From 002c31ed538e824d6b8c68e710cef311c14cf086 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Wed, 24 Sep 2014 10:40:47 -0700
Subject: [PATCH] coreos-kernel: enable support for using ipset with iptables

We enabled ipset support a while back but missed NETFILTER_XT_SET which
is needed for using ipsets in iptables rules. Enable a few other
iptables options we were missing just in case someone wants them.
---
 ...16.2-r3.ebuild => coreos-kernel-3.16.2-r4.ebuild} |  0
 .../coreos-kernel/files/x86_64_defconfig-3.16.2      | 12 +++++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-3.16.2-r3.ebuild => coreos-kernel-3.16.2-r4.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-3.16.2-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-3.16.2-r4.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-3.16.2-r3.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-3.16.2-r4.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/x86_64_defconfig-3.16.2 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/x86_64_defconfig-3.16.2
index d9cf1a8d35..c69f1a4c2e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/x86_64_defconfig-3.16.2
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/files/x86_64_defconfig-3.16.2
@@ -810,6 +810,7 @@ CONFIG_NETFILTER_NETLINK_LOG=m
 CONFIG_NF_CONNTRACK=m
 CONFIG_NF_CONNTRACK_MARK=y
 CONFIG_NF_CONNTRACK_SECMARK=y
+CONFIG_NF_CONNTRACK_ZONES=y
 CONFIG_NF_CONNTRACK_PROCFS=y
 CONFIG_NF_CONNTRACK_EVENTS=y
 CONFIG_NF_CONNTRACK_TIMEOUT=y
@@ -832,7 +833,8 @@ CONFIG_NF_CONNTRACK_SIP=m
 CONFIG_NF_CONNTRACK_TFTP=m
 CONFIG_NF_CT_NETLINK=m
 CONFIG_NF_CT_NETLINK_TIMEOUT=m
-# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
+CONFIG_NF_CT_NETLINK_HELPER=m
+CONFIG_NETFILTER_NETLINK_QUEUE_CT=y
 CONFIG_NF_NAT=m
 CONFIG_NF_NAT_NEEDED=y
 CONFIG_NF_NAT_PROTO_DCCP=m
@@ -852,7 +854,7 @@ CONFIG_NETFILTER_XTABLES=y
 #
 CONFIG_NETFILTER_XT_MARK=m
 CONFIG_NETFILTER_XT_CONNMARK=m
-# CONFIG_NETFILTER_XT_SET is not set
+CONFIG_NETFILTER_XT_SET=m
 
 #
 # Xtables targets
@@ -861,7 +863,7 @@ CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
 CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
-# CONFIG_NETFILTER_XT_TARGET_CT is not set
+CONFIG_NETFILTER_XT_TARGET_CT=m
 CONFIG_NETFILTER_XT_TARGET_DSCP=m
 CONFIG_NETFILTER_XT_TARGET_HL=m
 CONFIG_NETFILTER_XT_TARGET_HMARK=m
@@ -876,7 +878,7 @@ CONFIG_NETFILTER_XT_TARGET_RATEEST=m
 CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
 CONFIG_NETFILTER_XT_TARGET_TEE=m
 CONFIG_NETFILTER_XT_TARGET_TPROXY=m
-# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=m
 CONFIG_NETFILTER_XT_TARGET_SECMARK=m
 CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
 CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
@@ -905,7 +907,7 @@ CONFIG_NETFILTER_XT_MATCH_HELPER=m
 CONFIG_NETFILTER_XT_MATCH_HL=m
 CONFIG_NETFILTER_XT_MATCH_IPCOMP=m
 CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
-# CONFIG_NETFILTER_XT_MATCH_IPVS is not set
+CONFIG_NETFILTER_XT_MATCH_IPVS=m
 CONFIG_NETFILTER_XT_MATCH_L2TP=m
 CONFIG_NETFILTER_XT_MATCH_LENGTH=m
 CONFIG_NETFILTER_XT_MATCH_LIMIT=m