[PATCH 1/1] UBUNTU: [karmic] Set NETFILTER configs the same for lpia, i386 and amd64

[Brad Figg]

Bug: #357768

The 'recent' module of iptables is broken on lpia because the kernel is
compiled without CONFIG_NETFILTER_XT_MATCH_RECENT. This is a regression
over Intrepid:

$ grep RECENT ./config-2.6.2*
./config-2.6.27-4-lpia:CONFIG_IP_NF_MATCH_RECENT=m
./config-2.6.28-11-lpia:# CONFIG_NETFILTER_XT_MATCH_RECENT is not set

$ cat /proc/version_signature
Ubuntu 2.6.28-11.40-lpia
$ sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m
recent --set
iptables: No chain/target/match by that name

Ufw uses this module when using the LIMIT command, which causes the
firewall to not load on boot due to iptables-restore failing. Ufw users
are only affected when using LIMIT rules.

The LPIA configuration was modifified to match the NETFILTER
configuration for amd64 and i386.

Signed-off-by: Brad Figg <brad.figg at canonical.com>
---
 debian/config/lpia/config |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/debian/config/lpia/config b/debian/config/lpia/config
index dd1feb5..f572a00 100644
--- a/debian/config/lpia/config
+++ b/debian/config/lpia/config
@@ -1918,7 +1918,7 @@ CONFIG_NETFILTER_ADVANCED=y
 CONFIG_NETFILTER_NETLINK=m
 CONFIG_NETFILTER_NETLINK_LOG=m
 CONFIG_NETFILTER_NETLINK_QUEUE=m
-# CONFIG_NETFILTER_TPROXY is not set
+CONFIG_NETFILTER_TPROXY=m
 CONFIG_NETFILTER_XTABLES=m
 CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
 CONFIG_NETFILTER_XT_MATCH_COMMENT=m
@@ -1945,8 +1945,10 @@ CONFIG_NETFILTER_XT_MATCH_POLICY=m
 CONFIG_NETFILTER_XT_MATCH_QUOTA=m
 CONFIG_NETFILTER_XT_MATCH_RATEEST=m
 CONFIG_NETFILTER_XT_MATCH_REALM=m
-# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_RECENT=m
+# CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT is not set
 CONFIG_NETFILTER_XT_MATCH_SCTP=m
+CONFIG_NETFILTER_XT_MATCH_SOCKET=m
 CONFIG_NETFILTER_XT_MATCH_STATE=m
 CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
 CONFIG_NETFILTER_XT_MATCH_STRING=m
@@ -1966,6 +1968,7 @@ CONFIG_NETFILTER_XT_TARGET_RATEEST=m
 CONFIG_NETFILTER_XT_TARGET_SECMARK=m
 CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+CONFIG_NETFILTER_XT_TARGET_TPROXY=m
 CONFIG_NETFILTER_XT_TARGET_TRACE=m
 CONFIG_NETLABEL=y
 CONFIG_NETPOLL=y
-- 
1.6.1.3