From aa7acdd67c3e5efe0175ebb4b6d5dcb7b9346742 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Tue, 27 Jan 2026 17:53:36 +0100 Subject: [PATCH 1/2] kernel: Add iptables modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Needed for dockerd Signed-off-by: Paweł Gronowski --- kernel/config-6.12.44-arm64 | 33 ++++++++++++++++++++++++++++----- kernel/config-6.12.44-x86_64 | 33 ++++++++++++++++++++++++++++----- 2 files changed, 56 insertions(+), 10 deletions(-) diff --git a/kernel/config-6.12.44-arm64 b/kernel/config-6.12.44-arm64 index 8d4aa68..0591954 100644 --- a/kernel/config-6.12.44-arm64 +++ b/kernel/config-6.12.44-arm64 @@ -1031,7 +1031,7 @@ CONFIG_NETWORK_SECMARK=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y CONFIG_NETFILTER_ADVANCED=y -# CONFIG_BRIDGE_NETFILTER is not set +CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration @@ -1039,6 +1039,7 @@ CONFIG_NETFILTER_ADVANCED=y CONFIG_NETFILTER_INGRESS=y # CONFIG_NETFILTER_EGRESS is not set CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y CONFIG_NETFILTER_FAMILY_ARP=y CONFIG_NETFILTER_BPF_LINK=y CONFIG_NETFILTER_NETLINK_ACCT=y @@ -1158,6 +1159,7 @@ CONFIG_NETFILTER_XT_MATCH_NFACCT=y CONFIG_NETFILTER_XT_MATCH_OSF=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y +# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y @@ -1280,12 +1282,33 @@ CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # -# CONFIG_NF_SOCKET_IPV6 is not set -# CONFIG_NF_TPROXY_IPV6 is not set +CONFIG_IP6_NF_IPTABLES_LEGACY=y +CONFIG_NF_SOCKET_IPV6=y +CONFIG_NF_TPROXY_IPV6=y CONFIG_NF_DUP_IPV6=y -# CONFIG_NF_REJECT_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y CONFIG_NF_LOG_IPV6=y -# CONFIG_IP6_NF_IPTABLES is not set +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +CONFIG_IP6_NF_MATCH_RPFILTER=y +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_MATCH_SRH=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP6_NF_TARGET_SYNPROXY=y +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_SECURITY=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=y diff --git a/kernel/config-6.12.44-x86_64 b/kernel/config-6.12.44-x86_64 index b5eb220..287a40b 100644 --- a/kernel/config-6.12.44-x86_64 +++ b/kernel/config-6.12.44-x86_64 @@ -1006,7 +1006,7 @@ CONFIG_NET_PTP_CLASSIFY=y # CONFIG_NETWORK_PHY_TIMESTAMPING is not set CONFIG_NETFILTER=y CONFIG_NETFILTER_ADVANCED=y -# CONFIG_BRIDGE_NETFILTER is not set +CONFIG_BRIDGE_NETFILTER=y # # Core Netfilter Configuration @@ -1014,6 +1014,7 @@ CONFIG_NETFILTER_ADVANCED=y CONFIG_NETFILTER_INGRESS=y # CONFIG_NETFILTER_EGRESS is not set CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_BRIDGE=y CONFIG_NETFILTER_FAMILY_ARP=y CONFIG_NETFILTER_BPF_LINK=y CONFIG_NETFILTER_NETLINK_ACCT=y @@ -1133,6 +1134,7 @@ CONFIG_NETFILTER_XT_MATCH_NFACCT=y CONFIG_NETFILTER_XT_MATCH_OSF=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y +# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y @@ -1255,12 +1257,33 @@ CONFIG_IP_NF_ARP_MANGLE=y # # IPv6: Netfilter Configuration # -# CONFIG_NF_SOCKET_IPV6 is not set -# CONFIG_NF_TPROXY_IPV6 is not set +CONFIG_IP6_NF_IPTABLES_LEGACY=y +CONFIG_NF_SOCKET_IPV6=y +CONFIG_NF_TPROXY_IPV6=y CONFIG_NF_DUP_IPV6=y -# CONFIG_NF_REJECT_IPV6 is not set +CONFIG_NF_REJECT_IPV6=y CONFIG_NF_LOG_IPV6=y -# CONFIG_IP6_NF_IPTABLES is not set +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_AH=y +CONFIG_IP6_NF_MATCH_EUI64=y +CONFIG_IP6_NF_MATCH_FRAG=y +CONFIG_IP6_NF_MATCH_OPTS=y +CONFIG_IP6_NF_MATCH_HL=y +CONFIG_IP6_NF_MATCH_IPV6HEADER=y +CONFIG_IP6_NF_MATCH_MH=y +CONFIG_IP6_NF_MATCH_RPFILTER=y +CONFIG_IP6_NF_MATCH_RT=y +CONFIG_IP6_NF_MATCH_SRH=y +CONFIG_IP6_NF_TARGET_HL=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP6_NF_TARGET_SYNPROXY=y +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_SECURITY=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=y From 34dbcbab8bc3b4d12bb0d4fe1ba2f0366c3a2bb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Tue, 27 Jan 2026 18:46:35 +0100 Subject: [PATCH 2/2] kernel: Add nftables modules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paweł Gronowski --- kernel/config-6.12.44-arm64 | 38 +++++++++++++++++++++++++++++++++++- kernel/config-6.12.44-x86_64 | 38 +++++++++++++++++++++++++++++++++++- 2 files changed, 74 insertions(+), 2 deletions(-) diff --git a/kernel/config-6.12.44-arm64 b/kernel/config-6.12.44-arm64 index 0591954..4e39279 100644 --- a/kernel/config-6.12.44-arm64 +++ b/kernel/config-6.12.44-arm64 @@ -1042,6 +1042,7 @@ CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_FAMILY_BRIDGE=y CONFIG_NETFILTER_FAMILY_ARP=y CONFIG_NETFILTER_BPF_LINK=y +# CONFIG_NETFILTER_NETLINK_HOOK is not set CONFIG_NETFILTER_NETLINK_ACCT=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y @@ -1085,7 +1086,32 @@ CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_REDIRECT=y CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=y -# CONFIG_NF_TABLES is not set +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +# CONFIG_NFT_NUMGEN is not set +CONFIG_NFT_CT=y +# CONFIG_NFT_CONNLIMIT is not set +# CONFIG_NFT_LOG is not set +# CONFIG_NFT_LIMIT is not set +CONFIG_NFT_MASQ=y +# CONFIG_NFT_REDIR is not set +CONFIG_NFT_NAT=y +# CONFIG_NFT_TUNNEL is not set +# CONFIG_NFT_QUEUE is not set +# CONFIG_NFT_QUOTA is not set +# CONFIG_NFT_REJECT is not set +CONFIG_NFT_COMPAT=y +# CONFIG_NFT_HASH is not set +# CONFIG_NFT_XFRM is not set +# CONFIG_NFT_SOCKET is not set +# CONFIG_NFT_OSF is not set +# CONFIG_NFT_TPROXY is not set +# CONFIG_NFT_SYNPROXY is not set +# CONFIG_NF_DUP_NETDEV is not set +# CONFIG_NFT_DUP_NETDEV is not set +# CONFIG_NFT_FWD_NETDEV is not set +# CONFIG_NF_FLOW_TABLE is not set CONFIG_NETFILTER_XTABLES=y # @@ -1250,6 +1276,10 @@ CONFIG_NF_DEFRAG_IPV4=y CONFIG_IP_NF_IPTABLES_LEGACY=y # CONFIG_NF_SOCKET_IPV4 is not set CONFIG_NF_TPROXY_IPV4=y +CONFIG_NF_TABLES_IPV4=y +# CONFIG_NFT_DUP_IPV4 is not set +# CONFIG_NFT_FIB_IPV4 is not set +CONFIG_NF_TABLES_ARP=y CONFIG_NF_DUP_IPV4=y # CONFIG_NF_LOG_ARP is not set CONFIG_NF_LOG_IPV4=y @@ -1275,6 +1305,7 @@ CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_SECURITY=y CONFIG_IP_NF_ARPTABLES=y +CONFIG_NFT_COMPAT_ARP=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # end of IP: Netfilter Configuration @@ -1285,6 +1316,9 @@ CONFIG_IP_NF_ARP_MANGLE=y CONFIG_IP6_NF_IPTABLES_LEGACY=y CONFIG_NF_SOCKET_IPV6=y CONFIG_NF_TPROXY_IPV6=y +CONFIG_NF_TABLES_IPV6=y +# CONFIG_NFT_DUP_IPV6 is not set +# CONFIG_NFT_FIB_IPV6 is not set CONFIG_NF_DUP_IPV6=y CONFIG_NF_REJECT_IPV6=y CONFIG_NF_LOG_IPV6=y @@ -1312,6 +1346,8 @@ CONFIG_IP6_NF_TARGET_NPT=y # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_TABLES_BRIDGE=y +# CONFIG_NFT_BRIDGE_META is not set # CONFIG_NF_CONNTRACK_BRIDGE is not set # CONFIG_BRIDGE_NF_EBTABLES is not set # CONFIG_IP_DCCP is not set diff --git a/kernel/config-6.12.44-x86_64 b/kernel/config-6.12.44-x86_64 index 287a40b..31fa3be 100644 --- a/kernel/config-6.12.44-x86_64 +++ b/kernel/config-6.12.44-x86_64 @@ -1017,6 +1017,7 @@ CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_FAMILY_BRIDGE=y CONFIG_NETFILTER_FAMILY_ARP=y CONFIG_NETFILTER_BPF_LINK=y +# CONFIG_NETFILTER_NETLINK_HOOK is not set CONFIG_NETFILTER_NETLINK_ACCT=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y @@ -1060,7 +1061,32 @@ CONFIG_NF_NAT_TFTP=y CONFIG_NF_NAT_REDIRECT=y CONFIG_NF_NAT_MASQUERADE=y CONFIG_NETFILTER_SYNPROXY=y -# CONFIG_NF_TABLES is not set +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +# CONFIG_NFT_NUMGEN is not set +CONFIG_NFT_CT=y +# CONFIG_NFT_CONNLIMIT is not set +# CONFIG_NFT_LOG is not set +# CONFIG_NFT_LIMIT is not set +CONFIG_NFT_MASQ=y +# CONFIG_NFT_REDIR is not set +CONFIG_NFT_NAT=y +# CONFIG_NFT_TUNNEL is not set +# CONFIG_NFT_QUEUE is not set +# CONFIG_NFT_QUOTA is not set +# CONFIG_NFT_REJECT is not set +CONFIG_NFT_COMPAT=y +# CONFIG_NFT_HASH is not set +# CONFIG_NFT_XFRM is not set +# CONFIG_NFT_SOCKET is not set +# CONFIG_NFT_OSF is not set +# CONFIG_NFT_TPROXY is not set +# CONFIG_NFT_SYNPROXY is not set +# CONFIG_NF_DUP_NETDEV is not set +# CONFIG_NFT_DUP_NETDEV is not set +# CONFIG_NFT_FWD_NETDEV is not set +# CONFIG_NF_FLOW_TABLE is not set CONFIG_NETFILTER_XTABLES=y # @@ -1225,6 +1251,10 @@ CONFIG_NF_DEFRAG_IPV4=y CONFIG_IP_NF_IPTABLES_LEGACY=y # CONFIG_NF_SOCKET_IPV4 is not set CONFIG_NF_TPROXY_IPV4=y +CONFIG_NF_TABLES_IPV4=y +# CONFIG_NFT_DUP_IPV4 is not set +# CONFIG_NFT_FIB_IPV4 is not set +CONFIG_NF_TABLES_ARP=y CONFIG_NF_DUP_IPV4=y # CONFIG_NF_LOG_ARP is not set CONFIG_NF_LOG_IPV4=y @@ -1250,6 +1280,7 @@ CONFIG_IP_NF_TARGET_TTL=y CONFIG_IP_NF_RAW=y CONFIG_IP_NF_SECURITY=y CONFIG_IP_NF_ARPTABLES=y +CONFIG_NFT_COMPAT_ARP=y CONFIG_IP_NF_ARPFILTER=y CONFIG_IP_NF_ARP_MANGLE=y # end of IP: Netfilter Configuration @@ -1260,6 +1291,9 @@ CONFIG_IP_NF_ARP_MANGLE=y CONFIG_IP6_NF_IPTABLES_LEGACY=y CONFIG_NF_SOCKET_IPV6=y CONFIG_NF_TPROXY_IPV6=y +CONFIG_NF_TABLES_IPV6=y +# CONFIG_NFT_DUP_IPV6 is not set +# CONFIG_NFT_FIB_IPV6 is not set CONFIG_NF_DUP_IPV6=y CONFIG_NF_REJECT_IPV6=y CONFIG_NF_LOG_IPV6=y @@ -1287,6 +1321,8 @@ CONFIG_IP6_NF_TARGET_NPT=y # end of IPv6: Netfilter Configuration CONFIG_NF_DEFRAG_IPV6=y +CONFIG_NF_TABLES_BRIDGE=y +# CONFIG_NFT_BRIDGE_META is not set # CONFIG_NF_CONNTRACK_BRIDGE is not set # CONFIG_BRIDGE_NF_EBTABLES is not set # CONFIG_IP_DCCP is not set