Describe the bug

Raspberry Pi OS's kernel is compiled with:

CONFIG_IP_NF_TARGET_SYNPROXY is not set

Resulting in the following error message when trying to use -j SYNPROXY when adding IPv4 iptables rules:
Warning: Extension SYNPROXY revision 0 not supported, missing kernel module?

Steps to reproduce the behaviour

Try to use IPv4's -j SYNPROXY via iptables

Device (s)

Raspberry Pi CM4 Lite

System

Raspberry Pi reference 2024-03-15
Apr 17 2024 17:27:09
Linux raspberry 6.6.28+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1 (2024-04-22) aarch64 GNU/Linux

Logs

sudo iptables -A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460
Warning: Extension SYNPROXY revision 0 not supported, missing kernel module?

Additional context

It seems strange the IPv6 version is modularized in default 64-bit build configuration: CONFIG_IP6_NF_TARGET_SYNPROXY=m
but the IPv4 version is not. All dependencies are already modularized in the default configuration.

This request is separate, but related to issue #4993, which was accepted/commit on Sep 2,2022. The rationale remains similar to the previous issue. Once the kernel was recompiled with:
CONFIG_IP_NF_TARGET_SYNPROXY=m
then -j SYNPROXY works as expected for IPv4 iptables rules.

I've added IP_NF_TARGET_SYNPROXY=m to our standard defconfigs - see 3f472b2.