projects / openwrt / staging / mkresin.git / blob
? search:


095a485e390d895b268e0919f3ace76e427478c7
[openwrt/staging/mkresin.git] / package / network / utils / iptables / Makefile
1 #
2 # Copyright (C) 2006-2016 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9 include $(INCLUDE_DIR)/kernel.mk
10
11 PKG_NAME:=iptables
12 PKG_VERSION:=1.8.7
13 PKG_RELEASE:=5
14
15 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17 PKG_HASH:=c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0
18
19 PKG_FIXUP:=autoreconf
20 PKG_FLAGS:=nonshared
21
22 PKG_INSTALL:=1
23 PKG_BUILD_PARALLEL:=1
24 PKG_LICENSE:=GPL-2.0
25 PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
26
27 include $(INCLUDE_DIR)/package.mk
28 ifeq ($(DUMP),)
29 -include $(LINUX_DIR)/.config
30 include $(INCLUDE_DIR)/netfilter.mk
31 STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
32 endif
33
34
35 define Package/iptables/Default
36 SECTION:=net
37 CATEGORY:=Network
38 SUBMENU:=Firewall
39 URL:=https://netfilter.org/
40 endef
41
42 define Package/iptables/Module
43 $(call Package/iptables/Default)
44 DEPENDS:=+libxtables $(1)
45 endef
46
47 define Package/xtables-legacy
48 $(call Package/iptables/Default)
49 TITLE:=IP firewall administration tool
50 DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
51 endef
52
53 define Package/iptables-legacy
54 $(call Package/iptables/Default)
55 TITLE:=IP firewall administration tool
56 DEPENDS+= +xtables-legacy
57 PROVIDES:=iptables
58 ALTERNATIVES:=\
59 200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
60 200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
61 200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
62 endef
63
64 define Package/iptables-legacy/description
65 IP firewall administration tool.
66
67 Matches:
68 - icmp
69 - tcp
70 - udp
71 - comment
72 - conntrack
73 - limit
74 - mac
75 - mark
76 - multiport
77 - set
78 - state
79 - time
80
81 Targets:
82 - ACCEPT
83 - CT
84 - DNAT
85 - DROP
86 - REJECT
87 - FLOWOFFLOAD
88 - LOG
89 - MARK
90 - MASQUERADE
91 - REDIRECT
92 - SET
93 - SNAT
94 - TCPMSS
95
96 Tables:
97 - filter
98 - mangle
99 - nat
100 - raw
101
102 endef
103
104 define Package/xtables-nft
105 $(call Package/iptables/Default)
106 TITLE:=IP firewall administration tool nft
107 DEPENDS:=@IPTABLES_NFTABLES +libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
108 endef
109
110 define Package/arptables-nft
111 $(call Package/iptables/Default)
112 DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
113 TITLE:=ARP firewall administration tool nft
114 PROVIDES:=arptables
115 ALTERNATIVES:=\
116 300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \
117 300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \
118 300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi
119 endef
120
121 define Package/ebtables-nft
122 $(call Package/iptables/Default)
123 DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
124 TITLE:=Bridge firewall administration tool nft
125 PROVIDES:=ebtables
126 ALTERNATIVES:=\
127 300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \
128 300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \
129 300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi
130 endef
131
132 define Package/iptables-nft
133 $(call Package/iptables/Default)
134 TITLE:=IP firewall administration tool nft
135 DEPENDS:=+kmod-ipt-core +xtables-nft
136 PROVIDES:=iptables
137 ALTERNATIVES:=\
138 300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
139 300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
140 300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
141 endef
142
143 define Package/iptables-nft/description
144 Extra iptables nftables nft binaries.
145 iptables-nft
146 iptables-nft-restore
147 iptables-nft-save
148 iptables-translate
149 iptables-restore-translate
150 endef
151
152 define Package/iptables-mod-conntrack-extra
153 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
154 TITLE:=Extra connection tracking extensions
155 endef
156
157 define Package/iptables-mod-conntrack-extra/description
158 Extra iptables extensions for connection tracking.
159
160 Matches:
161 - connbytes
162 - connlimit
163 - connmark
164 - recent
165 - helper
166
167 Targets:
168 - CONNMARK
169
170 endef
171
172 define Package/iptables-mod-conntrack-label
173 $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
174 TITLE:=Connection tracking labeling extension
175 DEFAULT:=y if IPTABLES_CONNLABEL
176 endef
177
178 define Package/iptables-mod-conntrack-label/description
179 Match and set label(s) on connection tracking entries
180
181 Matches:
182 - connlabel
183
184 endef
185
186 define Package/iptables-mod-filter
187 $(call Package/iptables/Module, +kmod-ipt-filter)
188 TITLE:=Content inspection extensions
189 endef
190
191 define Package/iptables-mod-filter/description
192 iptables extensions for packet content inspection.
193 Includes support for:
194
195 Matches:
196 - string
197 - bpf
198
199 endef
200
201 define Package/iptables-mod-ipopt
202 $(call Package/iptables/Module, +kmod-ipt-ipopt)
203 TITLE:=IP/Packet option extensions
204 endef
205
206 define Package/iptables-mod-ipopt/description
207 iptables extensions for matching/changing IP packet options.
208
209 Matches:
210 - dscp
211 - ecn
212 - length
213 - statistic
214 - tcpmss
215 - unclean
216 - hl
217
218 Targets:
219 - DSCP
220 - CLASSIFY
221 - ECN
222 - HL
223
224 endef
225
226 define Package/iptables-mod-ipsec
227 $(call Package/iptables/Module, +kmod-ipt-ipsec)
228 TITLE:=IPsec extensions
229 endef
230
231 define Package/iptables-mod-ipsec/description
232 iptables extensions for matching ipsec traffic.
233
234 Matches:
235 - ah
236 - esp
237 - policy
238
239 endef
240
241 define Package/iptables-mod-nat-extra
242 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
243 TITLE:=Extra NAT extensions
244 endef
245
246 define Package/iptables-mod-nat-extra/description
247 iptables extensions for extra NAT targets.
248
249 Targets:
250 - MIRROR
251 - NETMAP
252 endef
253
254 define Package/iptables-mod-ulog
255 $(call Package/iptables/Module, +kmod-ipt-ulog)
256 TITLE:=user-space packet logging
257 endef
258
259 define Package/iptables-mod-ulog/description
260 iptables extensions for user-space packet logging.
261
262 Targets:
263 - ULOG
264
265 endef
266
267 define Package/iptables-mod-nflog
268 $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
269 TITLE:=Netfilter NFLOG target
270 endef
271
272 define Package/iptables-mod-nflog/description
273 iptables extension for user-space logging via NFNETLINK.
274
275 Includes:
276 - libxt_NFLOG
277
278 endef
279
280 define Package/iptables-mod-trace
281 $(call Package/iptables/Module, +kmod-ipt-debug)
282 TITLE:=Netfilter TRACE target
283 endef
284
285 define Package/iptables-mod-trace/description
286 iptables extension for TRACE target
287
288 Includes:
289 - libxt_TRACE
290
291 endef
292
293
294 define Package/iptables-mod-nfqueue
295 $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
296 TITLE:=Netfilter NFQUEUE target
297 endef
298
299 define Package/iptables-mod-nfqueue/description
300 iptables extension for user-space queuing via NFNETLINK.
301
302 Includes:
303 - libxt_NFQUEUE
304
305 endef
306
307 define Package/iptables-mod-hashlimit
308 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
309 TITLE:=hashlimit matching
310 endef
311
312 define Package/iptables-mod-hashlimit/description
313 iptables extensions for hashlimit matching
314
315 Matches:
316 - hashlimit
317
318 endef
319
320 define Package/iptables-mod-rpfilter
321 $(call Package/iptables/Module, +kmod-ipt-rpfilter)
322 TITLE:=rpfilter iptables extension
323 endef
324
325 define Package/iptables-mod-rpfilter/description
326 iptables extensions for reverse path filter test on a packet
327
328 Matches:
329 - rpfilter
330
331 endef
332
333 define Package/iptables-mod-iprange
334 $(call Package/iptables/Module, +kmod-ipt-iprange)
335 TITLE:=IP range extension
336 endef
337
338 define Package/iptables-mod-iprange/description
339 iptables extensions for matching ip ranges.
340
341 Matches:
342 - iprange
343
344 endef
345
346 define Package/iptables-mod-cluster
347 $(call Package/iptables/Module, +kmod-ipt-cluster)
348 TITLE:=Match cluster extension
349 endef
350
351 define Package/iptables-mod-cluster/description
352 iptables extensions for matching cluster.
353
354 Netfilter (IPv4/IPv6) module for matching cluster
355 This option allows you to build work-load-sharing clusters of
356 network servers/stateful firewalls without having a dedicated
357 load-balancing router/server/switch. Basically, this match returns
358 true when the packet must be handled by this cluster node. Thus,
359 all nodes see all packets and this match decides which node handles
360 what packets. The work-load sharing algorithm is based on source
361 address hashing.
362
363 This module is usable for ipv4 and ipv6.
364
365 If you select it, it enables kmod-ipt-cluster.
366
367 see `iptables -m cluster --help` for more information.
368 endef
369
370 define Package/iptables-mod-clusterip
371 $(call Package/iptables/Module, +kmod-ipt-clusterip)
372 TITLE:=Clusterip extension
373 endef
374
375 define Package/iptables-mod-clusterip/description
376 iptables extensions for CLUSTERIP.
377 The CLUSTERIP target allows you to build load-balancing clusters of
378 network servers without having a dedicated load-balancing
379 router/server/switch.
380
381 If you select it, it enables kmod-ipt-clusterip.
382
383 see `iptables -j CLUSTERIP --help` for more information.
384 endef
385
386 define Package/iptables-mod-extra
387 $(call Package/iptables/Module, +kmod-ipt-extra)
388 TITLE:=Other extra iptables extensions
389 endef
390
391 define Package/iptables-mod-extra/description
392 Other extra iptables extensions.
393
394 Matches:
395 - addrtype
396 - condition
397 - owner
398 - pkttype
399 - quota
400
401 endef
402
403 define Package/iptables-mod-physdev
404 $(call Package/iptables/Module, +kmod-ipt-physdev)
405 TITLE:=physdev iptables extension
406 endef
407
408 define Package/iptables-mod-physdev/description
409 The iptables physdev match.
410 endef
411
412 define Package/iptables-mod-led
413 $(call Package/iptables/Module, +kmod-ipt-led)
414 TITLE:=LED trigger iptables extension
415 endef
416
417 define Package/iptables-mod-led/description
418 iptables extension for triggering a LED.
419
420 Targets:
421 - LED
422
423 endef
424
425 define Package/iptables-mod-socket
426 $(call Package/iptables/Module, +kmod-ipt-socket)
427 TITLE:=Socket match iptables extensions
428 endef
429
430 define Package/iptables-mod-socket/description
431 Socket match iptables extensions.
432
433 Matches:
434 - socket
435
436 endef
437
438 define Package/iptables-mod-tproxy
439 $(call Package/iptables/Module, +kmod-ipt-tproxy)
440 TITLE:=Transparent proxy iptables extensions
441 endef
442
443 define Package/iptables-mod-tproxy/description
444 Transparent proxy iptables extensions.
445
446 Targets:
447 - TPROXY
448
449 endef
450
451 define Package/iptables-mod-tee
452 $(call Package/iptables/Module, +kmod-ipt-tee)
453 TITLE:=TEE iptables extensions
454 endef
455
456 define Package/iptables-mod-tee/description
457 TEE iptables extensions.
458
459 Targets:
460 - TEE
461
462 endef
463
464 define Package/iptables-mod-u32
465 $(call Package/iptables/Module, +kmod-ipt-u32)
466 TITLE:=U32 iptables extensions
467 endef
468
469 define Package/iptables-mod-u32/description
470 U32 iptables extensions.
471
472 Matches:
473 - u32
474
475 endef
476
477 define Package/iptables-mod-checksum
478 $(call Package/iptables/Module, +kmod-ipt-checksum)
479 TITLE:=IP CHECKSUM target extension
480 endef
481
482 define Package/iptables-mod-checksum/description
483 iptables extension for the CHECKSUM calculation target
484 endef
485
486 define Package/ip6tables-legacy
487 $(call Package/iptables/Default)
488 DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
489 CATEGORY:=Network
490 TITLE:=IPv6 firewall administration tool
491 PROVIDES:=ip6tables
492 ALTERNATIVES:=\
493 200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
494 200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
495 200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
496 endef
497
498 define Package/ip6tables-nft
499 $(call Package/iptables/Default)
500 DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
501 TITLE:=IP firewall administration tool nft
502 PROVIDES:=ip6tables
503 ALTERNATIVES:=\
504 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
505 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
506 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
507 endef
508
509 define Package/ip6tables-nft/description
510 Extra ip6tables nftables nft binaries.
511 ip6tables-nft
512 ip6tables-nft-restore
513 ip6tables-nft-save
514 ip6tables-translate
515 ip6tables-restore-translate
516 endef
517
518 define Package/ip6tables-extra
519 $(call Package/iptables/Default)
520 DEPENDS:=+libxtables +kmod-ip6tables-extra
521 TITLE:=IPv6 header matching modules
522 endef
523
524 define Package/ip6tables-extra/description
525 iptables header matching modules for IPv6
526 endef
527
528 define Package/ip6tables-mod-nat
529 $(call Package/iptables/Default)
530 DEPENDS:=+libxtables +kmod-ipt-nat6
531 TITLE:=IPv6 NAT extensions
532 endef
533
534 define Package/ip6tables-mod-nat/description
535 iptables extensions for IPv6-NAT targets.
536 endef
537
538 define Package/libip4tc
539 $(call Package/iptables/Default)
540 SECTION:=libs
541 CATEGORY:=Libraries
542 TITLE:=IPv4 firewall - shared libiptc library
543 ABI_VERSION:=2
544 endef
545
546 define Package/libip6tc
547 $(call Package/iptables/Default)
548 SECTION:=libs
549 CATEGORY:=Libraries
550 TITLE:=IPv6 firewall - shared libiptc library
551 ABI_VERSION:=2
552 endef
553
554 define Package/libiptext
555 $(call Package/iptables/Default)
556 SECTION:=libs
557 CATEGORY:=Libraries
558 TITLE:=IPv4 firewall - shared libiptext library
559 ABI_VERSION:=0
560 DEPENDS:=+libxtables
561 endef
562
563 define Package/libiptext6
564 $(call Package/iptables/Default)
565 SECTION:=libs
566 CATEGORY:=Libraries
567 TITLE:=IPv6 firewall - shared libiptext library
568 ABI_VERSION:=0
569 DEPENDS:=+libxtables
570 endef
571
572 define Package/libiptext-nft
573 $(call Package/iptables/Default)
574 SECTION:=libs
575 CATEGORY:=Libraries
576 TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
577 ABI_VERSION:=0
578 DEPENDS:=@IPTABLES_NFTABLES +libxtables
579 endef
580
581 define Package/libxtables
582 $(call Package/iptables/Default)
583 SECTION:=libs
584 CATEGORY:=Libraries
585 TITLE:=IPv4/IPv6 firewall - shared xtables library
586 MENU:=1
587 ABI_VERSION:=12
588 DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
589 endef
590
591 define Package/libxtables/config
592 config IPTABLES_CONNLABEL
593 bool "Enable Connlabel support"
594 default n
595 help
596 This enable connlabel support in iptables.
597
598 config IPTABLES_NFTABLES
599 bool "Enable Nftables support"
600 default y
601 help
602 This enable nftables support in iptables.
603 endef
604
605 TARGET_CPPFLAGS := \
606 -I$(PKG_BUILD_DIR)/include \
607 -I$(LINUX_DIR)/user_headers/include \
608 $(TARGET_CPPFLAGS)
609
610 TARGET_CFLAGS += \
611 -I$(PKG_BUILD_DIR)/include \
612 -I$(LINUX_DIR)/user_headers/include \
613 -ffunction-sections -fdata-sections \
614 -DNO_LEGACY
615
616 TARGET_LDFLAGS += \
617 -Wl,--gc-sections
618
619 CONFIGURE_ARGS += \
620 --enable-shared \
621 --enable-static \
622 --enable-devel \
623 --with-kernel="$(LINUX_DIR)/user_headers" \
624 --with-xtlibdir=/usr/lib/iptables \
625 --with-xt-lock-name=/var/run/xtables.lock \
626 $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
627 $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
628 $(if $(CONFIG_IPV6),,--disable-ipv6)
629
630 MAKE_FLAGS := \
631 $(TARGET_CONFIGURE_OPTS) \
632 COPT_FLAGS="$(TARGET_CFLAGS)" \
633 KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
634 KBUILD_OUTPUT="$(LINUX_DIR)" \
635 BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
636
637 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
638 define Build/Configure/rebuild
639 $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
640 rm -f $(PKG_BUILD_DIR)/.config_*
641 rm -f $(PKG_BUILD_DIR)/.configured_*
642 touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
643 endef
644 endif
645
646 define Build/Configure
647 $(Build/Configure/rebuild)
648 $(Build/Configure/Default)
649 endef
650
651 define Build/InstallDev
652 $(INSTALL_DIR) $(1)/usr/include
653 $(INSTALL_DIR) $(1)/usr/include/iptables
654 $(INSTALL_DIR) $(1)/usr/include/net/netfilter
655
656 # XXX: iptables header fixup, some headers are not installed by iptables anymore
657 $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
658 $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
659 $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
660 $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
661 $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
662
663 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
664 $(INSTALL_DIR) $(1)/usr/lib
665 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
666 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
667 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
668 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
669 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
670
671 # XXX: needed by firewall3
672 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
673 endef
674
675 define Package/xtables-legacy/install
676 $(INSTALL_DIR) $(1)/usr/sbin
677 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
678 endef
679
680 define Package/iptables-legacy/install
681 $(INSTALL_DIR) $(1)/usr/sbin
682 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
683 $(INSTALL_DIR) $(1)/usr/lib/iptables
684 endef
685
686 define Package/xtables-nft/install
687 $(INSTALL_DIR) $(1)/usr/sbin
688 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
689 endef
690
691 define Package/arptables-nft/install
692 $(INSTALL_DIR) $(1)/usr/sbin
693 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/
694 $(INSTALL_DIR) $(1)/usr/lib/iptables
695 $(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
696 endef
697
698 define Package/ebtables-nft/install
699 $(INSTALL_DIR) $(1)/usr/sbin
700 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/
701 $(INSTALL_DIR) $(1)/usr/lib/iptables
702 $(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
703 endef
704
705 define Package/iptables-nft/install
706 $(INSTALL_DIR) $(1)/usr/sbin
707 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
708 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
709 endef
710
711 define Package/ip6tables-legacy/install
712 $(INSTALL_DIR) $(1)/usr/sbin
713 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
714 endef
715
716 define Package/ip6tables-nft/install
717 $(INSTALL_DIR) $(1)/usr/sbin
718 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
719 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
720 endef
721
722 define Package/libip4tc/install
723 $(INSTALL_DIR) $(1)/usr/lib
724 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
725 endef
726
727 define Package/libip6tc/install
728 $(INSTALL_DIR) $(1)/usr/lib
729 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
730 endef
731
732 define Package/libiptext/install
733 $(INSTALL_DIR) $(1)/usr/lib
734 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
735 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
736 endef
737
738 define Package/libiptext6/install
739 $(INSTALL_DIR) $(1)/usr/lib
740 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
741 endef
742
743 define Package/libiptext-nft/install
744 $(INSTALL_DIR) $(1)/usr/lib
745 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
746 endef
747
748 define Package/libxtables/install
749 $(INSTALL_DIR) $(1)/usr/lib
750 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
751 endef
752
753 define BuildPlugin
754 define Package/$(1)/install
755 $(INSTALL_DIR) $$(1)/usr/lib/iptables
756 for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
757 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
758 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
759 fi; \
760 done
761 $(3)
762 endef
763
764 $$(eval $$(call BuildPackage,$(1)))
765 endef
766
767 $(eval $(call BuildPackage,libxtables))
768 $(eval $(call BuildPackage,libip4tc))
769 $(eval $(call BuildPackage,libip6tc))
770 $(eval $(call BuildPackage,libiptext))
771 $(eval $(call BuildPackage,libiptext6))
772 $(eval $(call BuildPackage,libiptext-nft))
773 $(eval $(call BuildPackage,xtables-legacy))
774 $(eval $(call BuildPackage,iptables-legacy))
775 $(eval $(call BuildPackage,xtables-nft))
776 $(eval $(call BuildPackage,arptables-nft))
777 $(eval $(call BuildPackage,ebtables-nft))
778 $(eval $(call BuildPackage,iptables-nft))
779 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
780 $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
781 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
782 $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
783 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
784 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
785 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
786 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
787 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
788 $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
789 $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
790 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
791 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
792 $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
793 $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
794 $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
795 $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
796 $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
797 $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
798 $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
799 $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
800 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
801 $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
802 $(eval $(call BuildPackage,ip6tables-legacy))
803 $(eval $(call BuildPackage,ip6tables-nft))
804 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
805 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
806
Staging tree of Mathias Kresin