From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 13 06:07:15 2019 Received: (at submit) by debbugs.gnu.org; 13 Sep 2019 10:07:15 +0000 Received: from localhost ([127.0.0.1]:44387 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8iTy-0007Ls-OQ for submit@debbugs.gnu.org; Fri, 13 Sep 2019 06:07:14 -0400 Received: from lists.gnu.org ([209.51.188.17]:36362) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8iTx-0007Ll-D4 for submit@debbugs.gnu.org; Fri, 13 Sep 2019 06:07:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60191) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i8iTw-0006ba-I3 for guix-patches@gnu.org; Fri, 13 Sep 2019 06:07:13 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FROM_EXCESS_BASE64 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i8iTv-0003WG-Mq for guix-patches@gnu.org; Fri, 13 Sep 2019 06:07:12 -0400 Received: from rezeros.cc ([2001:19f0:7001:2f3e:5400:ff:fe84:e55d]:53390) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i8iTv-0003VJ-9d for guix-patches@gnu.org; Fri, 13 Sep 2019 06:07:11 -0400 Received: from localhost (117.173.227.57 [117.173.227.57]) by rezeros.cc (OpenSMTPD) with ESMTPSA id 9fc89e33 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for ; Fri, 13 Sep 2019 10:07:07 +0000 (UTC) Received: from gift (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 663acf38 for ; Fri, 13 Sep 2019 10:06:58 +0000 (UTC) From: iyzsong@member.fsf.org (=?utf-8?B?5a6L5paH5q2m?=) To: guix-patches@gnu.org Subject: [PATCH 0/2]: services: Add nftables-service-type. Date: Fri, 13 Sep 2019 18:06:58 +0800 Message-ID: <87a7b8fr25.fsf@member.fsf.org> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2001:19f0:7001:2f3e:5400:ff:fe84:e55d X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, nftables is the successor to iptables. This first patch will enable nftables modules for our linux-libre packages (4.4 have them enabled already, but later doesn't), I manual edited those files and haven't build any kernel yet. This second patch makes nftables-service-type available, I tested it with my custom kernel. From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 13 06:18:15 2019 Received: (at 37398) by debbugs.gnu.org; 13 Sep 2019 10:18:15 +0000 Received: from localhost ([127.0.0.1]:44398 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8ied-0007cp-4p for submit@debbugs.gnu.org; Fri, 13 Sep 2019 06:18:15 -0400 Received: from rezeros.cc ([45.76.207.221]:60292) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8iea-0007ce-Mo for 37398@debbugs.gnu.org; Fri, 13 Sep 2019 06:18:13 -0400 Received: from localhost (117.173.227.57 [117.173.227.57]) by rezeros.cc (OpenSMTPD) with ESMTPSA id ce931e93 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Fri, 13 Sep 2019 10:18:10 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 062a3339; Fri, 13 Sep 2019 10:17:56 +0000 (UTC) From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= To: 37398@debbugs.gnu.org Subject: [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Date: Fri, 13 Sep 2019 18:17:53 +0800 Message-Id: <20190913101754.4483-1-iyzsong@member.fsf.org> X-Mailer: git-send-email 2.19.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.8 (/) X-Debbugs-Envelope-To: 37398 Cc: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.2 (/) * gnu/packages/aux-files/linux-libre/4.19-arm.conf, gnu/packages/aux-files/linux-libre/4.19-arm64.conf, gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-arm.conf, gnu/packages/aux-files/linux-libre/5.2-arm64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. --- gnu/packages/aux-files/linux-libre/4.19-arm.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-arm64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-i686.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/4.19-x86_64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-arm.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-arm64.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-i686.conf | 12 ++++++------ gnu/packages/aux-files/linux-libre/5.2-x86_64.conf | 12 ++++++------ 8 files changed, 48 insertions(+), 48 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm.conf b/gnu/packages/aux-files/linux-libre/4.19-arm.conf index 184f73276f..795b51d453 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm.conf @@ -1176,8 +1176,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1361,8 +1361,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1401,7 +1401,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1430,7 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf index 73cd300c18..32d9c5f75f 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf @@ -1120,8 +1120,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_COUNTER=m @@ -1303,8 +1303,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1342,7 +1342,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1370,7 +1370,7 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..a254a8bf01 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1394,8 +1394,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1434,7 +1434,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1468,7 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..59744266f0 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1404,8 +1404,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1444,7 +1444,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1478,7 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm.conf b/gnu/packages/aux-files/linux-libre/5.2-arm.conf index 4ac8ed642d..92ef9bfa78 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm.conf @@ -1157,8 +1157,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1345,8 +1345,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1383,7 +1383,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1412,7 +1412,7 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf index 4ad652a78f..d95494508e 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf @@ -1118,8 +1118,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_COUNTER=m @@ -1304,8 +1304,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1341,7 +1341,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1369,7 +1369,7 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..a16b00de22 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1335,8 +1335,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1373,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1409,7 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..d2af5eaaaf 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=m +CONFIG_NF_TABLES_NETDEV=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1356,8 +1356,8 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=m +CONFIG_NF_TABLES_ARP=m CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1394,7 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1430,7 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 13 06:18:17 2019 Received: (at 37398) by debbugs.gnu.org; 13 Sep 2019 10:18:17 +0000 Received: from localhost ([127.0.0.1]:44400 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8iee-0007d2-Od for submit@debbugs.gnu.org; Fri, 13 Sep 2019 06:18:17 -0400 Received: from rezeros.cc ([45.76.207.221]:60292) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8iec-0007ce-5i for 37398@debbugs.gnu.org; Fri, 13 Sep 2019 06:18:15 -0400 Received: from localhost (117.173.227.57 [117.173.227.57]) by rezeros.cc (OpenSMTPD) with ESMTPSA id a99e656c (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Fri, 13 Sep 2019 10:18:11 +0000 (UTC) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 74d81ee1; Fri, 13 Sep 2019 10:17:56 +0000 (UTC) From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= To: 37398@debbugs.gnu.org Subject: [PATCH 2/2] services: Add nftables-service-type. Date: Fri, 13 Sep 2019 18:17:54 +0800 Message-Id: <20190913101754.4483-2-iyzsong@member.fsf.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20190913101754.4483-1-iyzsong@member.fsf.org> References: <20190913101754.4483-1-iyzsong@member.fsf.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 37398 Cc: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/networking.scm (%default-nftables-ruleset): New variable. (): New record type. (nftables-shepherd-service): New procedure. (nftables-service-type): New service type. * doc/guix.texi (Networking Services): Document it. --- doc/guix.texi | 27 ++++++++++++ gnu/services/networking.scm | 82 ++++++++++++++++++++++++++++++++++++- 2 files changed, 108 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 39d4b865f6..e71f0a44c9 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13041,6 +13041,33 @@ objects}). @end table @end deftp +@cindex nftables +@defvr {Scheme Variable} nftables-service-type +This is the service type to set up a nftables configuration. nftables is a +netfilter project that aims to replace the existing iptables, ip6tables, +arptables and ebtables framework. It provides a new packet filtering +framework, a new user-space utility @command{nft}, and a compatibility layer +for iptables. This service comes with a default ruleset +@code{%default-nftables-ruleset} that rejecting all incomming connections +except those to the ssh port 22. To use it, simply write: + +@lisp +(service nftables-service-type) +@end lisp +@end defvr + +@deftp {Data Type} nftables-configuration +The data type representing the configuration of nftables. + +@table @asis +@item @code{package} (default: @code{nftables}) +The nftables package that provides @command{nft}. +@item @code{ruleset} (default: @code{%default-nftables-ruleset}) +The nftables ruleset to use. This may be any ``file-like'' object +(@pxref{G-Expressions, file-like objects}). +@end table +@end deftp + @cindex NTP (Network Time Protocol), service @cindex ntpd, service for the Network Time Protocol daemon @cindex real time clock diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index c775242f99..dd63009116 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -11,6 +11,7 @@ ;;; Copyright © 2018 Arun Isaac ;;; Copyright © 2019 Florian Pelz ;;; Copyright © 2019 Maxim Cournoyer +;;; Copyright © 2019 Sou Bunnbu ;;; ;;; This file is part of GNU Guix. ;;; @@ -144,7 +145,14 @@ iptables-configuration-iptables iptables-configuration-ipv4-rules iptables-configuration-ipv6-rules - iptables-service-type)) + iptables-service-type + + nftables-service-type + nftables-configuration + nftables-configuration? + nftables-configuration-package + nftables-configuration-ruleset + %default-nftables-ruleset)) ;;; Commentary: ;;; @@ -1415,4 +1423,76 @@ COMMIT (list (service-extension shepherd-root-service-type (compose list iptables-shepherd-service)))))) +;;; +;;; nftables +;;; + +(define %default-nftables-ruleset + (plain-file "nftables.conf" + "# A simple and safe firewall +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + + # early drop of invalid connections + ct state invalid drop + + # allow established/related connections + ct state { established, related } accept + + # allow from loopback + iifname lo accept + + # allow icmp + ip protocol icmp accept + ip6 nexthdr icmpv6 accept + + # allow ssh + tcp dport ssh accept + + # reject everything else + reject with icmpx type port-unreachable + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} +")) + +(define-record-type* + nftables-configuration + make-nftables-configuration + nftables-configuration? + (package nftables-configuration-package + (default nftables)) + (ruleset nftables-configuration-ruleset ; file-like object + (default %default-nftables-ruleset))) + +(define nftables-shepherd-service + (match-lambda + (($ package ruleset) + (let ((nft (file-append package "/sbin/nft"))) + (shepherd-service + (documentation "Packet filtering and classification") + (provision '(nftables)) + (start #~(lambda _ + (invoke #$nft "--file" #$ruleset))) + (stop #~(lambda _ + (invoke #$nft "flush" "ruleset")))))))) + +(define nftables-service-type + (service-type + (name 'nftables) + (description + "Run @command{nft}, setting up the specified ruleset.") + (extensions + (list (service-extension shepherd-root-service-type + (compose list nftables-shepherd-service)) + (service-extension profile-service-type + (compose list nftables-configuration-package)))) + (default-value (nftables-configuration)))) + ;;; networking.scm ends here -- 2.19.2 From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 13 10:06:56 2019 Received: (at 37398) by debbugs.gnu.org; 13 Sep 2019 14:06:57 +0000 Received: from localhost ([127.0.0.1]:45455 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8mDw-0004wF-Ls for submit@debbugs.gnu.org; Fri, 13 Sep 2019 10:06:56 -0400 Received: from rezeros.cc ([45.76.207.221]:60294) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8mDu-0004w4-5S for 37398@debbugs.gnu.org; Fri, 13 Sep 2019 10:06:55 -0400 Received: from localhost (2409:8a62:374:69a0:6ce:3979:5c5f:790e [IPv6:2409:8a62:374:69a0:6ce:3979:5c5f:790e]) by rezeros.cc (OpenSMTPD) with ESMTPSA id 275a3e7e (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <37398@debbugs.gnu.org>; Fri, 13 Sep 2019 14:06:48 +0000 (UTC) Received: from gift (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id b564aeed for <37398@debbugs.gnu.org>; Fri, 13 Sep 2019 14:06:36 +0000 (UTC) From: iyzsong@member.fsf.org (=?utf-8?B?5a6L5paH5q2m?=) To: 37398@debbugs.gnu.org Subject: Re: [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. References: <20190913101754.4483-1-iyzsong@member.fsf.org> Date: Fri, 13 Sep 2019 22:06:36 +0800 In-Reply-To: <20190913101754.4483-1-iyzsong@member.fsf.org> (=?utf-8?B?IuWui+aWh+atpiIncw==?= message of "Fri, 13 Sep 2019 18:17:53 +0800") Message-ID: <87o8zoe1eb.fsf@member.fsf.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 37398 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) =E5=AE=8B=E6=96=87=E6=AD=A6 writes: > * gnu/packages/aux-files/linux-libre/4.19-arm.conf, > gnu/packages/aux-files/linux-libre/4.19-arm64.conf, > gnu/packages/aux-files/linux-libre/4.19-i686.conf, > gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, > gnu/packages/aux-files/linux-libre/5.2-arm.conf, > gnu/packages/aux-files/linux-libre/5.2-arm64.conf, > gnu/packages/aux-files/linux-libre/5.2-i686.conf, > gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_= INET, > CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, > CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', will investigate it later... From debbugs-submit-bounces@debbugs.gnu.org Fri Sep 13 11:42:08 2019 Received: (at 37398) by debbugs.gnu.org; 13 Sep 2019 15:42:08 +0000 Received: from localhost ([127.0.0.1]:45501 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8ni4-0000rE-Eh for submit@debbugs.gnu.org; Fri, 13 Sep 2019 11:42:08 -0400 Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:36499) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8ni2-0000qg-M7 for 37398@debbugs.gnu.org; Fri, 13 Sep 2019 11:42:07 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id D2FE753E; Fri, 13 Sep 2019 11:42:00 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Fri, 13 Sep 2019 11:42:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:in-reply-to:references:date:message-id :mime-version:content-type; s=fm3; bh=4gcSV6NqWo7Xyqu5PHYAyKh3yz gqobjENIF0InWFB1U=; b=PwYjhasKbgg+SNqnpS29cvgmRmQ9WTh/+Vl6zpudHn RrTbUcJFm3jCRYZss5Cg2T2TmrPZQyyX/mSYDM0s6ja+p2Eq5jwCbh52cJKNKjtj hsVUaeJdD1ep4h+MIYi7YIUuHo6ulWkQkx6ecPRrY6TfjFyNjO/S19Bf3vQGFOqX A9/gn6jdQahlvsILLKsaTRRipWTWPeVsBETavkhK0cfBd25nR777O652qWl12Vwd dKYanqAVBPTRg6fTEaYxPitdiGtE+0ju7lB2lOalGdstJgPIonzkNg0qFbLWndXo XYzNL4uAyGKY5EIhdvoduXdQNi8HeDoTVbrjJsC34CBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=4gcSV6 NqWo7Xyqu5PHYAyKh3yzgqobjENIF0InWFB1U=; b=IlFPTsmmElNaODc362II9C PMqsoSYwfS4uCo/SBtTOcy6tHoLltzSW1Gk2h/Q8UwToTJ4TIxuZ9ADIJdVRFNr6 W19z86yOAU63kFCcwgj8Gke8A4vPQu0/isCZ2d6xk+FomFvNM4auW0jhLAmR2qsk UeinrlhDP5goDn0OIk3CsdSicD7HLprzs1hAOa+t4KdUF7rzkTACGNlLBb3HtIGL GkHrLczeNThIv2NUb+z7HxoPmQ/1t1nsniN+uqWSA+U+cJxe+sYJyZFbDbsoQOd/ VdvB784Oa2RUniXuo/uK8TvGeNKvlSDBTXhBKFfwYPdC3cI9NzlxKdzlcInfrGNQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrtdejgdeltdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufgjfhgffffkgggtsehgtderre dtreejnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhkvgesfhgrshht mhgrihhlrdgtohhmqeenucfkphepiedvrdduiedrudelvddrudehtdenucfrrghrrghmpe hmrghilhhfrhhomhepmhgsrghkkhgvsehfrghsthhmrghilhdrtghomhenucevlhhushht vghrufhiiigvpedt X-ME-Proxy: Received: from localhost (ti0006q161-0149.bb.online.no [62.16.192.150]) by mail.messagingengine.com (Postfix) with ESMTPA id C63D28005B; Fri, 13 Sep 2019 11:41:59 -0400 (EDT) From: Marius Bakke To: =?utf-8?B?5a6L5paH5q2m?= , 37398@debbugs.gnu.org Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. In-Reply-To: <87o8zoe1eb.fsf@member.fsf.org> References: <20190913101754.4483-1-iyzsong@member.fsf.org> <87o8zoe1eb.fsf@member.fsf.org> User-Agent: Notmuch/0.29.1 (https://notmuchmail.org) Emacs/26.2 (x86_64-pc-linux-gnu) Date: Fri, 13 Sep 2019 17:41:57 +0200 Message-ID: <874l1gb3ui.fsf@devup.no> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 37398 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable iyzsong@member.fsf.org (=E5=AE=8B=E6=96=87=E6=AD=A6) writes: > =E5=AE=8B=E6=96=87=E6=AD=A6 writes: > >> * gnu/packages/aux-files/linux-libre/4.19-arm.conf, >> gnu/packages/aux-files/linux-libre/4.19-arm64.conf, >> gnu/packages/aux-files/linux-libre/4.19-i686.conf, >> gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, >> gnu/packages/aux-files/linux-libre/5.2-arm.conf, >> gnu/packages/aux-files/linux-libre/5.2-arm64.conf, >> gnu/packages/aux-files/linux-libre/5.2-i686.conf, >> gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES= _INET, >> CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, >> CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. > > I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', > will investigate it later... In general, when making changes to the kernel configuration, you need to use the interactive configuration system provided by the kernel build system. The reason is that many options have dependencies: if you set CONFIG_FOO=3Dy, CONFIG_BAR might also need to be y. Using the configuration system ensures these dependencies are handled properly. Here is one way to do that on Guix: $ tar -xf $(guix build -S linux-libre) -C /tmp $ cd /tmp/linux-libre-5.2.13 $ guix environment linux-libre --ad-hoc ncurses $ cp /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf= .config $ make oldconfig $ make nconfig $ cp .config /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86= _64.conf I don't have time to go into more details right now, but hope this helps! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl17uMUACgkQoqBt8qM6 VPr2mQf/RgymaRqwFmuzgeL/AGCaMMu82lZFBgvS86GPIhjYo8ybPPn7FnGmuUIn tfsvEMuMbTNSEHPAQzlmeBul5mEFJZ1K5hDPUZ4oi0nKfI8+c53HBCHjdXnKrN8F GgkdgG3R5NqUQNeC9ehdhdtrIHv/1Wf7FFeMDW+K/+wdEzcGvs0m7f7PDqan9M7J rm5Asm3EemZgWbUhQ5uR8HvnYjE1sG5IAPLN88QcKe3BmpdQqhmeAYHlKClA7T9T 7yBR6dPKch1h3/YqJry+DHzSwR694DUyb4R198IWwJsKkgvM5N6Qv/I/sDTFgerQ 0sJ6NvrlLbPzNWwm3O43iKL2+K3n6Q== =6sEo -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 14 00:02:24 2019 Received: (at 37398) by debbugs.gnu.org; 14 Sep 2019 04:02:24 +0000 Received: from localhost ([127.0.0.1]:45733 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8zGR-0001M5-F9 for submit@debbugs.gnu.org; Sat, 14 Sep 2019 00:02:24 -0400 Received: from rezeros.cc ([45.76.207.221]:60300) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i8zGP-0001Lw-Cj for 37398@debbugs.gnu.org; Sat, 14 Sep 2019 00:02:22 -0400 Received: from localhost (112.45.96.213 [112.45.96.213]) by rezeros.cc (OpenSMTPD) with ESMTPSA id 89bd7481 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sat, 14 Sep 2019 04:02:18 +0000 (UTC) Received: from gift (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 9c84bad0; Sat, 14 Sep 2019 04:02:07 +0000 (UTC) From: iyzsong@member.fsf.org (=?utf-8?B?5a6L5paH5q2m?=) To: Marius Bakke Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. References: <20190913101754.4483-1-iyzsong@member.fsf.org> <87o8zoe1eb.fsf@member.fsf.org> <874l1gb3ui.fsf@devup.no> Date: Sat, 14 Sep 2019 12:02:07 +0800 In-Reply-To: <874l1gb3ui.fsf@devup.no> (Marius Bakke's message of "Fri, 13 Sep 2019 17:41:57 +0200") Message-ID: <87k1ab34qo.fsf@member.fsf.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 0.8 (/) X-Debbugs-Envelope-To: 37398 Cc: 37398@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.2 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Marius Bakke writes: > iyzsong@member.fsf.org (=E5=AE=8B=E6=96=87=E6=AD=A6) writes: > >> =E5=AE=8B=E6=96=87=E6=AD=A6 writes: >> >>> * gnu/packages/aux-files/linux-libre/4.19-arm.conf, >>> gnu/packages/aux-files/linux-libre/4.19-arm64.conf, >>> gnu/packages/aux-files/linux-libre/4.19-i686.conf, >>> gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, >>> gnu/packages/aux-files/linux-libre/5.2-arm.conf, >>> gnu/packages/aux-files/linux-libre/5.2-arm64.conf, >>> gnu/packages/aux-files/linux-libre/5.2-i686.conf, >>> gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLE= S_INET, >>> CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_ARP, >>> CONFIG_NF_TABLES_IPV6, and CONFIG_NF_TABLES_BRIDGE to 'm'. >> >> I got 5.2 built now, and it doesn't work, may have to be enabled as 'y', >> will investigate it later... > > In general, when making changes to the kernel configuration, you need to > use the interactive configuration system provided by the kernel build > system. The reason is that many options have dependencies: if you set > CONFIG_FOO=3Dy, CONFIG_BAR might also need to be y. > > Using the configuration system ensures these dependencies are handled > properly. Here is one way to do that on Guix: > > $ tar -xf $(guix build -S linux-libre) -C /tmp > $ cd /tmp/linux-libre-5.2.13 > $ guix environment linux-libre --ad-hoc ncurses > $ cp /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x86_64.co= nf .config > $ make oldconfig > $ make nconfig > $ cp .config /your/guix/checkout/gnu/packages/aux-files/linux-libre/5.2-x= 86_64.conf > > I don't have time to go into more details right now, but hope this helps! Thanks, the interactive configuration system does the right thing. And I now have made configs for x86_64, 4.19 and 5.2. Since i686 is similar to x86_64, so I apply the x86_64 config diff to i686 config, no rejections, it should work. But the arm ones are different, and I don't know how to make them without an arm machine (a naive 'make nconfig' in my x86_64 environment generates a lot of diffs...), so I skip them for now: --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-linux-libre-intel-Enable-all-nftables-families.patch >From 3071ddc697bfaa5cff9324be3332a9dda9289b76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= Date: Sat, 14 Sep 2019 11:26:37 +0800 Subject: [PATCH 1/2] gnu: linux-libre: intel: Enable all nftables families. TODO: Adjust arm kernels accordingly. * gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and CONFIG_NF_TABLES_BRIDGE to 'y', and related options to 'm'. --- .../aux-files/linux-libre/4.19-i686.conf | 35 +++++++++++++++---- .../aux-files/linux-libre/4.19-x86_64.conf | 35 +++++++++++++++---- .../aux-files/linux-libre/5.2-i686.conf | 28 +++++++++++---- .../aux-files/linux-libre/5.2-x86_64.conf | 28 +++++++++++---- 4 files changed, 102 insertions(+), 24 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..75a18ec5ef 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1226,11 +1226,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1394,8 +1401,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1403,6 +1414,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1434,7 +1448,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1489,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..f151036410 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1236,11 +1236,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1404,8 +1411,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1413,6 +1424,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1444,7 +1458,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1499,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..8813a70d3d 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1158,17 +1158,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1335,8 +1343,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1384,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1423,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..e1d2c93f9a 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1179,17 +1179,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1356,8 +1364,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1405,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1444,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2 --=-=-= Content-Type: text/plain I also use 'make nconfig' for 4.14, and the result is okay, so I guess since 4.19, those nftables families have to be enabled as 'y', while previously they can be built as modules. Is it fine to only update kernel configurations for intel architectures? --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Sep 14 06:02:29 2019 Received: (at 37398) by debbugs.gnu.org; 14 Sep 2019 10:02:29 +0000 Received: from localhost ([127.0.0.1]:45894 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i94sv-0002OX-Jp for submit@debbugs.gnu.org; Sat, 14 Sep 2019 06:02:29 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:55920) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i94st-0002OP-Lc for 37398@debbugs.gnu.org; Sat, 14 Sep 2019 06:02:28 -0400 Received: from localhost (178.112.196.81.wireless.dyn.drei.com [178.112.196.81]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 9DEE93360F37; Sat, 14 Sep 2019 12:02:25 +0200 (CEST) Date: Sat, 14 Sep 2019 12:02:20 +0200 From: Danny Milosavljevic To: iyzsong@member.fsf.org (=?utf-8?Q?=E5=AE=8B=E6=96=87=E6=AD=A6?=) Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. Message-ID: <20190914120220.5cc10352@scratchpost.org> In-Reply-To: <87k1ab34qo.fsf@member.fsf.org> References: <20190913101754.4483-1-iyzsong@member.fsf.org> <87o8zoe1eb.fsf@member.fsf.org> <874l1gb3ui.fsf@devup.no> <87k1ab34qo.fsf@member.fsf.org> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/+rHCAoNpcGlYeXl2uXGupX."; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 37398 Cc: 37398@debbugs.gnu.org, Marius Bakke X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/+rHCAoNpcGlYeXl2uXGupX. Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Add to your services field in operating-system: (service qemu-binfmt-service-type (qemu-binfmt-configuration (platforms (lookup-qemu-platforms "arm" "aarch64" "ppc" "mips= 64el")) (guix-support? #t))) and reconfigure. Then $ guix environment -s armhf-linux linux-libre (env)$ make oldconfig (env)$ make nconfig --Sig_/+rHCAoNpcGlYeXl2uXGupX. Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl18uqwACgkQ5xo1VCww uqW1gwf9EYku7EZ0SRr9st6kik2Bk23D3TnOioVbsm7PduvnpHOudZHbNyqyBy4m Wy1YeGfsBvgFFaPqxA3w5DTdvSm6ElaGUayl1S49Z6cSDYTgeBEq1B4o45qZzHAM SFYC8zgDIqt8PAcjWaGaw9LD3CvyiHFAd75/PEJZILffz9KJrxx/RSvJsqpFBwj3 w7FHpuY7rVF7nFBKhjclic+0sRFSoPp353S48amrKVPDdq6kIkEfQzhRjMvnI5J0 o5A5GNYM77aecxatxfvp0Ytu2BlNhKfPlwp1Rx3Lw3Wvcq1v+oBtJZjOjUmW449O dCwClpiZQuoLLuwjsvKrPUHJBDp34Q== =K2fA -----END PGP SIGNATURE----- --Sig_/+rHCAoNpcGlYeXl2uXGupX.-- From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 15 06:09:42 2019 Received: (at 37398) by debbugs.gnu.org; 15 Sep 2019 10:09:42 +0000 Received: from localhost ([127.0.0.1]:47349 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i9RTR-0002RQ-JC for submit@debbugs.gnu.org; Sun, 15 Sep 2019 06:09:42 -0400 Received: from rezeros.cc ([45.76.207.221]:48770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i9RTO-0002RB-My for 37398@debbugs.gnu.org; Sun, 15 Sep 2019 06:09:39 -0400 Received: from localhost (112.45.96.213 [112.45.96.213]) by rezeros.cc (OpenSMTPD) with ESMTPSA id f00cc560 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sun, 15 Sep 2019 10:09:31 +0000 (UTC) Received: from gift (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 9c0888a9; Sun, 15 Sep 2019 10:09:26 +0000 (UTC) From: iyzsong@member.fsf.org (=?utf-8?B?5a6L5paH5q2m?=) To: Danny Milosavljevic MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. References: <20190913101754.4483-1-iyzsong@member.fsf.org> <87o8zoe1eb.fsf@member.fsf.org> <874l1gb3ui.fsf@devup.no> <87k1ab34qo.fsf@member.fsf.org> <20190914120220.5cc10352@scratchpost.org> Date: Sun, 15 Sep 2019 18:09:26 +0800 In-Reply-To: <20190914120220.5cc10352@scratchpost.org> (Danny Milosavljevic's message of "Sat, 14 Sep 2019 12:02:20 +0200") Message-ID: <87ef0hrhux.fsf@member.fsf.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) X-Spam-Score: 0.8 (/) X-Debbugs-Envelope-To: 37398 Cc: Vagrant Cascadian , 37398@debbugs.gnu.org, Marius Bakke , Timothy Sample X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.2 (/) --=-=-= Content-Type: text/plain Danny Milosavljevic writes: > Add to your services field in operating-system: > > (service qemu-binfmt-service-type > (qemu-binfmt-configuration > (platforms (lookup-qemu-platforms "arm" "aarch64" "ppc" "mips64el")) > (guix-support? #t))) > > and reconfigure. > > Then > > $ guix environment -s armhf-linux linux-libre > (env)$ make oldconfig > (env)$ make nconfig Cool, with it I changed the kernel configs for arm and arm64, thank you! --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-linux-libre-Enable-all-nftables-families.patch >From 2dd03457c6f800693b0dca5c1649576dda377524 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AE=8B=E6=96=87=E6=AD=A6?= Date: Sat, 14 Sep 2019 11:26:37 +0800 Subject: [PATCH 1/2] gnu: linux-libre: Enable all nftables families. * gnu/packages/aux-files/linux-libre/4.19-arm.conf, gnu/packages/aux-files/linux-libre/4.19-arm64.conf, gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.2-arm.conf, gnu/packages/aux-files/linux-libre/5.2-arm64.conf, gnu/packages/aux-files/linux-libre/5.2-i686.conf, gnu/packages/aux-files/linux-libre/5.2-x86_64.conf: Set CONFIG_NF_TABLES_INET, CONFIG_NF_TABLES_NETDEV, CONFIG_NF_TABLES_IPV4, CONFIG_NF_TABLES_IPV6 and CONFIG_NF_TABLES_BRIDGE to 'y', and related options to 'm'. --- .../aux-files/linux-libre/4.19-arm.conf | 39 +++++++++++++---- .../aux-files/linux-libre/4.19-arm64.conf | 43 +++++++++++++++---- .../aux-files/linux-libre/4.19-i686.conf | 35 ++++++++++++--- .../aux-files/linux-libre/4.19-x86_64.conf | 35 ++++++++++++--- .../aux-files/linux-libre/5.2-arm.conf | 32 ++++++++++---- .../aux-files/linux-libre/5.2-arm64.conf | 42 +++++++++++++----- .../aux-files/linux-libre/5.2-i686.conf | 28 +++++++++--- .../aux-files/linux-libre/5.2-x86_64.conf | 28 +++++++++--- 8 files changed, 223 insertions(+), 59 deletions(-) diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm.conf b/gnu/packages/aux-files/linux-libre/4.19-arm.conf index 184f73276f..72161c09ff 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm.conf @@ -1133,7 +1133,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_OSF=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m -# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_LOG_NETDEV=m CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y @@ -1176,8 +1176,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1189,15 +1189,22 @@ CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m -# CONFIG_NFT_OBJREF is not set +CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1361,8 +1368,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1370,6 +1381,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1401,7 +1415,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1451,9 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf index 73cd300c18..47ec3c9765 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-arm64.conf @@ -1120,10 +1120,11 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m +CONFIG_NFT_FLOW_OFFLOAD=m CONFIG_NFT_COUNTER=m CONFIG_NFT_CONNLIMIT=m CONFIG_NFT_LOG=m @@ -1136,12 +1137,20 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m -# CONFIG_NF_FLOW_TABLE is not set +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m # @@ -1303,14 +1312,22 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1342,7 +1359,15 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m +CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1358,7 +1383,7 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m -# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_MATCH_SRH=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m @@ -1370,7 +1395,9 @@ CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-i686.conf b/gnu/packages/aux-files/linux-libre/4.19-i686.conf index c1df3f0f49..75a18ec5ef 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-i686.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-i686.conf @@ -1209,8 +1209,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1226,11 +1226,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1394,8 +1401,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1403,6 +1414,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1434,7 +1448,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1468,7 +1489,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf index a8f8c81648..f151036410 100644 --- a/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/4.19-x86_64.conf @@ -1219,8 +1219,8 @@ CONFIG_NF_NAT_REDIRECT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1236,11 +1236,18 @@ CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1404,8 +1411,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_CHAIN_ROUTE_IPV4=m +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1413,6 +1424,9 @@ CONFIG_NF_LOG_IPV4=m CONFIG_NF_REJECT_IPV4=m CONFIG_NF_NAT_IPV4=m CONFIG_NF_NAT_MASQUERADE_IPV4=y +CONFIG_NFT_CHAIN_NAT_IPV4=m +CONFIG_NFT_MASQ_IPV4=m +CONFIG_NFT_REDIR_IPV4=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PROTO_GRE=m CONFIG_NF_NAT_PPTP=m @@ -1444,7 +1458,14 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_CHAIN_ROUTE_IPV6=m +CONFIG_NFT_CHAIN_NAT_IPV6=m +CONFIG_NFT_MASQ_IPV6=m +CONFIG_NFT_REDIR_IPV6=m +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1478,7 +1499,9 @@ CONFIG_NF_DEFRAG_IPV6=m # DECnet: Netfilter Configuration # CONFIG_DECNET_NF_GRABULATOR=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm.conf b/gnu/packages/aux-files/linux-libre/5.2-arm.conf index 4ac8ed642d..7cab0ab66c 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm.conf @@ -1117,7 +1117,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_OSF=m CONFIG_NF_CONNTRACK=m CONFIG_NF_LOG_COMMON=m -# CONFIG_NF_LOG_NETDEV is not set +CONFIG_NF_LOG_NETDEV=m CONFIG_NETFILTER_CONNCOUNT=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y @@ -1157,8 +1157,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1168,17 +1168,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m -# CONFIG_NFT_OBJREF is not set +CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1345,8 +1353,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1383,7 +1394,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1412,7 +1426,9 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf index 4ad652a78f..99ff63354f 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-arm64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-arm64.conf @@ -1118,28 +1118,38 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m +# CONFIG_NFT_FLOW_OFFLOAD is not set CONFIG_NFT_COUNTER=m CONFIG_NFT_CONNLIMIT=m CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m -# CONFIG_NF_FLOW_TABLE is not set +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m +CONFIG_NF_FLOW_TABLE_INET=m +CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m # @@ -1304,8 +1314,12 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y +CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m CONFIG_NF_LOG_IPV4=m @@ -1341,7 +1355,11 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m +CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m @@ -1355,7 +1373,7 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m -# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_MATCH_SRH=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m @@ -1369,7 +1387,9 @@ CONFIG_IP6_NF_TARGET_NPT=m # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=m -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m @@ -8028,9 +8048,9 @@ CONFIG_EXT4_USE_FOR_EXT2=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set -CONFIG_JBD2=m +CONFIG_JBD2=y # CONFIG_JBD2_DEBUG is not set -CONFIG_FS_MBCACHE=m +CONFIG_FS_MBCACHE=y CONFIG_REISERFS_FS=m # CONFIG_REISERFS_CHECK is not set # CONFIG_REISERFS_PROC_INFO is not set @@ -8687,7 +8707,7 @@ CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y # CONFIG_INDIRECT_PIO is not set CONFIG_CRC_CCITT=m -CONFIG_CRC16=m +CONFIG_CRC16=y CONFIG_CRC_T10DIF=y CONFIG_CRC_ITU_T=m CONFIG_CRC32=y diff --git a/gnu/packages/aux-files/linux-libre/5.2-i686.conf b/gnu/packages/aux-files/linux-libre/5.2-i686.conf index 0a211f6eb9..8813a70d3d 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-i686.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-i686.conf @@ -1147,8 +1147,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1158,17 +1158,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1335,8 +1343,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1373,7 +1384,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1409,7 +1423,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m diff --git a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf index 51d4e93372..e1d2c93f9a 100644 --- a/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf +++ b/gnu/packages/aux-files/linux-libre/5.2-x86_64.conf @@ -1168,8 +1168,8 @@ CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m -# CONFIG_NF_TABLES_INET is not set -# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_FLOW_OFFLOAD=m @@ -1179,17 +1179,25 @@ CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m CONFIG_NFT_TUNNEL=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m +CONFIG_NFT_FIB=m +CONFIG_NFT_FIB_INET=m CONFIG_NFT_XFRM=m CONFIG_NFT_SOCKET=m CONFIG_NFT_OSF=m CONFIG_NFT_TPROXY=m +CONFIG_NF_DUP_NETDEV=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_FIB_NETDEV=m CONFIG_NF_FLOW_TABLE_INET=m CONFIG_NF_FLOW_TABLE=m CONFIG_NETFILTER_XTABLES=m @@ -1356,8 +1364,11 @@ CONFIG_IP_VS_PE_SIP=m CONFIG_NF_DEFRAG_IPV4=m CONFIG_NF_SOCKET_IPV4=m CONFIG_NF_TPROXY_IPV4=m -# CONFIG_NF_TABLES_IPV4 is not set -# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +CONFIG_NFT_FIB_IPV4=m +CONFIG_NF_TABLES_ARP=y CONFIG_NF_FLOW_TABLE_IPV4=m CONFIG_NF_DUP_IPV4=m CONFIG_NF_LOG_ARP=m @@ -1394,7 +1405,10 @@ CONFIG_IP_NF_ARP_MANGLE=m # CONFIG_NF_SOCKET_IPV6=m CONFIG_NF_TPROXY_IPV6=m -# CONFIG_NF_TABLES_IPV6 is not set +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +CONFIG_NFT_FIB_IPV6=m CONFIG_NF_FLOW_TABLE_IPV6=m CONFIG_NF_DUP_IPV6=m CONFIG_NF_REJECT_IPV6=m @@ -1430,7 +1444,9 @@ CONFIG_NF_DEFRAG_IPV6=m CONFIG_DECNET_NF_GRABULATOR=m # end of DECnet: Netfilter Configuration -# CONFIG_NF_TABLES_BRIDGE is not set +CONFIG_NF_TABLES_BRIDGE=y +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_LOG_BRIDGE=m CONFIG_BRIDGE_NF_EBTABLES=m CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m -- 2.19.2 --=-=-= Content-Type: text/plain 5.2-arm-veyron.conf is skipped, CC to Timothy and Vagrant, is it worth to enable nftables for the "veyron" chromebooks? Unlike other kernel configs, this one doesn't have most netfilter (eg: iptables) options enabled. --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Sep 18 07:06:07 2019 Received: (at 37398-done) by debbugs.gnu.org; 18 Sep 2019 11:06:07 +0000 Received: from localhost ([127.0.0.1]:53651 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iAXmh-0004Ia-LN for submit@debbugs.gnu.org; Wed, 18 Sep 2019 07:06:07 -0400 Received: from rezeros.cc ([45.76.207.221]:48812) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iAXmg-0004I6-51 for 37398-done@debbugs.gnu.org; Wed, 18 Sep 2019 07:06:06 -0400 Received: from localhost (112.45.96.213 [112.45.96.213]) by rezeros.cc (OpenSMTPD) with ESMTPSA id 5fa29199 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <37398-done@debbugs.gnu.org>; Wed, 18 Sep 2019 11:05:58 +0000 (UTC) Received: from gift (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 1d2cf83b for <37398-done@debbugs.gnu.org>; Wed, 18 Sep 2019 11:05:53 +0000 (UTC) From: iyzsong@member.fsf.org (=?utf-8?B?5a6L5paH5q2m?=) To: 37398-done@debbugs.gnu.org Subject: Re: [bug#37398] [PATCH 0/2]: services: Add nftables-service-type. References: <87a7b8fr25.fsf@member.fsf.org> Date: Wed, 18 Sep 2019 19:05:53 +0800 In-Reply-To: <87a7b8fr25.fsf@member.fsf.org> (=?utf-8?B?IuWui+aWh+atpiIn?= =?utf-8?B?cw==?= message of "Fri, 13 Sep 2019 18:06:58 +0800") Message-ID: <87k1a5yicu.fsf@member.fsf.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 37398-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) iyzsong@member.fsf.org (=E5=AE=8B=E6=96=87=E6=AD=A6) writes: > Hello, nftables is the successor to iptables. > > This first patch will enable nftables modules for our linux-libre > packages (4.4 have them enabled already, but later doesn't), I manual > edited those files and haven't build any kernel yet. > > This second patch makes nftables-service-type available, I tested it > with my custom kernel. Pushed! From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 22 20:04:57 2019 Received: (at 37398) by debbugs.gnu.org; 23 Sep 2019 00:04:57 +0000 Received: from localhost ([127.0.0.1]:34694 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iCBqb-0002OX-3w for submit@debbugs.gnu.org; Sun, 22 Sep 2019 20:04:57 -0400 Received: from cascadia.aikidev.net ([173.255.214.101]:57692) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iCBqX-0002OI-RF for 37398@debbugs.gnu.org; Sun, 22 Sep 2019 20:04:54 -0400 Received: from localhost (unknown [IPv6:2600:3c01:e000:21:21:21:0:100b]) (Authenticated sender: vagrant@cascadia.debian.net) by cascadia.aikidev.net (Postfix) with ESMTPSA id DB4FC1AA2C; Sun, 22 Sep 2019 17:04:47 -0700 (PDT) From: Vagrant Cascadian To: =?utf-8?B?5a6L5paH5q2m?= , Danny Milosavljevic Subject: Re: [bug#37398] [PATCH 1/2] gnu: linux-libre: Enable all nftables family modules. In-Reply-To: <87ef0hrhux.fsf@member.fsf.org> References: <20190913101754.4483-1-iyzsong@member.fsf.org> <87o8zoe1eb.fsf@member.fsf.org> <874l1gb3ui.fsf@devup.no> <87k1ab34qo.fsf@member.fsf.org> <20190914120220.5cc10352@scratchpost.org> <87ef0hrhux.fsf@member.fsf.org> Date: Sun, 22 Sep 2019 17:04:44 -0700 Message-ID: <87ftknvpwj.fsf@yucca> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 37398 Cc: 37398@debbugs.gnu.org, Marius Bakke , Timothy Sample X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2019-09-15, =E5=AE=8B=E6=96=87=E6=AD=A6 wrote: > Danny Milosavljevic writes: > 5.2-arm-veyron.conf is skipped, CC to Timothy and Vagrant, is it worth > to enable nftables for the "veyron" chromebooks? Unlike other kernel > configs, this one doesn't have most netfilter (eg: iptables) options > enabled. It would certainly be worth adding; unfortunately I haven't gotten a working kernel since the upgrade from 5.1.x to 5.2.x... so haven't been able to test it. Even better, getting the "regular" arm kernel working on the veyron... but I haven't tried that in a while. I've also been looking at syncing some new board support and features from the Debian arm and arm64 kernel configurations, but there is a fair amount of diff to go over... live well, vagrant --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXYgMHAAKCRDcUY/If5cW qqT+AP9nulxSD23lT3PdhcEzwkEyR+BQk+UIhsvMeOmhBFUKVgEA1O96mIngLlDM NwAVxusrGOpJcVkjGoIJuGIGdKbMwgY= =bQPB -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Jun 21 10:41:51 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 21 Oct 2019 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator