diff --git a/iptables-mod-fullconenat b/iptables-mod-fullconenat
deleted file mode 160000
index 4be5039fd..000000000
--- a/iptables-mod-fullconenat
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 4be5039fd2e1baec5e6bdf11e7bd62f7f1fa7e22
diff --git a/iptables-mod-fullconenat/Makefile b/iptables-mod-fullconenat/Makefile
new file mode 100644
index 000000000..279c1eb9a
--- /dev/null
+++ b/iptables-mod-fullconenat/Makefile
@@ -0,0 +1,65 @@
+#
+# Copyright (C) 2018 Chion Tang <tech@chionlab.moe>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=fullconenat
+PKG_RELEASE:=1
+
+PKG_SOURCE_DATE:=2019-10-21
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/Chion82/netfilter-full-cone-nat.git
+PKG_SOURCE_VERSION:=0cf3b48fd7d2fa81d0297d1fff12bbd0580fc435
+
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/iptables-mod-fullconenat
+  SUBMENU:=Firewall
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=FULLCONENAT iptables extension
+  DEPENDS:=+iptables +kmod-ipt-fullconenat
+  MAINTAINER:=Chion Tang <tech@chionlab.moe>
+endef
+
+define Package/iptables-mod-fullconenat/install
+	$(INSTALL_DIR) $(1)/usr/lib/iptables
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/libipt_FULLCONENAT.so $(1)/usr/lib/iptables
+endef
+
+define KernelPackage/ipt-fullconenat
+  SUBMENU:=Netfilter Extensions
+  TITLE:=FULLCONENAT netfilter module
+  DEPENDS:=+kmod-nf-ipt +kmod-nf-nat
+  MAINTAINER:=Chion Tang <tech@chionlab.moe>
+  KCONFIG:=CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_CHAIN_EVENTS=y
+  FILES:=$(PKG_BUILD_DIR)/xt_FULLCONENAT.ko
+endef
+
+include $(INCLUDE_DIR)/kernel-defaults.mk
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	$(CP) ./files/Makefile $(PKG_BUILD_DIR)/
+endef
+
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C "$(LINUX_DIR)" \
+        CROSS_COMPILE="$(TARGET_CROSS)" \
+        ARCH="$(LINUX_KARCH)" \
+        M="$(PKG_BUILD_DIR)" \
+        EXTRA_CFLAGS="$(BUILDFLAGS)" \
+        modules
+	$(call Build/Compile/Default)
+endef
+
+$(eval $(call BuildPackage,iptables-mod-fullconenat))
+$(eval $(call KernelPackage,ipt-fullconenat))
diff --git a/iptables-mod-fullconenat/README.md b/iptables-mod-fullconenat/README.md
new file mode 100644
index 000000000..4d4909802
--- /dev/null
+++ b/iptables-mod-fullconenat/README.md
@@ -0,0 +1,27 @@
+## Netfilter and iptables extension for [FULLCONENAT](https://github.com/Chion82/netfilter-full-cone-nat) target ported to OpenWrt.
+
+Compile
+---
+```
+# cd to OpenWrt source path
+# Clone this repo
+git clone -b master --single-branch https://github.com/LGA1150/openwrt-fullconenat package/fullconenat
+# Select Network -> Firewall -> iptables-mod-fullconenat
+make menuconfig
+# Compile
+make V=s
+```
+
+Usage
+---
+You can apply [this patch](https://github.com/LGA1150/fullconenat-fw3-patch) to OpenWrt's Firewall3 (Recommended).
+
+Or manually add the following rules to `/etc/firewall.user`
+```
+iptables -t nat -A zone_wan_prerouting -j FULLCONENAT
+iptables -t nat -A zone_wan_postrouting -j FULLCONENAT
+```
+
+Workaround for conflicting with module `nf_conntrack_netlink`
+---
+This module uses conntrack events to register a callback function. In the same netns, only one callback method can be registered, that causes conflicts with `nf_conntrack_netlink`, which also uses conntrack events. Qualcomm Shortcut FE has introduced a patch to allow multiple callbacks to be registered. To apply, put [this patch](https://github.com/coolsnowwolf/lede/blob/master/target/linux/generic/hack-4.14/952-net-conntrack-events-support-multiple-registrant.patch) into `target/linux/generic/hack-4.14`.
diff --git a/iptables-mod-fullconenat/files/Makefile b/iptables-mod-fullconenat/files/Makefile
new file mode 100644
index 000000000..da52a2a4e
--- /dev/null
+++ b/iptables-mod-fullconenat/files/Makefile
@@ -0,0 +1,7 @@
+libipt_FULLCONENAT.so: libipt_FULLCONENAT.o
+	$(CC) -shared -lxtables -o $@ $^;
+libipt_FULLCONENAT.o: libipt_FULLCONENAT.c
+	$(CC) ${CFLAGS} -fPIC -D_INIT=$*_init -c -o $@ $<;
+
+obj-m += xt_FULLCONENAT.o
+
diff --git a/iptables-mod-fullconenat/patches/000-printk.patch b/iptables-mod-fullconenat/patches/000-printk.patch
new file mode 100644
index 000000000..4e764c5d6
--- /dev/null
+++ b/iptables-mod-fullconenat/patches/000-printk.patch
@@ -0,0 +1,17 @@
+diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c
+index 9e52eba..8658c5f 100644
+--- a/xt_FULLCONENAT.c
++++ b/xt_FULLCONENAT.c
+@@ -702,9 +702,11 @@ static struct xt_target tg_reg[] __read_mostly = {
+ 
+ static int __init fullconenat_tg_init(void)
+ {
++  printk(KERN_INFO "xt_FULLCONENAT: RFC3489 Full Cone NAT module\n"
++	"xt_FULLCONENAT: Copyright (C) 2018 Chion Tang <tech@chionlab.moe>\n");
+   wq = create_singlethread_workqueue("xt_FULLCONENAT");
+   if (wq == NULL) {
+-    printk("xt_FULLCONENAT: warning: failed to create workqueue\n");
++    printk(KERN_WARNING "xt_FULLCONENAT: warning: failed to create workqueue\n");
+   }
+ 
+   return xt_register_targets(tg_reg, ARRAY_SIZE(tg_reg));