From bacc3a889fc775fa3697415f078ea34337c7c491 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Tue, 8 Mar 2022 14:52:37 +0100 Subject: [PATCH] keepalived: enable nftables filtering Signed-off-by: Florian Eckert --- net/keepalived/Config.in | 9 +++++++++ net/keepalived/Makefile | 9 ++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/net/keepalived/Config.in b/net/keepalived/Config.in index 0cddf09f3..862398db1 100644 --- a/net/keepalived/Config.in +++ b/net/keepalived/Config.in @@ -71,6 +71,15 @@ config KEEPALIVED_IPTABLES Builds support for using iptables/ipsets for filtering packets to VIPs +config KEEPALIVED_NFTABLES + depends on KEEPALIVED_VRRP + bool + default y + prompt "Enable nftables for VIP filtering" + help + Builds support for using nftables for filtering packets + to VIPs + config KEEPALIVED_SNMP_VRRP depends on KEEPALIVED_VRRP bool diff --git a/net/keepalived/Makefile b/net/keepalived/Makefile index ab77087b4..2e288373f 100644 --- a/net/keepalived/Makefile +++ b/net/keepalived/Makefile @@ -22,6 +22,7 @@ PKG_MAINTAINER:=Ben Kelly \ Florian Eckert PKG_CONFIG_DEPENDS += \ + KEEPALIVED_NFTABLES \ KEEPALIVED_VRRP \ KEEPALIVED_LVS \ KEEPALIVED_IPTABLES \ @@ -62,6 +63,7 @@ define Package/keepalived +libnl-genl \ +libmagic \ +libkmod \ + +KEEPALIVED_NFTABLES:libnftnl \ +KEEPALIVED_VRRP:kmod-macvlan \ +KEEPALIVED_VRRP:libnl-route \ +KEEPALIVED_VRRP:libnfnetlink \ @@ -87,7 +89,6 @@ endef CONFIGURE_ARGS+= \ --with-init=SYSV \ - --disable-nftables \ --disable-track-process \ --runstatedir="/var/run" @@ -113,6 +114,12 @@ endif ifeq ($(CONFIG_KEEPALIVED_VRRP),y) + +ifeq ($(CONFIG_KEEPALIVED_NFTABLES),) +CONFIGURE_ARGS += \ + --disable-nftables +endif + ifeq ($(CONFIG_KEEPALIVED_IPTABLES),) CONFIGURE_ARGS += \ --disable-iptables