Modified citadel-kernel config: added IPTables-stuff for sgfw, temporarily disabled RAP plug-in while looking at gcc8-related probz
This commit is contained in:
parent
3265eb2f6d
commit
839badbe11
@ -785,11 +785,8 @@ CONFIG_WIREGUARD=m
|
||||
CONFIG_IP_ADVANCED_ROUTER=y
|
||||
# CONFIG_IP_FIB_TRIE_STATS is not set
|
||||
CONFIG_IP_MULTIPLE_TABLES=y
|
||||
# CONFIG_IP_ROUTE_MULTIPATH is not set
|
||||
# CONFIG_IP_ROUTE_VERBOSE is not set
|
||||
# CONFIG_IP_PNP is not set
|
||||
# CONFIG_NET_IPIP is not set
|
||||
# CONFIG_NET_IPGRE_DEMUX is not set
|
||||
CONFIG_IP_ROUTE_MULTIPATH=y
|
||||
CONFIG_IP_ROUTE_VERBOSE=y
|
||||
CONFIG_NET_IP_TUNNEL=m
|
||||
CONFIG_SYN_COOKIES=y
|
||||
CONFIG_NET_UDP_TUNNEL=m
|
||||
@ -809,10 +806,8 @@ CONFIG_INET_DIAG_DESTROY=y
|
||||
# CONFIG_TCP_CONG_ADVANCED is not set
|
||||
CONFIG_TCP_CONG_CUBIC=y
|
||||
CONFIG_DEFAULT_TCP_CONG="cubic"
|
||||
# CONFIG_TCP_MD5SIG is not set
|
||||
# CONFIG_IPV6 is not set
|
||||
# CONFIG_NETLABEL is not set
|
||||
# CONFIG_NETWORK_SECMARK is not set
|
||||
CONFIG_NETLABEL=y
|
||||
CONFIG_NETWORK_SECMARK=y
|
||||
CONFIG_NET_PTP_CLASSIFY=y
|
||||
# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
|
||||
CONFIG_NETFILTER=y
|
||||
@ -832,65 +827,51 @@ CONFIG_NF_CONNTRACK=y
|
||||
CONFIG_NF_LOG_COMMON=y
|
||||
CONFIG_NF_CONNTRACK_MARK=y
|
||||
CONFIG_NF_CONNTRACK_PROCFS=y
|
||||
# CONFIG_NF_CONNTRACK_EVENTS is not set
|
||||
# CONFIG_NF_CONNTRACK_TIMEOUT is not set
|
||||
# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
|
||||
# CONFIG_NF_CT_PROTO_DCCP is not set
|
||||
# CONFIG_NF_CT_PROTO_SCTP is not set
|
||||
# CONFIG_NF_CT_PROTO_UDPLITE is not set
|
||||
# CONFIG_NF_CONNTRACK_AMANDA is not set
|
||||
# CONFIG_NF_CONNTRACK_FTP is not set
|
||||
# CONFIG_NF_CONNTRACK_H323 is not set
|
||||
# CONFIG_NF_CONNTRACK_IRC is not set
|
||||
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
|
||||
# CONFIG_NF_CONNTRACK_SNMP is not set
|
||||
# CONFIG_NF_CONNTRACK_PPTP is not set
|
||||
# CONFIG_NF_CONNTRACK_SANE is not set
|
||||
# CONFIG_NF_CONNTRACK_SIP is not set
|
||||
# CONFIG_NF_CONNTRACK_TFTP is not set
|
||||
# CONFIG_NF_CT_NETLINK is not set
|
||||
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
|
||||
CONFIG_NF_CONNTRACK_EVENTS=y
|
||||
CONFIG_NF_CONNTRACK_TIMEOUT=y
|
||||
CONFIG_NF_CONNTRACK_TIMESTAMP=y
|
||||
CONFIG_NF_CONNTRACK_LABELS=y
|
||||
CONFIG_NF_CT_NETLINK=y
|
||||
CONFIG_NF_CT_NETLINK_TIMEOUT=y
|
||||
CONFIG_NF_CT_NETLINK_HELPER=y
|
||||
CONFIG_NETFILTER_NETLINK_GLUE_CT=y
|
||||
CONFIG_NF_NAT=y
|
||||
CONFIG_NF_NAT_NEEDED=y
|
||||
# CONFIG_NF_NAT_AMANDA is not set
|
||||
# CONFIG_NF_NAT_FTP is not set
|
||||
# CONFIG_NF_NAT_IRC is not set
|
||||
# CONFIG_NF_NAT_SIP is not set
|
||||
# CONFIG_NF_NAT_TFTP is not set
|
||||
# CONFIG_NF_NAT_REDIRECT is not set
|
||||
# CONFIG_NF_TABLES is not set
|
||||
CONFIG_NF_NAT_REDIRECT=y
|
||||
CONFIG_NETFILTER_SYNPROXY=y
|
||||
CONFIG_NF_TABLES=y
|
||||
CONFIG_NFT_META=y
|
||||
CONFIG_NFT_NUMGEN=y
|
||||
CONFIG_NFT_CT=y
|
||||
CONFIG_NFT_COUNTER=y
|
||||
CONFIG_NFT_LOG=y
|
||||
CONFIG_NFT_MASQ=y
|
||||
CONFIG_NFT_REDIR=y
|
||||
CONFIG_NFT_NAT=y
|
||||
CONFIG_NFT_QUEUE=y
|
||||
CONFIG_NFT_QUOTA=y
|
||||
CONFIG_NFT_REJECT=y
|
||||
CONFIG_NETFILTER_XTABLES=y
|
||||
|
||||
#
|
||||
# Xtables combined modules
|
||||
#
|
||||
CONFIG_NETFILTER_XT_MARK=y
|
||||
# CONFIG_NETFILTER_XT_CONNMARK is not set
|
||||
CONFIG_NETFILTER_XT_CONNMARK=y
|
||||
|
||||
#
|
||||
# Xtables targets
|
||||
#
|
||||
# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_HL is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_LED is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_AUDIT=y
|
||||
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
|
||||
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
|
||||
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
|
||||
CONFIG_NETFILTER_XT_TARGET_HMARK=y
|
||||
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
|
||||
CONFIG_NETFILTER_XT_TARGET_LOG=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_MARK=y
|
||||
CONFIG_NETFILTER_XT_NAT=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_NETMAP=y
|
||||
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
|
||||
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
|
||||
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||
CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
|
||||
|
||||
#
|
||||
# Xtables matches
|
||||
@ -898,15 +879,10 @@ CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
|
||||
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_BPF is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_CGROUP=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_CPU is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
|
||||
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
|
||||
CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
|
||||
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
|
||||
# CONFIG_NETFILTER_XT_MATCH_ECN is not set
|
||||
@ -947,14 +923,18 @@ CONFIG_NETFILTER_XT_MATCH_SOCKET=y
|
||||
#
|
||||
CONFIG_NF_DEFRAG_IPV4=y
|
||||
CONFIG_NF_CONNTRACK_IPV4=y
|
||||
# CONFIG_NF_DUP_IPV4 is not set
|
||||
# CONFIG_NF_LOG_ARP is not set
|
||||
CONFIG_NF_TABLES_IPV4=y
|
||||
CONFIG_NFT_CHAIN_ROUTE_IPV4=y
|
||||
CONFIG_NFT_REJECT_IPV4=y
|
||||
CONFIG_NFT_DUP_IPV4=y
|
||||
CONFIG_NF_DUP_IPV4=y
|
||||
CONFIG_NF_LOG_IPV4=y
|
||||
CONFIG_NF_REJECT_IPV4=y
|
||||
CONFIG_NF_NAT_IPV4=y
|
||||
CONFIG_NFT_CHAIN_NAT_IPV4=y
|
||||
CONFIG_NF_NAT_MASQUERADE_IPV4=y
|
||||
# CONFIG_NF_NAT_PPTP is not set
|
||||
# CONFIG_NF_NAT_H323 is not set
|
||||
CONFIG_NFT_MASQ_IPV4=y
|
||||
CONFIG_NFT_REDIR_IPV4=y
|
||||
CONFIG_IP_NF_IPTABLES=y
|
||||
# CONFIG_IP_NF_MATCH_AH is not set
|
||||
# CONFIG_IP_NF_MATCH_ECN is not set
|
||||
@ -962,36 +942,29 @@ CONFIG_IP_NF_IPTABLES=y
|
||||
# CONFIG_IP_NF_MATCH_TTL is not set
|
||||
CONFIG_IP_NF_FILTER=y
|
||||
CONFIG_IP_NF_TARGET_REJECT=y
|
||||
# CONFIG_IP_NF_TARGET_SYNPROXY is not set
|
||||
CONFIG_IP_NF_TARGET_SYNPROXY=y
|
||||
CONFIG_IP_NF_NAT=y
|
||||
CONFIG_IP_NF_TARGET_MASQUERADE=y
|
||||
# CONFIG_IP_NF_TARGET_NETMAP is not set
|
||||
# CONFIG_IP_NF_TARGET_REDIRECT is not set
|
||||
CONFIG_IP_NF_TARGET_NETMAP=y
|
||||
CONFIG_IP_NF_TARGET_REDIRECT=y
|
||||
CONFIG_IP_NF_MANGLE=y
|
||||
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
|
||||
# CONFIG_IP_NF_TARGET_ECN is not set
|
||||
# CONFIG_IP_NF_TARGET_TTL is not set
|
||||
# CONFIG_IP_NF_RAW is not set
|
||||
# CONFIG_IP_NF_SECURITY is not set
|
||||
# CONFIG_IP_NF_ARPTABLES is not set
|
||||
CONFIG_IP_NF_RAW=y
|
||||
CONFIG_IP_NF_SECURITY=y
|
||||
CONFIG_NF_TABLES_BRIDGE=y
|
||||
CONFIG_NFT_BRIDGE_META=y
|
||||
CONFIG_NF_LOG_BRIDGE=y
|
||||
CONFIG_BRIDGE_NF_EBTABLES=y
|
||||
# CONFIG_BRIDGE_EBT_BROUTE is not set
|
||||
CONFIG_BRIDGE_EBT_BROUTE=y
|
||||
CONFIG_BRIDGE_EBT_T_FILTER=y
|
||||
# CONFIG_BRIDGE_EBT_T_NAT is not set
|
||||
# CONFIG_BRIDGE_EBT_802_3 is not set
|
||||
# CONFIG_BRIDGE_EBT_AMONG is not set
|
||||
# CONFIG_BRIDGE_EBT_ARP is not set
|
||||
CONFIG_BRIDGE_EBT_T_NAT=y
|
||||
CONFIG_BRIDGE_EBT_IP=y
|
||||
# CONFIG_BRIDGE_EBT_LIMIT is not set
|
||||
CONFIG_BRIDGE_EBT_MARK=y
|
||||
# CONFIG_BRIDGE_EBT_PKTTYPE is not set
|
||||
# CONFIG_BRIDGE_EBT_STP is not set
|
||||
# CONFIG_BRIDGE_EBT_VLAN is not set
|
||||
# CONFIG_BRIDGE_EBT_ARPREPLY is not set
|
||||
# CONFIG_BRIDGE_EBT_DNAT is not set
|
||||
# CONFIG_BRIDGE_EBT_MARK_T is not set
|
||||
# CONFIG_BRIDGE_EBT_REDIRECT is not set
|
||||
# CONFIG_BRIDGE_EBT_SNAT is not set
|
||||
CONFIG_BRIDGE_EBT_PKTTYPE=y
|
||||
CONFIG_BRIDGE_EBT_DNAT=y
|
||||
CONFIG_BRIDGE_EBT_MARK_T=y
|
||||
CONFIG_BRIDGE_EBT_REDIRECT=y
|
||||
CONFIG_BRIDGE_EBT_SNAT=y
|
||||
CONFIG_BRIDGE_EBT_LOG=y
|
||||
CONFIG_BRIDGE_EBT_NFLOG=y
|
||||
# CONFIG_IP_DCCP is not set
|
||||
@ -1113,13 +1086,7 @@ CONFIG_RFKILL_INPUT=y
|
||||
# CONFIG_RFKILL_GPIO is not set
|
||||
CONFIG_NET_9P=m
|
||||
CONFIG_NET_9P_VIRTIO=m
|
||||
# CONFIG_NET_9P_DEBUG is not set
|
||||
# CONFIG_CAIF is not set
|
||||
# CONFIG_CEPH_LIB is not set
|
||||
# CONFIG_NFC is not set
|
||||
# CONFIG_LWTUNNEL is not set
|
||||
# CONFIG_DST_CACHE is not set
|
||||
# CONFIG_NET_DEVLINK is not set
|
||||
CONFIG_DST_CACHE=y
|
||||
CONFIG_MAY_USE_DEVLINK=y
|
||||
CONFIG_HAVE_EBPF_JIT=y
|
||||
|
||||
@ -4969,8 +4936,8 @@ CONFIG_PAX_INITIFY=y
|
||||
CONFIG_HAVE_PAX_INITIFY_INIT_EXIT=y
|
||||
# CONFIG_PAX_INITIFY_VERBOSE is not set
|
||||
CONFIG_PAX_LATENT_ENTROPY=y
|
||||
CONFIG_PAX_RAP=y
|
||||
CONFIG_PAX_RAP_VERBOSE=y
|
||||
# CONFIG_PAX_RAP is not set
|
||||
# CONFIG_PAX_RAP_VERBOSE is not set
|
||||
|
||||
#
|
||||
# Memory Protections
|
||||
|
||||
Loading…
Reference in New Issue
Block a user