ACK: [PATCH] UBUNTU: [Config] kvm: enable nftables (and modules)

Colin Ian King colin.king at canonical.com
Fri Jul 10 13:20:47 UTC 2020 

On 10/07/2020 13:52, Paolo Pisati wrote:
> BugLink: https://bugs.launchpad.net/bugs/1881346
> 
> Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
> ---
>  debian.kvm/config/config.common.ubuntu | 51 +++++++++++++++++++++++++++++++++-
>  1 file changed, 50 insertions(+), 1 deletion(-)
> 
> diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
> index affa1a3..43b3e9a 100644
> --- a/debian.kvm/config/config.common.ubuntu
> +++ b/debian.kvm/config/config.common.ubuntu
> @@ -1691,6 +1691,42 @@ CONFIG_NFS_V3=m
>  # CONFIG_NFS_V3_ACL is not set
>  # CONFIG_NFS_V4 is not set
>  # CONFIG_NFTL is not set
> +CONFIG_NFT_BRIDGE_META=m
> +CONFIG_NFT_BRIDGE_REJECT=m
> +CONFIG_NFT_COMPAT=m
> +CONFIG_NFT_CONNLIMIT=m
> +CONFIG_NFT_COUNTER=m
> +CONFIG_NFT_CT=m
> +CONFIG_NFT_DUP_IPV4=m
> +CONFIG_NFT_DUP_IPV6=m
> +CONFIG_NFT_DUP_NETDEV=m
> +CONFIG_NFT_FIB=m
> +CONFIG_NFT_FIB_INET=m
> +CONFIG_NFT_FIB_IPV4=m
> +CONFIG_NFT_FIB_IPV6=m
> +CONFIG_NFT_FIB_NETDEV=m
> +CONFIG_NFT_FLOW_OFFLOAD=m
> +CONFIG_NFT_FWD_NETDEV=m
> +CONFIG_NFT_HASH=m
> +CONFIG_NFT_LIMIT=m
> +CONFIG_NFT_LOG=m
> +CONFIG_NFT_MASQ=m
> +CONFIG_NFT_NAT=m
> +CONFIG_NFT_NUMGEN=m
> +CONFIG_NFT_OBJREF=m
> +CONFIG_NFT_OSF=m
> +CONFIG_NFT_QUEUE=m
> +CONFIG_NFT_QUOTA=m
> +CONFIG_NFT_REDIR=m
> +CONFIG_NFT_REJECT=m
> +CONFIG_NFT_REJECT_INET=m
> +CONFIG_NFT_REJECT_IPV4=m
> +CONFIG_NFT_REJECT_IPV6=m
> +CONFIG_NFT_SOCKET=m
> +CONFIG_NFT_SYNPROXY=m
> +CONFIG_NFT_TPROXY=m
> +CONFIG_NFT_TUNNEL=m
> +CONFIG_NFT_XFRM=m
>  CONFIG_NF_CONNTRACK=m
>  CONFIG_NF_CONNTRACK_AMANDA=m
>  # CONFIG_NF_CONNTRACK_BRIDGE is not set
> @@ -1723,7 +1759,13 @@ CONFIG_NF_DEFRAG_IPV4=m
>  CONFIG_NF_DEFRAG_IPV6=m
>  CONFIG_NF_DUP_IPV4=m
>  CONFIG_NF_DUP_IPV6=m
> +CONFIG_NF_DUP_NETDEV=m
> +CONFIG_NF_FLOW_TABLE=m
> +CONFIG_NF_FLOW_TABLE_INET=m
> +CONFIG_NF_FLOW_TABLE_IPV4=m
> +CONFIG_NF_FLOW_TABLE_IPV6=m
>  # CONFIG_NF_LOG_ARP is not set
> +CONFIG_NF_LOG_BRIDGE=m
>  CONFIG_NF_LOG_COMMON=m
>  CONFIG_NF_LOG_IPV4=m
>  CONFIG_NF_LOG_IPV6=m
> @@ -1743,7 +1785,14 @@ CONFIG_NF_REJECT_IPV4=m
>  CONFIG_NF_REJECT_IPV6=m
>  CONFIG_NF_SOCKET_IPV4=m
>  CONFIG_NF_SOCKET_IPV6=m
> -# CONFIG_NF_TABLES is not set
> +CONFIG_NF_TABLES=m
> +CONFIG_NF_TABLES_ARP=y
> +CONFIG_NF_TABLES_BRIDGE=m
> +CONFIG_NF_TABLES_INET=y
> +CONFIG_NF_TABLES_IPV4=y
> +CONFIG_NF_TABLES_IPV6=y
> +CONFIG_NF_TABLES_NETDEV=y
> +CONFIG_NF_TABLES_SET=m
>  CONFIG_NF_TPROXY_IPV4=m
>  CONFIG_NF_TPROXY_IPV6=m
>  CONFIG_NILFS2_FS=m
> 
The impact on boot performance is not noticeable, I'm happy with this.

Acked-by: Colin Ian King <colin.king at canonical.com>

More information about the kernel-team mailing list