ACK: [PATCH][kvm] UBUNTU: kvm: [config] enable BRIDGE, NETFILTER, IPTABLES
Kleber Souza
kleber.souza at canonical.com
Mon Oct 23 09:40:08 UTC 2017
On 10/19/17 18:53, Kamal Mostafa wrote:
> BugLink: http://bugs.launchpad.net/bugs/1723527
>
> All required for lxd support.
>
> Signed-off-by: Kamal Mostafa <kamal at canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
> ---
> debian.kvm/config/config.common.ubuntu | 287 ++++++++++++++++++++++++++++++++-
> 1 file changed, 285 insertions(+), 2 deletions(-)
>
> diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
> index 92a641e..ef33973 100644
> --- a/debian.kvm/config/config.common.ubuntu
> +++ b/debian.kvm/config/config.common.ubuntu
> @@ -191,7 +191,30 @@ CONFIG_BPF=y
> # CONFIG_BPF_JIT is not set
> # CONFIG_BPF_SYSCALL is not set
> CONFIG_BQL=y
> -# CONFIG_BRIDGE is not set
> +CONFIG_BRIDGE=y
> +CONFIG_BRIDGE_EBT_802_3=m
> +CONFIG_BRIDGE_EBT_AMONG=m
> +CONFIG_BRIDGE_EBT_ARP=m
> +CONFIG_BRIDGE_EBT_ARPREPLY=m
> +CONFIG_BRIDGE_EBT_BROUTE=m
> +CONFIG_BRIDGE_EBT_DNAT=m
> +CONFIG_BRIDGE_EBT_IP=m
> +CONFIG_BRIDGE_EBT_IP6=m
> +CONFIG_BRIDGE_EBT_LIMIT=m
> +CONFIG_BRIDGE_EBT_LOG=m
> +CONFIG_BRIDGE_EBT_MARK=m
> +CONFIG_BRIDGE_EBT_MARK_T=m
> +CONFIG_BRIDGE_EBT_NFLOG=m
> +CONFIG_BRIDGE_EBT_PKTTYPE=m
> +CONFIG_BRIDGE_EBT_REDIRECT=m
> +CONFIG_BRIDGE_EBT_SNAT=m
> +CONFIG_BRIDGE_EBT_STP=m
> +CONFIG_BRIDGE_EBT_T_FILTER=m
> +CONFIG_BRIDGE_EBT_T_NAT=m
> +CONFIG_BRIDGE_EBT_VLAN=m
> +CONFIG_BRIDGE_IGMP_SNOOPING=y
> +CONFIG_BRIDGE_NETFILTER=m
> +CONFIG_BRIDGE_NF_EBTABLES=m
> # CONFIG_BSD_PROCESS_ACCT is not set
> # CONFIG_BT is not set
> # CONFIG_BTRFS_ASSERT is not set
> @@ -812,6 +835,26 @@ CONFIG_IO_DELAY_TYPE_0XED=1
> CONFIG_IO_DELAY_TYPE_NONE=3
> CONFIG_IO_DELAY_TYPE_UDELAY=2
> # CONFIG_IO_DELAY_UDELAY is not set
> +CONFIG_IP6_NF_FILTER=m
> +CONFIG_IP6_NF_IPTABLES=m
> +CONFIG_IP6_NF_MANGLE=m
> +CONFIG_IP6_NF_MATCH_AH=m
> +CONFIG_IP6_NF_MATCH_EUI64=m
> +CONFIG_IP6_NF_MATCH_FRAG=m
> +CONFIG_IP6_NF_MATCH_HL=m
> +CONFIG_IP6_NF_MATCH_IPV6HEADER=m
> +CONFIG_IP6_NF_MATCH_MH=m
> +CONFIG_IP6_NF_MATCH_OPTS=m
> +CONFIG_IP6_NF_MATCH_RPFILTER=m
> +CONFIG_IP6_NF_MATCH_RT=m
> +CONFIG_IP6_NF_NAT=m
> +CONFIG_IP6_NF_RAW=m
> +CONFIG_IP6_NF_SECURITY=m
> +CONFIG_IP6_NF_TARGET_HL=m
> +CONFIG_IP6_NF_TARGET_MASQUERADE=m
> +CONFIG_IP6_NF_TARGET_NPT=m
> +CONFIG_IP6_NF_TARGET_REJECT=m
> +CONFIG_IP6_NF_TARGET_SYNPROXY=m
> # CONFIG_IPACK_BUS is not set
> CONFIG_IPC_NS=y
> # CONFIG_IPMI_HANDLER is not set
> @@ -833,11 +876,75 @@ CONFIG_IPV6_SIT=y
> # CONFIG_IP_ADVANCED_ROUTER is not set
> # CONFIG_IP_DCCP is not set
> # CONFIG_IP_MULTICAST is not set
> +CONFIG_IP_NF_ARPFILTER=m
> +CONFIG_IP_NF_ARPTABLES=m
> +CONFIG_IP_NF_ARP_MANGLE=m
> +CONFIG_IP_NF_FILTER=m
> +CONFIG_IP_NF_IPTABLES=m
> +CONFIG_IP_NF_MANGLE=m
> +CONFIG_IP_NF_MATCH_AH=m
> +CONFIG_IP_NF_MATCH_ECN=m
> +CONFIG_IP_NF_MATCH_RPFILTER=m
> +CONFIG_IP_NF_MATCH_TTL=m
> +CONFIG_IP_NF_NAT=m
> +CONFIG_IP_NF_RAW=m
> +CONFIG_IP_NF_SECURITY=m
> +CONFIG_IP_NF_TARGET_CLUSTERIP=m
> +CONFIG_IP_NF_TARGET_ECN=m
> +CONFIG_IP_NF_TARGET_MASQUERADE=m
> +CONFIG_IP_NF_TARGET_NETMAP=m
> +CONFIG_IP_NF_TARGET_REDIRECT=m
> +CONFIG_IP_NF_TARGET_REJECT=m
> +CONFIG_IP_NF_TARGET_SYNPROXY=m
> +CONFIG_IP_NF_TARGET_TTL=m
> CONFIG_IP_PNP=y
> # CONFIG_IP_PNP_BOOTP is not set
> CONFIG_IP_PNP_DHCP=y
> # CONFIG_IP_PNP_RARP is not set
> # CONFIG_IP_SCTP is not set
> +CONFIG_IP_SET=m
> +CONFIG_IP_SET_BITMAP_IP=m
> +CONFIG_IP_SET_BITMAP_IPMAC=m
> +CONFIG_IP_SET_BITMAP_PORT=m
> +CONFIG_IP_SET_HASH_IP=m
> +CONFIG_IP_SET_HASH_IPMARK=m
> +CONFIG_IP_SET_HASH_IPPORT=m
> +CONFIG_IP_SET_HASH_IPPORTIP=m
> +CONFIG_IP_SET_HASH_IPPORTNET=m
> +CONFIG_IP_SET_HASH_MAC=m
> +CONFIG_IP_SET_HASH_NET=m
> +CONFIG_IP_SET_HASH_NETIFACE=m
> +CONFIG_IP_SET_HASH_NETNET=m
> +CONFIG_IP_SET_HASH_NETPORT=m
> +CONFIG_IP_SET_HASH_NETPORTNET=m
> +CONFIG_IP_SET_LIST_SET=m
> +CONFIG_IP_SET_MAX=256
> +CONFIG_IP_VS=m
> +# CONFIG_IP_VS_DEBUG is not set
> +CONFIG_IP_VS_DH=m
> +CONFIG_IP_VS_FO=m
> +CONFIG_IP_VS_FTP=m
> +CONFIG_IP_VS_IPV6=y
> +CONFIG_IP_VS_LBLC=m
> +CONFIG_IP_VS_LBLCR=m
> +CONFIG_IP_VS_LC=m
> +CONFIG_IP_VS_NFCT=y
> +CONFIG_IP_VS_NQ=m
> +CONFIG_IP_VS_OVF=m
> +CONFIG_IP_VS_PE_SIP=m
> +CONFIG_IP_VS_PROTO_AH=y
> +CONFIG_IP_VS_PROTO_AH_ESP=y
> +CONFIG_IP_VS_PROTO_ESP=y
> +CONFIG_IP_VS_PROTO_SCTP=y
> +CONFIG_IP_VS_PROTO_TCP=y
> +CONFIG_IP_VS_PROTO_UDP=y
> +CONFIG_IP_VS_RR=m
> +CONFIG_IP_VS_SED=m
> +CONFIG_IP_VS_SH=m
> +CONFIG_IP_VS_SH_TAB_BITS=8
> +CONFIG_IP_VS_TAB_BITS=12
> +CONFIG_IP_VS_WLC=m
> +CONFIG_IP_VS_WRR=m
> # CONFIG_IRDA is not set
> CONFIG_IRQ_DOMAIN=y
> # CONFIG_IRQ_DOMAIN_DEBUG is not set
> @@ -1054,7 +1161,92 @@ CONFIG_NEED_SG_DMA_LENGTH=y
> CONFIG_NET=y
> # CONFIG_NETCONSOLE is not set
> CONFIG_NETDEVICES=y
> -# CONFIG_NETFILTER is not set
> +CONFIG_NETFILTER=y
> +CONFIG_NETFILTER_ADVANCED=y
> +# CONFIG_NETFILTER_DEBUG is not set
> +CONFIG_NETFILTER_INGRESS=y
> +CONFIG_NETFILTER_NETLINK=m
> +CONFIG_NETFILTER_NETLINK_ACCT=m
> +CONFIG_NETFILTER_NETLINK_GLUE_CT=y
> +CONFIG_NETFILTER_NETLINK_LOG=m
> +CONFIG_NETFILTER_NETLINK_QUEUE=m
> +CONFIG_NETFILTER_SYNPROXY=m
> +CONFIG_NETFILTER_XTABLES=m
> +CONFIG_NETFILTER_XT_CONNMARK=m
> +CONFIG_NETFILTER_XT_MARK=m
> +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
> +CONFIG_NETFILTER_XT_MATCH_BPF=m
> +CONFIG_NETFILTER_XT_MATCH_CGROUP=m
> +CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
> +CONFIG_NETFILTER_XT_MATCH_COMMENT=m
> +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
> +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m
> +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
> +CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
> +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
> +CONFIG_NETFILTER_XT_MATCH_CPU=m
> +CONFIG_NETFILTER_XT_MATCH_DCCP=m
> +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m
> +CONFIG_NETFILTER_XT_MATCH_DSCP=m
> +CONFIG_NETFILTER_XT_MATCH_ECN=m
> +CONFIG_NETFILTER_XT_MATCH_ESP=m
> +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
> +CONFIG_NETFILTER_XT_MATCH_HELPER=m
> +CONFIG_NETFILTER_XT_MATCH_HL=m
> +CONFIG_NETFILTER_XT_MATCH_IPCOMP=m
> +CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
> +CONFIG_NETFILTER_XT_MATCH_IPVS=m
> +CONFIG_NETFILTER_XT_MATCH_L2TP=m
> +CONFIG_NETFILTER_XT_MATCH_LENGTH=m
> +CONFIG_NETFILTER_XT_MATCH_LIMIT=m
> +CONFIG_NETFILTER_XT_MATCH_MAC=m
> +CONFIG_NETFILTER_XT_MATCH_MARK=m
> +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
> +CONFIG_NETFILTER_XT_MATCH_NFACCT=m
> +CONFIG_NETFILTER_XT_MATCH_OSF=m
> +CONFIG_NETFILTER_XT_MATCH_OWNER=m
> +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
> +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
> +CONFIG_NETFILTER_XT_MATCH_POLICY=m
> +CONFIG_NETFILTER_XT_MATCH_QUOTA=m
> +CONFIG_NETFILTER_XT_MATCH_RATEEST=m
> +CONFIG_NETFILTER_XT_MATCH_REALM=m
> +CONFIG_NETFILTER_XT_MATCH_RECENT=m
> +CONFIG_NETFILTER_XT_MATCH_SCTP=m
> +CONFIG_NETFILTER_XT_MATCH_SOCKET=m
> +CONFIG_NETFILTER_XT_MATCH_STATE=m
> +CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
> +CONFIG_NETFILTER_XT_MATCH_STRING=m
> +CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
> +CONFIG_NETFILTER_XT_MATCH_TIME=m
> +CONFIG_NETFILTER_XT_MATCH_U32=m
> +CONFIG_NETFILTER_XT_NAT=m
> +CONFIG_NETFILTER_XT_SET=m
> +CONFIG_NETFILTER_XT_TARGET_AUDIT=m
> +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
> +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
> +CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
> +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
> +CONFIG_NETFILTER_XT_TARGET_CT=m
> +CONFIG_NETFILTER_XT_TARGET_DSCP=m
> +CONFIG_NETFILTER_XT_TARGET_HL=m
> +CONFIG_NETFILTER_XT_TARGET_HMARK=m
> +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
> +CONFIG_NETFILTER_XT_TARGET_LED=m
> +CONFIG_NETFILTER_XT_TARGET_LOG=m
> +CONFIG_NETFILTER_XT_TARGET_MARK=m
> +CONFIG_NETFILTER_XT_TARGET_NETMAP=m
> +CONFIG_NETFILTER_XT_TARGET_NFLOG=m
> +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
> +# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
> +CONFIG_NETFILTER_XT_TARGET_RATEEST=m
> +CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
> +CONFIG_NETFILTER_XT_TARGET_SECMARK=m
> +CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
> +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
> +CONFIG_NETFILTER_XT_TARGET_TEE=m
> +CONFIG_NETFILTER_XT_TARGET_TPROXY=m
> +CONFIG_NETFILTER_XT_TARGET_TRACE=m
> # CONFIG_NETLINK_DIAG is not set
> # CONFIG_NETPOLL is not set
> CONFIG_NETWORK_FILESYSTEMS=y
> @@ -1096,6 +1288,97 @@ CONFIG_NFS_V3=m
> # CONFIG_NFS_V3_ACL is not set
> # CONFIG_NFS_V4 is not set
> # CONFIG_NFTL is not set
> +CONFIG_NFT_BRIDGE_META=m
> +CONFIG_NFT_BRIDGE_REJECT=m
> +CONFIG_NFT_CHAIN_NAT_IPV4=m
> +CONFIG_NFT_CHAIN_NAT_IPV6=m
> +CONFIG_NFT_CHAIN_ROUTE_IPV4=m
> +CONFIG_NFT_CHAIN_ROUTE_IPV6=m
> +CONFIG_NFT_COMPAT=m
> +CONFIG_NFT_COUNTER=m
> +CONFIG_NFT_CT=m
> +CONFIG_NFT_DUP_IPV4=m
> +CONFIG_NFT_DUP_IPV6=m
> +CONFIG_NFT_EXTHDR=m
> +CONFIG_NFT_HASH=m
> +CONFIG_NFT_LIMIT=m
> +CONFIG_NFT_LOG=m
> +CONFIG_NFT_MASQ=m
> +CONFIG_NFT_MASQ_IPV4=m
> +CONFIG_NFT_MASQ_IPV6=m
> +CONFIG_NFT_META=m
> +CONFIG_NFT_NAT=m
> +CONFIG_NFT_QUEUE=m
> +CONFIG_NFT_RBTREE=m
> +CONFIG_NFT_REDIR=m
> +CONFIG_NFT_REDIR_IPV4=m
> +CONFIG_NFT_REDIR_IPV6=m
> +CONFIG_NFT_REJECT=m
> +CONFIG_NFT_REJECT_INET=m
> +CONFIG_NFT_REJECT_IPV4=m
> +CONFIG_NFT_REJECT_IPV6=m
> +CONFIG_NF_CONNTRACK=m
> +CONFIG_NF_CONNTRACK_AMANDA=m
> +CONFIG_NF_CONNTRACK_BROADCAST=m
> +CONFIG_NF_CONNTRACK_EVENTS=y
> +CONFIG_NF_CONNTRACK_FTP=m
> +CONFIG_NF_CONNTRACK_H323=m
> +CONFIG_NF_CONNTRACK_IPV4=m
> +CONFIG_NF_CONNTRACK_IPV6=m
> +CONFIG_NF_CONNTRACK_IRC=m
> +CONFIG_NF_CONNTRACK_LABELS=y
> +CONFIG_NF_CONNTRACK_MARK=y
> +CONFIG_NF_CONNTRACK_NETBIOS_NS=m
> +CONFIG_NF_CONNTRACK_PPTP=m
> +# CONFIG_NF_CONNTRACK_PROCFS is not set
> +CONFIG_NF_CONNTRACK_SANE=m
> +CONFIG_NF_CONNTRACK_SECMARK=y
> +CONFIG_NF_CONNTRACK_SIP=m
> +CONFIG_NF_CONNTRACK_SNMP=m
> +CONFIG_NF_CONNTRACK_TFTP=m
> +CONFIG_NF_CONNTRACK_TIMEOUT=y
> +CONFIG_NF_CONNTRACK_TIMESTAMP=y
> +CONFIG_NF_CONNTRACK_ZONES=y
> +CONFIG_NF_CT_NETLINK=m
> +CONFIG_NF_CT_NETLINK_HELPER=m
> +CONFIG_NF_CT_NETLINK_TIMEOUT=m
> +CONFIG_NF_CT_PROTO_DCCP=m
> +CONFIG_NF_CT_PROTO_GRE=m
> +CONFIG_NF_CT_PROTO_SCTP=m
> +CONFIG_NF_CT_PROTO_UDPLITE=m
> +CONFIG_NF_LOG_ARP=m
> +CONFIG_NF_LOG_BRIDGE=m
> +CONFIG_NF_LOG_COMMON=m
> +CONFIG_NF_LOG_IPV4=m
> +CONFIG_NF_LOG_IPV6=m
> +CONFIG_NF_NAT=m
> +CONFIG_NF_NAT_AMANDA=m
> +CONFIG_NF_NAT_FTP=m
> +CONFIG_NF_NAT_H323=m
> +CONFIG_NF_NAT_IPV4=m
> +CONFIG_NF_NAT_IPV6=m
> +CONFIG_NF_NAT_IRC=m
> +CONFIG_NF_NAT_MASQUERADE_IPV4=m
> +CONFIG_NF_NAT_MASQUERADE_IPV6=m
> +CONFIG_NF_NAT_NEEDED=y
> +CONFIG_NF_NAT_PPTP=m
> +CONFIG_NF_NAT_PROTO_DCCP=m
> +CONFIG_NF_NAT_PROTO_GRE=m
> +CONFIG_NF_NAT_PROTO_SCTP=m
> +CONFIG_NF_NAT_PROTO_UDPLITE=m
> +CONFIG_NF_NAT_REDIRECT=m
> +CONFIG_NF_NAT_SIP=m
> +CONFIG_NF_NAT_SNMP_BASIC=m
> +CONFIG_NF_NAT_TFTP=m
> +CONFIG_NF_REJECT_IPV4=m
> +CONFIG_NF_REJECT_IPV6=m
> +CONFIG_NF_TABLES=m
> +CONFIG_NF_TABLES_ARP=m
> +CONFIG_NF_TABLES_BRIDGE=m
> +CONFIG_NF_TABLES_INET=m
> +CONFIG_NF_TABLES_IPV4=m
> +CONFIG_NF_TABLES_IPV6=m
> +CONFIG_NF_TABLES_NETDEV=m
> CONFIG_NILFS2_FS=m
> CONFIG_NLATTR=y
> # CONFIG_NLMON is not set
>
More information about the kernel-team
mailing list