1 # Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
2 # This is free software, licensed under the GNU General Public License v3.
4 include $(TOPDIR
)/rules.mk
9 PKG_LICENSE
:=GPL-3.0
-or-later
10 PKG_MAINTAINER
:=Stan Grishin
<stangri@melmac.ca
>
12 include $(INCLUDE_DIR
)/package.mk
14 define Package
/pbr
/Default
17 SUBMENU
:=Routing and Redirection
18 TITLE
:=Policy Based Routing Service
19 URL
:=https
://docs.openwrt.melmac.net
/pbr
/
20 DEPENDS
:=+ip-full
+jshn
+jsonfilter
+resolveip
21 CONFLICTS
:=vpnbypass vpn-policy-routing
26 $(call Package
/pbr
/Default
)
27 TITLE
+= with nft
/nft set support
28 DEPENDS
+=+kmod-nft-core
+kmod-nft-nat
+nftables-json
30 PROVIDES
:=vpnbypass vpn-policy-routing
34 define Package
/pbr-iptables
35 $(call Package
/pbr
/Default
)
36 TITLE
+= with iptables
/ipset support
37 DEPENDS
+=+ipset
+iptables
+kmod-ipt-ipset
+iptables-mod-ipopt
42 define Package
/pbr-netifd
43 $(call Package
/pbr
/Default
)
44 TITLE
+= with netifd support
49 define Package
/pbr
/description
50 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
51 This version supports OpenWrt with both firewall3
/ipset
/iptables and firewall4
/nft.
54 define Package
/pbr-iptables
/description
55 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
56 This version supports OpenWrt with firewall3
/ipset
/iptables.
59 define Package
/pbr-netifd
/description
60 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
61 This version supports OpenWrt with both firewall3
/ipset
/iptables and firewall4
/nft.
62 This version uses OpenWrt native netifd
/tables to set up interfaces. This is WIP.
65 define Package
/pbr
/conffiles
69 Package
/pbr-iptables
/conffiles
= $(Package
/pbr
/conffiles
)
70 Package
/pbr-netifd
/conffiles
= $(Package
/pbr
/conffiles
)
72 define Build
/Configure
78 define Package
/pbr
/default
/install
79 $(INSTALL_DIR
) $(1)/etc
/init.d
80 $(INSTALL_BIN
) .
/files
/etc
/init.d
/pbr.init
$(1)/etc
/init.d
/pbr
81 $(SED
) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc
/init.d
/pbr
82 $(INSTALL_DIR
) $(1)/etc
/hotplug.d
/iface
83 $(INSTALL_DATA
) .
/files
/etc
/hotplug.d
/iface
/70-pbr
$(1)/etc
/hotplug.d
/iface
/70-pbr
84 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
85 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/90-pbr
$(1)/etc
/uci-defaults
/90-pbr
86 $(INSTALL_DIR
) $(1)/usr
/share
/pbr
87 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.aws
$(1)/usr
/share
/pbr
/pbr.user.aws
88 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.netflix
$(1)/usr
/share
/pbr
/pbr.user.netflix
91 define Package
/pbr
/install
92 $(call Package
/pbr
/default
/install,$(1))
93 $(INSTALL_DIR
) $(1)/etc
/config
94 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr
$(1)/etc
/config
/pbr
95 $(INSTALL_DIR
) $(1)/usr
/share
/pbr
96 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.firewall.
include $(1)/usr
/share
/pbr
/pbr.firewall.
include
97 $(INSTALL_DIR
) $(1)/usr
/share
/nftables.d
98 $(CP
) .
/files
/usr
/share
/nftables.d
/* $(1)/usr
/share
/nftables.d
/
101 define Package
/pbr-iptables
/install
102 $(call Package
/pbr
/default
/install,$(1))
103 $(INSTALL_DIR
) $(1)/etc
/hotplug.d
/firewall
104 $(INSTALL_DATA
) .
/files
/etc
/hotplug.d
/firewall
/70-pbr
$(1)/etc
/hotplug.d
/firewall
/70-pbr
105 $(INSTALL_DIR
) $(1)/etc
/config
106 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr.iptables
$(1)/etc
/config
/pbr
109 define Package
/pbr-netifd
/install
110 $(call Package
/pbr
/default
/install,$(1))
111 $(INSTALL_DIR
) $(1)/etc
/config
112 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr
$(1)/etc
/config
/pbr
113 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
114 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/91-pbr
$(1)/etc
/uci-defaults
/91-pbr
117 define Package
/pbr
/postinst
119 # check if we are on real system
120 if
[ -z
"$${IPKG_INSTROOT}" ]; then
121 chmod
-x
/etc
/init.d
/pbr || true
122 fw4
-q reload || true
123 chmod
+x
/etc
/init.d
/pbr || true
124 echo
-n
"Installing rc.d symlink for pbr... "
125 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
130 define Package
/pbr
/prerm
132 # check if we are on real system
133 if
[ -z
"$${IPKG_INSTROOT}" ]; then
134 uci
-q delete firewall.pbr || true
135 echo
"Stopping pbr service... "
136 /etc
/init.d
/pbr stop
&& echo
"OK" || echo
"FAIL"
137 echo
-n
"Removing rc.d symlink for pbr... "
138 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
143 define Package
/pbr
/postrm
145 # check if we are on real system
146 if
[ -z
"$${IPKG_INSTROOT}" ]; then
147 fw4
-q reload || true
152 define Package
/pbr-iptables
/postinst
154 # check if we are on real system
155 if
[ -z
"$${IPKG_INSTROOT}" ]; then
156 echo
-n
"Installing rc.d symlink for pbr-iptables... "
157 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
162 define Package
/pbr-iptables
/prerm
164 # check if we are on real system
165 if
[ -z
"$${IPKG_INSTROOT}" ]; then
166 uci
-q delete firewall.pbr || true
167 echo
"Stopping pbr-iptables service... "
168 /etc
/init.d
/pbr stop
&& echo
"OK" || echo
"FAIL"
169 echo
-n
"Removing rc.d symlink for pbr-iptables... "
170 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
175 define Package
/pbr-netifd
/postinst
177 # check if we are on real system
178 if
[ -z
"$${IPKG_INSTROOT}" ]; then
179 echo
-n
"Installing rc.d symlink for pbr-netifd... "
180 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
185 define Package
/pbr-netifd
/prerm
187 # check if we are on real system
188 if
[ -z
"$${IPKG_INSTROOT}" ]; then
189 uci
-q delete firewall.pbr || true
190 echo
"Stopping pbr-netifd service... "
191 /etc
/init.d
/pbr stop
&& echo
"OK" || echo
"FAIL"
192 echo
-n
"Removing rc.d symlink for pbr... "
193 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
198 $(eval
$(call BuildPackage
,pbr
))
199 $(eval
$(call BuildPackage
,pbr-iptables
))
200 #$(eval $(call BuildPackage,pbr-netifd))