include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
-PKG_VERSION:=1.6.2
+PKG_VERSION:=1.8.7
PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://git.netfilter.org/iptables
-PKG_SOURCE_VERSION:=c16bdec15137b241586310d0e61bc88cc3726004
-PKG_MIRROR_HASH:=72e4bec94a56dd600097846c773e1074ff705e38f800ef221db646c064371a53
+PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_HASH:=c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0
PKG_FIXUP:=autoreconf
+PKG_FLAGS:=nonshared
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
ifeq ($(DUMP),)
-include $(LINUX_DIR)/.config
include $(INCLUDE_DIR)/netfilter.mk
- STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
+ STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
endif
SECTION:=net
CATEGORY:=Network
SUBMENU:=Firewall
- URL:=http://netfilter.org/
+ URL:=https://netfilter.org/
endef
define Package/iptables/Module
- DNAT
- DROP
- REJECT
+ - FLOWOFFLOAD
- LOG
- MARK
- MASQUERADE
endef
+define Package/iptables-nft
+$(call Package/iptables/Default)
+ TITLE:=IP firewall administration tool nft
+ DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-nft
+endef
+
+define Package/iptables-nft/description
+Extra iptables nftables nft binaries.
+ iptables-nft
+ iptables-nft-restore
+ iptables-nft-save
+ iptables-translate
+ iptables-restore-translate
+endef
+
define Package/iptables-mod-conntrack-extra
-$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
+$(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
TITLE:=Extra connection tracking extensions
endef
Matches:
- string
+ - bpf
endef
MENU:=1
endef
+define Package/ip6tables-nft
+$(call Package/iptables/Default)
+ DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-nft
+ TITLE:=IP firewall administration tool nft
+endef
+
+define Package/ip6tables-nft/description
+Extra ip6tables nftables nft binaries.
+ iptables-nft
+ iptables-nft-restore
+ iptables-nft-save
+ iptables-translate
+ iptables-restore-translate
+endef
define Package/ip6tables-extra
$(call Package/iptables/Default)
iptables extensions for IPv6-NAT targets.
endef
-define Package/libiptc
-$(call Package/iptables/Default)
- SECTION:=libs
- CATEGORY:=Libraries
- DEPENDS:=+libip4tc +libip6tc +libxtables
- ABI_VERSION:=$(PKG_VERSION)
- TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
-endef
-
define Package/libip4tc
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4 firewall - shared libiptc library
- ABI_VERSION:=$(PKG_VERSION)
+ ABI_VERSION:=2
DEPENDS:=+libxtables
endef
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv6 firewall - shared libiptc library
- ABI_VERSION:=$(PKG_VERSION)
+ ABI_VERSION:=2
DEPENDS:=+libxtables
endef
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables library
- ABI_VERSION:=$(PKG_VERSION)
+ ABI_VERSION:=12
DEPENDS:= \
+IPTABLES_CONNLABEL:libnetfilter-conntrack \
+IPTABLES_NFTABLES:libnftnl
endef
+define Package/libxtables-nft
+ $(call Package/iptables/Default)
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=IPv4/IPv6 firewall - shared xtables nft library
+ ABI_VERSION:=12
+ DEPENDS:=libxtables
+endef
+
TARGET_CPPFLAGS := \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/user_headers/include \
define Package/iptables/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/iptables
endef
+define Package/iptables-nft/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
+endef
+
define Package/ip6tables/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
endef
-define Package/libiptc/install
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
+define Package/ip6tables-nft/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/libip4tc/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
endef
define Package/libip6tc/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
endef
define Package/libxtables/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
endef
+define Package/libxtables-nft/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
+endef
+
define BuildPlugin
define Package/$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/iptables
$$(eval $$(call BuildPackage,$(1)))
endef
+$(eval $(call BuildPackage,libxtables))
+$(eval $(call BuildPackage,libxtables-nft))
+$(eval $(call BuildPackage,libip4tc))
+$(eval $(call BuildPackage,libip6tc))
$(eval $(call BuildPackage,iptables))
+$(eval $(call BuildPackage,iptables-nft))
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
$(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
$(eval $(call BuildPackage,ip6tables))
+$(eval $(call BuildPackage,ip6tables-nft))
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
-$(eval $(call BuildPackage,libiptc))
-$(eval $(call BuildPackage,libip4tc))
-$(eval $(call BuildPackage,libip6tc))
-$(eval $(call BuildPackage,libxtables))
+
projects / openwrt / staging / chunkeey.git / blobdiff