I'm attempting to recompile the kernel to enable full IP Tables for Shorewall.
The shipping kernel didn't have any netfilter support; so I grabbed 2.6.30rc1 source and turned all the netfilter stuff on as modules. The new kernel worked great; I moved over the new kernel modules I compiled and they'd load but Shorewall still failed to start. Some tracking down led me to ensure I had xt_state.ko; and I didn't. It doesn't appear to exist in any of the 2.6.30rc1-rc3 versions when basing off the kirkwood_defconfig:
Now, if I use the config of the kernel of my host machine (the one Ubuntu kindly puts in /boot) the netfilter options include state:
I tried manually adding the 'CONFIG_NETFILTER_XT_MATCH_STATE=m' line to my .config between 'CONFIG_NETFILTER_XT_MATCH_SCTP=m' and 'CONFIG_NETFILTER_XT_MATCH_STATISTIC=m' (which is where it appears it *should* be), but 'make -j2 ARCH=arm CROSS_COMPILE=/plug/arm-2008q3/bin/arm-none-eabi- uImage' decides the .config is broken (and restarts configuration).
I'm not especially experienced with cross-compiling Linux kernels so perhaps there is a trick I'm missing. Or perhaps ARM just doesn't support this particular module, though I can't think of a good reason why that might be the case. I'd appreciate any input folks may have on the topic.