Breno Leitao <leitao@xxxxxxxxxx> wrote:
> Hello Florian,
>
> I am rebasing my workflow in into a new kernel, and I have a question
> that you might be able to help me. It is related to
> IP6_NF_IPTABLES_LEGACY Kconfig, and the change in a9525c7f6219cee9
> ("netfilter: xtables: allow xtables-nft only builds").
>
> In my kernel before this change, I used to have ip6_tables "module" as
> builtin (CONFIG_IP6_NF_IPTABLES=y), and all the other dependencies as
> modules, such as IP6_NF_FILTER=m, IP6_NF_MANGLE=m, IP6_NF_RAW=m.
>
> After the mentioned commit above, I am not able to have ip6_tables set
> as a builtin (=y) anymore, give that it is a "hidden" configuration, and
> the only way is to change some of the selectable dependencies
> (IP6_NF_RAW for insntance) to be a built-in (=y).
>
> That said, do you know if I can keep the ip6_tables as builtin without
> changing any of the selectable dependencies configuration. In other
> words, is it possible to keep the old behaviour (ip6_table builtin and
> the dependenceis as modules) with the new IP6_NF_IPTABLES_LEGACY
> configuration?
No. But why would you need it?
ip6_tables.c is only relevant for the various tables.
You could make a patch for nf-next that exposes those symbols as per description
in a9525c7f6219cee9284c0031c5930e8d41384677, i.e. with 'depends on'
change.
