From 629dd13ceeb7ae2a3a8b5d4037f0abb321511623 Mon Sep 17 00:00:00 2001
From: Fedor <fedork@ubuntu.(none)>
Date: Tue, 5 Oct 2010 17:43:02 -0400
Subject: [PATCH] Build & firewall configuration: ipt_TTL->xt_HL

---
 release/src-rt/linux/linux-2.6/config_base | 6 ++----
 release/src/Makefile                       | 8 ++++----
 release/src/router/rc/firewall.c           | 7 ++++++-
 3 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/release/src-rt/linux/linux-2.6/config_base b/release/src-rt/linux/linux-2.6/config_base
index 1c88d9c016..228e0a994b 100644
--- a/release/src-rt/linux/linux-2.6/config_base
+++ b/release/src-rt/linux/linux-2.6/config_base
@@ -390,6 +390,7 @@ CONFIG_NETFILTER_XTABLES=y
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
 CONFIG_NETFILTER_XT_TARGET_DSCP=m
+CONFIG_NETFILTER_XT_TARGET_HL=m
 CONFIG_NETFILTER_XT_TARGET_MARK=y
 CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
 # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
@@ -403,6 +404,7 @@ CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
 CONFIG_NETFILTER_XT_MATCH_DSCP=m
 # CONFIG_NETFILTER_XT_MATCH_ESP is not set
 # CONFIG_NETFILTER_XT_MATCH_HELPER is not set
+# CONFIG_NETFILTER_XT_MATCH_HL is not set
 CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
 CONFIG_NETFILTER_XT_MATCH_LENGTH=m
 CONFIG_NETFILTER_XT_MATCH_LIMIT=y
@@ -439,7 +441,6 @@ CONFIG_IP_NF_MATCH_TOS=m
 CONFIG_IP_NF_MATCH_TIME=m
 # CONFIG_IP_NF_MATCH_ECN is not set
 # CONFIG_IP_NF_MATCH_AH is not set
-# CONFIG_IP_NF_MATCH_TTL is not set
 # CONFIG_IP_NF_MATCH_OWNER is not set
 # CONFIG_IP_NF_MATCH_ADDRTYPE is not set
 CONFIG_IP_NF_MATCH_MPORT=y
@@ -469,7 +470,6 @@ CONFIG_IP_NF_MANGLE=y
 CONFIG_IP_NF_TARGET_IMQ=m
 CONFIG_IP_NF_TARGET_TOS=m
 # CONFIG_IP_NF_TARGET_ECN is not set
-CONFIG_IP_NF_TARGET_TTL=m
 # CONFIG_IP_NF_TARGET_CLUSTERIP is not set
 # CONFIG_IP_NF_RAW is not set
 # CONFIG_IP_NF_ARPTABLES is not set
@@ -495,7 +495,6 @@ CONFIG_IP_NF_TOMATOCT=y
 # CONFIG_IP6_NF_MATCH_RT is not set
 # CONFIG_IP6_NF_MATCH_OPTS is not set
 # CONFIG_IP6_NF_MATCH_FRAG is not set
-# CONFIG_IP6_NF_MATCH_HL is not set
 # CONFIG_IP6_NF_MATCH_OWNER is not set
 # CONFIG_IP6_NF_MATCH_IPV6HEADER is not set
 # CONFIG_IP6_NF_MATCH_AH is not set
@@ -506,7 +505,6 @@ CONFIG_IP_NF_TOMATOCT=y
 # CONFIG_IP6_NF_TARGET_REJECT is not set
 # CONFIG_IP6_NF_MANGLE is not set
 # CONFIG_IP6_NF_TARGET_IMQ is not set
-# CONFIG_IP6_NF_TARGET_HL is not set
 # CONFIG_IP6_NF_RAW is not set
 # CONFIG_IP6_NF_TARGET_ROUTE is not set
 
diff --git a/release/src/Makefile b/release/src/Makefile
index f7af373686..8610caec41 100644
--- a/release/src/Makefile
+++ b/release/src/Makefile
@@ -411,8 +411,6 @@ define KernelConfig
 		echo "CONFIG_IP6_NF_IPTABLES=y" >>$(1); \
 		sed -i "/CONFIG_IP6_NF_MATCH_RT/d" $(1); \
 		echo "CONFIG_IP6_NF_MATCH_RT=y" >>$(1); \
-		sed -i "/CONFIG_IP6_NF_MATCH_HL/d" $(1); \
-		echo "CONFIG_IP6_NF_MATCH_HL=y" >>$(1); \
 		sed -i "/CONFIG_IP6_NF_FILTER/d" $(1); \
 		echo "CONFIG_IP6_NF_FILTER=m" >>$(1); \
 		sed -i "/CONFIG_IP6_NF_TARGET_LOG/d" $(1); \
@@ -426,6 +424,8 @@ define KernelConfig
 		if [ "$(CONFIG_LINUX26)" = "y" ]; then \
 			sed -i "/CONFIG_NF_CONNTRACK_IPV6/d" $(1); \
 			echo "CONFIG_NF_CONNTRACK_IPV6=m" >>$(1); \
+			sed -i "/CONFIG_NETFILTER_XT_MATCH_HL/d" $(1); \
+			echo "CONFIG_NETFILTER_XT_MATCH_HL=m" >>$(1); \
 			sed -i "/CONFIG_IPV6_ROUTER_PREF/d" $(1); \
 			echo "CONFIG_IPV6_ROUTER_PREF=y" >>$(1); \
 			sed -i "/CONFIG_IPV6_SIT/d" $(1); \
@@ -434,13 +434,13 @@ define KernelConfig
 			echo "CONFIG_IPV6_MULTIPLE_TABLES=y" >>$(1); \
 			sed -i "/CONFIG_IP6_NF_TARGET_ROUTE/d" $(1); \
 			echo "CONFIG_IP6_NF_TARGET_ROUTE=m" >>$(1); \
-			sed -i "/CONFIG_IP6_NF_TARGET_HL/d" $(1); \
-			echo "CONFIG_IP6_NF_TARGET_HL=m" >>$(1); \
 			sed -i "/CONFIG_IPV6_MROUTE/d" $(1); \
 			echo "CONFIG_IPV6_MROUTE=y" >>$(1); \
 		else \
 			sed -i "/CONFIG_IP6_NF_CONNTRACK/d" $(1); \
 			echo "CONFIG_IP6_NF_CONNTRACK=m" >>$(1); \
+			sed -i "/CONFIG_IP6_NF_MATCH_HL/d" $(1); \
+			echo "CONFIG_IP6_NF_MATCH_HL=m" >>$(1); \
 			sed -i "/CONFIG_IP6_NF_FTP/d" $(1); \
 			echo "CONFIG_IP6_NF_FTP=m" >>$(1); \
 			sed -i "/CONFIG_IP6_NF_MATCH_LIMIT/d" $(1); \
diff --git a/release/src/router/rc/firewall.c b/release/src/router/rc/firewall.c
index 1bf11add70..7966ac545d 100644
--- a/release/src/router/rc/firewall.c
+++ b/release/src/router/rc/firewall.c
@@ -330,7 +330,11 @@ static void mangle_table(void)
 
 		ttl = nvram_get_int("nf_ttl");
 		if (ttl != 0) {
+#ifdef LINUX26
+			modprobe("xt_HL");
+#else
 			modprobe("ipt_TTL");
+#endif
 			if (ttl > 0) {
 				p = "in";
 			}
@@ -960,13 +964,14 @@ int start_firewall(void)
 #ifdef LINUX26
 	modprobe_r("xt_layer7");
 	modprobe_r("xt_recent");
+	modprobe_r("xt_HL");
 #else
 	modprobe_r("ipt_layer7");
 	modprobe_r("ipt_recent");
+	modprobe_r("ipt_TTL");
 #endif
 	modprobe_r("ipt_ipp2p");
 	modprobe_r("ipt_web");
-	modprobe_r("ipt_TTL");
 	modprobe_r("ipt_webmon");
 
 	unlink("/var/webmon/domain");
-- 
2.11.4.GIT