kernel: Disable all connection tracking helper modules

author Michael Tremer <michael.tremer@ipfire.org>

Tue, 13 Dec 2022 17:56:40 +0000 (17:56 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Thu, 15 Dec 2022 15:51:22 +0000 (15:51 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Tue, 13 Dec 2022 17:56:40 +0000 (17:56 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Thu, 15 Dec 2022 15:51:22 +0000 (15:51 +0000)
diff --git a/kernel/config-generic b/kernel/config-generic

index fa8734651dcc46849e3d8147af00af6e48fd1e67..acb729190722e86eaf19f9dd8cfabeb62a4b71f9 100644 (file)
--- a/kernel/config-generic
+++ b/kernel/config-generic
@@ -887,30 +887,23 @@ CONFIG_NF_CONNTRACK_TIMEOUT=y
  CONFIG_NF_CONNTRACK_TIMESTAMP=y
  CONFIG_NF_CONNTRACK_LABELS=y
  CONFIG_NF_CT_PROTO_DCCP=y
-CONFIG_NF_CT_PROTO_GRE=y
  CONFIG_NF_CT_PROTO_SCTP=y
  CONFIG_NF_CT_PROTO_UDPLITE=y
-CONFIG_NF_CONNTRACK_AMANDA=m
-CONFIG_NF_CONNTRACK_FTP=m
-CONFIG_NF_CONNTRACK_H323=m
-CONFIG_NF_CONNTRACK_IRC=m
-CONFIG_NF_CONNTRACK_BROADCAST=m
-CONFIG_NF_CONNTRACK_NETBIOS_NS=m
-CONFIG_NF_CONNTRACK_SNMP=m
-CONFIG_NF_CONNTRACK_PPTP=m
-CONFIG_NF_CONNTRACK_SANE=m
-CONFIG_NF_CONNTRACK_SIP=m
-CONFIG_NF_CONNTRACK_TFTP=m
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+# CONFIG_NF_CONNTRACK_SANE is not set
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
  CONFIG_NF_CT_NETLINK=m
  CONFIG_NF_CT_NETLINK_TIMEOUT=m
  CONFIG_NF_CT_NETLINK_HELPER=m
  CONFIG_NETFILTER_NETLINK_GLUE_CT=y
  CONFIG_NF_NAT=m
-CONFIG_NF_NAT_AMANDA=m
-CONFIG_NF_NAT_FTP=m
-CONFIG_NF_NAT_IRC=m
-CONFIG_NF_NAT_SIP=m
-CONFIG_NF_NAT_TFTP=m
  CONFIG_NF_NAT_REDIRECT=y
  CONFIG_NF_NAT_MASQUERADE=y
  CONFIG_NETFILTER_SYNPROXY=m
@@ -1015,9 +1008,7 @@ CONFIG_IP_VS_MH_TAB_INDEX=12
  #
  # IPVS application helper
  #
-CONFIG_IP_VS_FTP=m
  CONFIG_IP_VS_NFCT=y
-CONFIG_IP_VS_PE_SIP=m
  
  #
  # IP: Netfilter Configuration
@@ -1034,9 +1025,6 @@ CONFIG_NF_DUP_IPV4=m
  CONFIG_NF_LOG_ARP=m
  CONFIG_NF_LOG_IPV4=m
  CONFIG_NF_REJECT_IPV4=m
-CONFIG_NF_NAT_SNMP_BASIC=m
-CONFIG_NF_NAT_PPTP=m
-CONFIG_NF_NAT_H323=m
  # CONFIG_IP_NF_IPTABLES is not set
  # CONFIG_IP_NF_ARPTABLES is not set
  # end of IP: Netfilter Configuration
diff --git a/kernel/kernel.nm b/kernel/kernel.nm

index c5c660f5003f2854eb8ea03b953ce3584753f25a..e1fb4a836eacead71016b165b42f6774f38ad89c 100644 (file)
--- a/kernel/kernel.nm
+++ b/kernel/kernel.nm
@@ -5,7 +5,7 @@
  
  name       = kernel
  version    = 6.0.6
-release    = 0.10
+release    = 0.11
  thisapp    = linux-%{version}
  
  maintainer = Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
author	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 13 Dec 2022 17:56:40 +0000 (17:56 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 15 Dec 2022 15:51:22 +0000 (15:51 +0000)
kernel/config-generic		patch \| blob \| blame \| history
kernel/kernel.nm		patch \| blob \| blame \| history