From eccb45627ec62311d1c9cb18f02abef638a5291f Mon Sep 17 00:00:00 2001
From: Supriya Mane <sm.supriya@globaledgesoft.com>
Date: Tue, 9 Mar 2021 14:28:52 +0530
Subject: [PATCH] x86/64: Iptables seems to lack support for cgroup v2

FS#3574
Adding cgroup support enables adding rules on processes
to limit resources in terms of iptable policies

Signed-off-by: Supriya Mane <sm.supriya@globaledgesoft.com>
---
 include/netfilter.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 60f031e9a7..45e9dadf85 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -94,6 +94,7 @@ $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, $(if $(NF_KMO
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_OWNER, $(P_XT)xt_owner))
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype))
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota))
+$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_CGROUP, $(P_XT)xt_cgroup))
 
 #$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE))