
+@table @asis
+@item @code{package} (default: @code{nftables})
+The nftables package that provides @command{nft}.
+@item @code{ruleset} (default: @code{%default-nftables-ruleset})
+The nftables ruleset to use. This may be any ``file-like'' object
+(@pxref{G-Expressions, file-like objects}).
+@end table
+@end deftp
+
@cindex NTP (Network Time Protocol), service
@cindex ntpd, service for the Network Time Protocol daemon
@cindex real time clock
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index c775242f99..dd63009116 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -11,6 +11,7 @@
;;; Copyright © 2018 Arun Isaac <arunisaac <at> systemreboot.net>
;;; Copyright © 2019 Florian Pelz <pelzflorian <at> pelzflorian.de>
;;; Copyright © 2019 Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
+;;; Copyright © 2019 Sou Bunnbu <iyzsong <at> member.fsf.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -144,7 +145,14 @@
iptables-configuration-iptables
iptables-configuration-ipv4-rules
iptables-configuration-ipv6-rules
- iptables-service-type))
+ iptables-service-type
+
+ nftables-service-type
+ nftables-configuration
+ nftables-configuration?
+ nftables-configuration-package
+ nftables-configuration-ruleset
+ %default-nftables-ruleset))
;;; Commentary:
;;;
@@ -1415,4 +1423,76 @@ COMMIT
(list (service-extension shepherd-root-service-type
(compose list iptables-shepherd-service))))))
+;;;
+;;; nftables
+;;;
+
+(define %default-nftables-ruleset
+ (plain-file "nftables.conf"
+ "# A simple and safe firewall
+table inet filter {
+ chain input {
+ type filter hook input priority 0; policy drop;
+
+ # early drop of invalid connections
+ ct state invalid drop
+
+ # allow established/related connections
+ ct state { established, related } accept
+
+ # allow from loopback
+ iifname lo accept
+
+ # allow icmp
+ ip protocol icmp accept
+ ip6 nexthdr icmpv6 accept
+
+ # allow ssh
+ tcp dport ssh accept
+
+ # reject everything else
+ reject with icmpx type port-unreachable
+ }
+ chain forward {
+ type filter hook forward priority 0; policy drop;
+ }
+ chain output {
+ type filter hook output priority 0; policy accept;
+ }
+}
+"))
+
+(define-record-type* <nftables-configuration>
+ nftables-configuration
+ make-nftables-configuration
+ nftables-configuration?
+ (package nftables-configuration-package
+ (default nftables))
+ (ruleset nftables-configuration-ruleset ; file-like object
+ (default %default-nftables-ruleset)))
+
+(define nftables-shepherd-service
+ (match-lambda
+ (($ <nftables-configuration> package ruleset)
+ (let ((nft (file-append package "/sbin/nft")))
+ (shepherd-service
+ (documentation "Packet filtering and classification")
+ (provision '(nftables))
+ (start #~(lambda _
+ (invoke #$nft "--file" #$ruleset)))
+ (stop #~(lambda _
+ (invoke #$nft "flush" "ruleset"))))))))
+
+(define nftables-service-type
+ (service-type
+ (name 'nftables)
+ (description
+ "Run @command{nft}, setting up the specified ruleset.")
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ (compose list nftables-shepherd-service))
+ (service-extension profile-service-type
+ (compose list nftables-configuration-package))))
+ (default-value (nftables-configuration))))
+
;;; networking.scm ends here
--
2.19.2
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Fri, 13 Sep 2019 14:07:02 GMT) Full text and rfc822 format available.Message #14 received at 37398 <at> debbugs.gnu.org (full text, mbox):
From: iyzsong <at> member.fsf.org (宋文武) To: 37398 <at> debbugs.gnu.org Subject: Re: [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Date: Fri, 13 Sep 2019 22:06:36 +0800
宋文武 <iyzsong <at> member.fsf.org> writes: > * gnu/packages/aux-files/linux-libre/4.19-arm.conf, > gnu/packages/aux-files/linux-libre/4.19-arm64.conf, > gnu/packages/aux-files/linux-libre/4.19-i686.conf, > gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, > gnu/packages/aux-files/linux-libre/5.2-arm.conf, > gnu/packages/aux-files/linux-libre/5.2-arm64.conf, > gnu/packages/aux-files/linux-libre/5.2-i686.conf, > gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, > CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, > CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', will investigate it later...
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Fri, 13 Sep 2019 15:43:02 GMT) Full text and rfc822 format available.Message #17 received at 37398 <at> debbugs.gnu.org (full text, mbox):
From: Marius Bakke <mbakke <at> fastmail.com> To: 宋文武 <iyzsong <at> member.fsf.org>, 37398 <at> debbugs.gnu.org Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Date: Fri, 13 Sep 2019 17:41:57 +0200
[Message part 1 (text/plain, inline)]
iyzsong <at> member.fsf.org (宋文武) writes: > 宋文武 <iyzsong <at> member.fsf.org> writes: > >> * gnu/packages/aux-files/linux-libre/4.19-arm.conf, >> gnu/packages/aux-files/linux-libre/4.19-arm64.conf, >> gnu/packages/aux-files/linux-libre/4.19-i686.conf, >> gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, >> gnu/packages/aux-files/linux-libre/5.2-arm.conf, >> gnu/packages/aux-files/linux-libre/5.2-arm64.conf, >> gnu/packages/aux-files/linux-libre/5.2-i686.conf, >> gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, >> CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, >> CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. > > I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', > will investigate it later... In general, when making changes to the kernel configuration, you need to use the interactive configuration system provided by the kernel build system. The reason is that many options have dependencies: if you set CONFIG_FOO=y, CONFIG_BAR might also need to be y. Using the configuration system ensures these dependencies are handled properly. Here is one way to do that on Guix: $ tar -xf $(guix build -S linux-libre) -C /tmp $ cd /tmp/linux-libre-5.2.13 $ guix environment linux-libre --ad-hoc ncurses $ cp /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf .config $ make oldconfig $ make nconfig $ cp .config /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf I don't have time to go into more details right now, but hope this helps!
[signature.asc (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Sat, 14 Sep 2019 04:03:02 GMT) Full text and rfc822 format available.Message #20 received at 37398 <at> debbugs.gnu.org (full text, mbox):
From: iyzsong <at> member.fsf.org (宋文武) To: Marius Bakke <mbakke <at> fastmail.com> Cc: 37398 <at> debbugs.gnu.org Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Date: Sat, 14 Sep 2019 12:02:07 +0800
[Message part 1 (text/plain, inline)]
Marius Bakke <mbakke <at> fastmail.com> writes: > iyzsong <at> member.fsf.org (宋文武) writes: > >> 宋文武 <iyzsong <at> member.fsf.org> writes: >> >>> * gnu/packages/aux-files/linux-libre/4.19-arm.conf, >>> gnu/packages/aux-files/linux-libre/4.19-arm64.conf, >>> gnu/packages/aux-files/linux-libre/4.19-i686.conf, >>> gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, >>> gnu/packages/aux-files/linux-libre/5.2-arm.conf, >>> gnu/packages/aux-files/linux-libre/5.2-arm64.conf, >>> gnu/packages/aux-files/linux-libre/5.2-i686.conf, >>> gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, >>> CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, >>> CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. >> >> I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', >> will investigate it later... > > In general, when making changes to the kernel configuration, you need to > use the interactive configuration system provided by the kernel build > system. The reason is that many options have dependencies: if you set > CONFIG_FOO=y, CONFIG_BAR might also need to be y. > > Using the configuration system ensures these dependencies are handled > properly. Here is one way to do that on Guix: > > $ tar -xf $(guix build -S linux-libre) -C /tmp > $ cd /tmp/linux-libre-5.2.13 > $ guix environment linux-libre --ad-hoc ncurses > $ cp /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf .config > $ make oldconfig > $ make nconfig > $ cp .config /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf > > I don't have time to go into more details right now, but hope this helps! Thanks, the interactive configuration system does the right thing. And I now have made configs for x86_64, 4.19 and 5.2. Since i686 is similar to x86_64, so I apply the x86_64 config diff to i686 config, no rejections, it should work. But the arm ones are different, and I don't know how to make them without an arm machine (a naive 'make nconfig' in my x86_64 environment generates a lot of diffs...), so I skip them for now:
[0001-gnu-linux-libre-intel-Enable-all-nftables-families.patch (text/x-patch, inline)]
From 3071ddc697bfaa5cff9324be3332a9dda9289b76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong <at> member.fsf.org> Date: Sat, 14 Sep 2019 11:26:37 +0800 Subject: [PATCH 1/2] gnu: linux-libre: intel: Enable all nftables families. TODO: Adjust arm kernels accordingly. * gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and CONFIG_NF_TABLES_BRIDGE to 'y', and related options to 'm'. --- .../aux-files/linux-libre/4.19-i686.conf | 35 +++++++++++++++---- .../aux-files/linux-libre/4.19-x86_64.conf | 35 +++++++++++++++---- .../aux-files/linux-libre/5.2-i686.conf | 28 +++++++++++---- .../aux-files/linux-libre/5.2-x86_64.conf | 28 +++++++++++---- 4 files changed, 102 insertions(+), 24 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..75a18ec5ef 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1226,11 +1226,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1394,8 +1401,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1403,6 +1414,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1434,7 +1448,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1489,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..f151036410 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1236,11 +1236,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1404,8 +1411,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1413,6 +1424,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1444,7 +1458,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1499,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..8813a70d3d 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1158,17 +1158,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1335,8 +1343,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1384,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1423,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..e1d2c93f9a 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1179,17 +1179,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1356,8 +1364,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1405,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1444,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2
[Message part 3 (text/plain, inline)]
I also use 'make nconfig' for 4.14, and the result is okay, so I guess since 4.19, those nftables families have to be enabled as 'y', while previously they can be built as modules. Is it fine to only update kernel configurations for intel architectures?
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Sat, 14 Sep 2019 10:03:02 GMT) Full text and rfc822 format available.Message #23 received at 37398 <at> debbugs.gnu.org (full text, mbox):
From: Danny Milosavljevic <dannym <at> scratchpost.org> To: iyzsong <at> member.fsf.org (宋文武) Cc: 37398 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com> Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Date: Sat, 14 Sep 2019 12:02:20 +0200
[Message part 1 (text/plain, inline)]
Add to your services field in operating-system:
(service qemu-binfmt-service-type
(qemu-binfmt-configuration
(platforms (lookup-qemu-platforms "arm" "aarch64" "ppc" "mips64el"))
(guix-support? #t)))
and reconfigure.
Then
$ guix environment -s armhf-linux linux-libre
(env)$ make oldconfig
(env)$ make nconfig
[Message part 2 (application/pgp-signature, inline)]
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Sun, 15 Sep 2019 10:10:01 GMT) Full text and rfc822 format available.Message #26 received at 37398 <at> debbugs.gnu.org (full text, mbox):
From: iyzsong <at> member.fsf.org (宋文武) To: Danny Milosavljevic <dannym <at> scratchpost.org> Cc: Vagrant Cascadian <vagrant <at> debian.org>, 37398 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com>, Timothy Sample <samplet <at> ngyro.com> Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Date: Sun, 15 Sep 2019 18:09:26 +0800
[Message part 1 (text/plain, inline)]
Danny Milosavljevic <dannym <at> scratchpost.org> writes: > Add to your services field in operating-system: > > (service qemu-binfmt-service-type > (qemu-binfmt-configuration > (platforms (lookup-qemu-platforms "arm" "aarch64" "ppc" "mips64el")) > (guix-support? #t))) > > and reconfigure. > > Then > > $ guix environment -s armhf-linux linux-libre > (env)$ make oldconfig > (env)$ make nconfig Cool, with it I changed the kernel configs for arm and arm64, thank you!
[0001-gnu-linux-libre-Enable-all-nftables-families.patch (text/x-patch, inline)]
From 2dd03457c6f800693b0dca5c1649576dda377524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= <iyzsong <at> member.fsf.org> Date: Sat, 14 Sep 2019 11:26:37 +0800 Subject: [PATCH 1/2] gnu: linux-libre: Enable all nftables families. * gnu/packages/aux-files/linux-libre/4.19-arm.conf, gnu/packages/aux-files/linux-libre/4.19-arm64.conf, gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-arm.conf, gnu/packages/aux-files/linux-libre/5.2-arm64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and CONFIG_NF_TABLES_BRIDGE to 'y', and related options to 'm'. --- .../aux-files/linux-libre/4.19-arm.conf | 39 +++++++++++++---- .../aux-files/linux-libre/4.19-arm64.conf | 43 +++++++++++++++---- .../aux-files/linux-libre/4.19-i686.conf | 35 ++++++++++++--- .../aux-files/linux-libre/4.19-x86_64.conf | 35 ++++++++++++--- .../aux-files/linux-libre/5.2-arm.conf | 32 ++++++++++---- .../aux-files/linux-libre/5.2-arm64.conf | 42 +++++++++++++----- .../aux-files/linux-libre/5.2-i686.conf | 28 +++++++++--- .../aux-files/linux-libre/5.2-x86_64.conf | 28 +++++++++--- 8 files changed, 223 insertions(+), 59 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm.conf b/gnu/packages/aux-files/linux-libre/4.19-arm.conf index 184f73276f..72161c09ff 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm.conf @@ -1133,7 +1133,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_OSF=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m -# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_LOG_NETDEV=m CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y @@ -1176,8 +1176,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1189,15 +1189,22 @@ CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m -# CONFIG_NFT_OBJREF is not set +CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1361,8 +1368,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1370,6 +1381,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1401,7 +1415,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1451,9 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf index 73cd300c18..47ec3c9765 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf @@ -1120,10 +1120,11 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m +CONFIG_NFT_FLOW_OFFLOAD=m CONFIG_NFT_COUNTER=m CONFIG_NFT_CONNLIMIT=m CONFIG_NFT_LOG=m @@ -1136,12 +1137,20 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m -# CONFIG_NF_FLOW_TABLE is not set +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m # @@ -1303,14 +1312,22 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1342,7 +1359,15 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m +CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1358,7 +1383,7 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m -# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_MATCH_SRH=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m @@ -1370,7 +1395,9 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..75a18ec5ef 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1226,11 +1226,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1394,8 +1401,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1403,6 +1414,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1434,7 +1448,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1489,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..f151036410 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1236,11 +1236,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1404,8 +1411,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1413,6 +1424,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1444,7 +1458,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1499,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm.conf b/gnu/packages/aux-files/linux-libre/5.2-arm.conf index 4ac8ed642d..7cab0ab66c 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm.conf @@ -1117,7 +1117,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_OSF=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m -# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_LOG_NETDEV=m CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y @@ -1157,8 +1157,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1168,17 +1168,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m -# CONFIG_NFT_OBJREF is not set +CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1345,8 +1353,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1383,7 +1394,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1412,7 +1426,9 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf index 4ad652a78f..99ff63354f 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf @@ -1118,28 +1118,38 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m +# CONFIG_NFT_FLOW_OFFLOAD is not set CONFIG_NFT_COUNTER=m CONFIG_NFT_CONNLIMIT=m CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m -# CONFIG_NF_FLOW_TABLE is not set +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m # @@ -1304,8 +1314,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1341,7 +1355,11 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m +CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1355,7 +1373,7 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m -# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_MATCH_SRH=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m @@ -1369,7 +1387,9 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -8028,9 +8048,9 @@ CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set -CONFIG_JBD2=m +CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set -CONFIG_FS_MBCACHE=m +CONFIG_FS_MBCACHE=y CONFIG_REISERFS_FS=m # CONFIG_REISERFS_CHECK is not set # CONFIG_REISERFS_PROC_INFO is not set @@ -8687,7 +8707,7 @@ CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y # CONFIG_INDIRECT_PIO is not set CONFIG_CRC_CCITT=m -CONFIG_CRC16=m +CONFIG_CRC16=y CONFIG_CRC_T10DIF=y CONFIG_CRC_ITU_T=m CONFIG_CRC32=y diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..8813a70d3d 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1158,17 +1158,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1335,8 +1343,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1384,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1423,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..e1d2c93f9a 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1179,17 +1179,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1356,8 +1364,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1405,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1444,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2
[Message part 3 (text/plain, inline)]
5.2-arm-veyron.conf is skipped, CC to Timothy and Vagrant, is it worth to enable nftables for the "veyron" chromebooks? Unlike other kernel configs, this one doesn't have most netfilter (eg: iptables) options enabled.
iyzsong <at> member.fsf.org (宋文武):iyzsong <at> member.fsf.org (宋文武):Message #31 received at 37398-done <at> debbugs.gnu.org (full text, mbox):
From: iyzsong <at> member.fsf.org (宋文武) To: 37398-done <at> debbugs.gnu.org Subject: Re: [bug#37398] [PATCH 0/2]: services: Add nftables-service-type. Date: Wed, 18 Sep 2019 19:05:53 +0800
iyzsong <at> member.fsf.org (宋文武) writes: > Hello, nftables is the successor to iptables. > > This first patch will enable nftables modules for our linux-libre > packages (4.4 have them enabled already, but later doesn't), I manual > edited those files and haven't build any kernel yet. > > This second patch makes nftables-service-type available, I tested it > with my custom kernel. Pushed!
guix-patches <at> gnu.org:bug#37398; Package guix-patches.
(Mon, 23 Sep 2019 00:05:01 GMT) Full text and rfc822 format available.Message #34 received at 37398 <at> debbugs.gnu.org (full text, mbox):
From: Vagrant Cascadian <vagrant <at> debian.org> To: 宋文武 <iyzsong <at> member.fsf.org>, Danny Milosavljevic <dannym <at> scratchpost.org> Cc: 37398 <at> debbugs.gnu.org, Marius Bakke <mbakke <at> fastmail.com>, Timothy Sample <samplet <at> ngyro.com> Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Date: Sun, 22 Sep 2019 17:04:44 -0700
[Message part 1 (text/plain, inline)]
On 2019-09-15, 宋文武 wrote: > Danny Milosavljevic <dannym <at> scratchpost.org> writes: > 5.2-arm-veyron.conf is skipped, CC to Timothy and Vagrant, is it worth > to enable nftables for the "veyron" chromebooks? Unlike other kernel > configs, this one doesn't have most netfilter (eg: iptables) options > enabled. It would certainly be worth adding; unfortunately I haven't gotten a working kernel since the upgrade from 5.1.x to 5.2.x... so haven't been able to test it. Even better, getting the "regular" arm kernel working on the veyron... but I haven't tried that in a while. I've also been looking at syncing some new board support and features from the Debian arm and arm64 kernel configurations, but there is a fair amount of diff to go over... live well, vagrant
[signature.asc (application/pgp-signature, inline)]
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Mon, 21 Oct 2019 11:24:06 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.