1 # Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
2 # This is free software, licensed under the GNU General Public License v3.
4 include $(TOPDIR
)/rules.mk
9 PKG_LICENSE
:=GPL-3.0
-or-later
10 PKG_MAINTAINER
:=Stan Grishin
<stangri@melmac.ca
>
12 include $(INCLUDE_DIR
)/package.mk
14 define Package
/pbr
/Default
17 SUBMENU
:=Routing and Redirection
18 TITLE
:=Policy Based Routing Service
19 URL
:=https
://docs.openwrt.melmac.net
/pbr
/
20 DEPENDS
:=+ip-full
+jshn
+jsonfilter
+libubus
+resolveip
21 CONFLICTS
:=vpnbypass vpn-policy-routing
26 $(call Package
/pbr
/Default
)
27 TITLE
+= with nft
/nft set support
28 DEPENDS
+=+kmod-nft-core
+kmod-nft-nat
+nftables-json
30 PROVIDES
:=vpnbypass vpn-policy-routing
34 define Package
/pbr-iptables
35 $(call Package
/pbr
/Default
)
36 TITLE
+= with iptables
/ipset support
37 DEPENDS
+=+ipset
+iptables
+kmod-ipt-ipset
+iptables-mod-ipopt
42 define Package
/pbr-netifd
43 $(call Package
/pbr
/Default
)
44 TITLE
+= with netifd support
49 define Package
/pbr
/description
50 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
51 This version supports OpenWrt with both firewall3
/ipset
/iptables and firewall4
/nft.
54 define Package
/pbr-iptables
/description
55 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
56 This version supports OpenWrt with firewall3
/ipset
/iptables.
59 define Package
/pbr-netifd
/description
60 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
61 This version supports OpenWrt with both firewall3
/ipset
/iptables and firewall4
/nft.
62 This version uses OpenWrt native netifd
/tables to set up interfaces. This is WIP.
65 define Package
/pbr
/conffiles
69 Package
/pbr-iptables
/conffiles
= $(Package
/pbr
/conffiles
)
70 Package
/pbr-netifd
/conffiles
= $(Package
/pbr
/conffiles
)
72 define Build
/Configure
78 define Package
/pbr
/default
/install
79 $(INSTALL_DIR
) $(1)/etc
/init.d
80 $(INSTALL_BIN
) .
/files
/etc
/init.d
/pbr.init
$(1)/etc
/init.d
/pbr
81 $(SED
) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc
/init.d
/pbr
82 $(INSTALL_DIR
) $(1)/etc
/hotplug.d
/firewall
83 $(INSTALL_DIR
) $(1)/etc
/hotplug.d
/iface
84 $(INSTALL_DATA
) .
/files
/etc
/hotplug.d
/iface
/70-pbr
$(1)/etc
/hotplug.d
/iface
/70-pbr
85 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
86 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/90-pbr
$(1)/etc
/uci-defaults
/90-pbr
87 $(INSTALL_DIR
) $(1)/usr
/share
/pbr
88 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.firewall.
include $(1)/usr
/share
/pbr
/pbr.firewall.
include
89 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.aws
$(1)/usr
/share
/pbr
/pbr.user.aws
90 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.netflix
$(1)/usr
/share
/pbr
/pbr.user.netflix
93 define Package
/pbr
/install
94 $(call Package
/pbr
/default
/install,$(1))
95 $(INSTALL_DIR
) $(1)/etc
/config
96 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr
$(1)/etc
/config
/pbr
97 $(INSTALL_DIR
) $(1)/usr
/share
/nftables.d
98 $(CP
) .
/files
/usr
/share
/nftables.d
/* $(1)/usr
/share
/nftables.d
/
101 define Package
/pbr-iptables
/install
102 $(call Package
/pbr
/default
/install,$(1))
103 $(INSTALL_DIR
) $(1)/etc
/config
104 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr.iptables
$(1)/etc
/config
/pbr
107 define Package
/pbr-netifd
/install
108 $(call Package
/pbr
/default
/install,$(1))
109 $(INSTALL_DIR
) $(1)/etc
/config
110 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr
$(1)/etc
/config
/pbr
111 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
112 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/91-pbr
$(1)/etc
/uci-defaults
/91-pbr
115 define Package
/pbr
/postinst
117 # check if we are on real system
118 if
[ -z
"$${IPKG_INSTROOT}" ]; then
119 chmod
-x
/etc
/init.d
/pbr || true
120 fw4
-q reload || true
121 chmod
+x
/etc
/init.d
/pbr || true
122 echo
-n
"Installing rc.d symlink for pbr... "
123 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
128 define Package
/pbr
/prerm
130 # check if we are on real system
131 if
[ -z
"$${IPKG_INSTROOT}" ]; then
132 uci
-q delete firewall.pbr || true
133 echo
"Stopping pbr service... "
134 /etc
/init.d
/pbr stop || true
135 echo
-n
"Removing rc.d symlink for pbr... "
136 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
141 define Package
/pbr
/postrm
143 # check if we are on real system
144 if
[ -z
"$${IPKG_INSTROOT}" ]; then
145 fw4
-q reload || true
150 define Package
/pbr-iptables
/postinst
152 # check if we are on real system
153 if
[ -z
"$${IPKG_INSTROOT}" ]; then
154 echo
-n
"Installing rc.d symlink for pbr... "
155 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
160 define Package
/pbr-iptables
/prerm
162 # check if we are on real system
163 if
[ -z
"$${IPKG_INSTROOT}" ]; then
164 uci
-q delete firewall.pbr || true
165 echo
"Stopping pbr service... "
166 /etc
/init.d
/pbr stop || true
167 echo
-n
"Removing rc.d symlink for pbr... "
168 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
173 define Package
/pbr-netifd
/postinst
175 # check if we are on real system
176 if
[ -z
"$${IPKG_INSTROOT}" ]; then
177 echo
-n
"Installing rc.d symlink for pbr... "
178 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
179 # echo -n "Installing netifd support for pbr... "
180 # /etc/init.d/pbr netifd install && echo "OK" || echo "FAIL"
181 # echo -n "Restarting network... "
182 # /etc/init.d/network restart && echo "OK" || echo "FAIL"
187 define Package
/pbr-netifd
/prerm
189 # check if we are on real system
190 if
[ -z
"$${IPKG_INSTROOT}" ]; then
191 uci
-q delete firewall.pbr || true
192 echo
"Stopping pbr service... "
193 /etc
/init.d
/pbr stop || true
194 # echo -n "Removing netifd support for pbr... "
195 # /etc/init.d/pbr netifd remove && echo "OK" || echo "FAIL"
196 echo
-n
"Removing rc.d symlink for pbr... "
197 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
198 # echo -n "Restarting network... "
199 # /etc/init.d/network restart && echo "OK" || echo "FAIL"
204 $(eval
$(call BuildPackage
,pbr
))
205 $(eval
$(call BuildPackage
,pbr-iptables
))
206 #$(eval $(call BuildPackage,pbr-netifd))