Hi,

The security working group need to use "nftables", and it requires to add the below kernel configs to work.

Before merging to the master branch of "isar-cip-core", would you kindly review to add the below configs by this Friday, everyone?

--- a/recipes-kernel/linux/files/qemu-amd64_defconfig

+++ b/recipes-kernel/linux/files/qemu-amd64_defconfig

@@ -351,3 +351,34 @@ CONFIG_CRYPTO_DEV_CCP=y

# CONFIG_XZ_DEC_ARM is not set

# CONFIG_XZ_DEC_ARMTHUMB is not set

# CONFIG_XZ_DEC_SPARC is not set

+CONFIG_NF_TABLES=y

+CONFIG_NF_TABLES_INET=y

+CONFIG_NF_TABLES_NETDEV=y

+CONFIG_NFT_EXTHDR=y

+CONFIG_NFT_META=y

+CONFIG_NFT_CT=y

+CONFIG_NFT_RBTREE=y

+CONFIG_NFT_HASH=y

+CONFIG_NFT_COUNTER=y

+CONFIG_NFT_LOG=y

+CONFIG_NFT_LIMIT=y

+CONFIG_NFT_MASQ=y

+CONFIG_NFT_REDIR=y

+CONFIG_NFT_NAT=y

+CONFIG_NFT_QUEUE=y

+CONFIG_NFT_REJECT=y

+CONFIG_NFT_REJECT_INET=y

+CONFIG_NFT_COMPAT=y

+CONFIG_NFT_CHAIN_ROUTE_IPV4=y

+CONFIG_NFT_REJECT_IPV4=y

+CONFIG_NFT_CHAIN_NAT_IPV4=y

+CONFIG_NFT_MASQ_IPV4=y

+# CONFIG_NFT_REDIR_IPV4 is not set

+CONFIG_NFT_CHAIN_ROUTE_IPV6=y

+CONFIG_NFT_REJECT_IPV6=y

+CONFIG_NFT_CHAIN_NAT_IPV6=y

+CONFIG_NFT_MASQ_IPV6=y

+# CONFIG_NFT_REDIR_IPV6 is not set

+CONFIG_NFT_BRIDGE_META=y

+CONFIG_NFT_BRIDGE_REJECT=y

+CONFIG_NF_LOG_BRIDGE=y

BR, Kent