It was possible to set NF_CONNTRACK=n NF_CONNTRACK_LABELS=y via NETFILTER_XT_MATCH_CONNLABEL=y: warning: (NETFILTER_XT_MATCH_CONNLABEL) selects NF_CONNTRACK_LABELS which has unmet direct dependencies (NET && INET && NETFILTER && NF_CONNTRACK) Reported-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx> Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index eb2c8eb..d4dd702 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -860,6 +860,7 @@ config NETFILTER_XT_MATCH_CONNBYTES config NETFILTER_XT_MATCH_CONNLABEL tristate '"connlabel" match support' select NF_CONNTRACK_LABELS + depends on NF_CONNTRACK depends on NETFILTER_ADVANCED ---help--- This match allows you to test and assign userspace-defined labels names -- 1.7.8.6 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html