projects / openwrt / staging / dedeckeh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
iptables: add xtables-nft package
[openwrt/staging/dedeckeh.git] / package / network / utils / iptables / Makefile
1 #
2 # Copyright (C) 2006-2016 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9 include $(INCLUDE_DIR)/kernel.mk
10
11 PKG_NAME:=iptables
12 PKG_VERSION:=1.8.7
13 PKG_RELEASE:=5
14
15 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17 PKG_HASH:=c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0
18
19 PKG_FIXUP:=autoreconf
20 PKG_FLAGS:=nonshared
21
22 PKG_INSTALL:=1
23 PKG_BUILD_PARALLEL:=1
24 PKG_LICENSE:=GPL-2.0
25 PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
26
27 include $(INCLUDE_DIR)/package.mk
28 ifeq ($(DUMP),)
29 -include $(LINUX_DIR)/.config
30 include $(INCLUDE_DIR)/netfilter.mk
31 STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
32 endif
33
34
35 define Package/iptables/Default
36 SECTION:=net
37 CATEGORY:=Network
38 SUBMENU:=Firewall
39 URL:=https://netfilter.org/
40 endef
41
42 define Package/iptables/Module
43 $(call Package/iptables/Default)
44 DEPENDS:=+libxtables $(1)
45 endef
46
47 define Package/xtables-legacy
48 $(call Package/iptables/Default)
49 TITLE:=IP firewall administration tool
50 DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
51 endef
52
53 define Package/iptables-legacy
54 $(call Package/iptables/Default)
55 TITLE:=IP firewall administration tool
56 DEPENDS+= +xtables-legacy
57 PROVIDES:=iptables
58 ALTERNATIVES:=\
59 200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
60 200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
61 200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
62 endef
63
64 define Package/iptables-legacy/description
65 IP firewall administration tool.
66
67 Matches:
68 - icmp
69 - tcp
70 - udp
71 - comment
72 - conntrack
73 - limit
74 - mac
75 - mark
76 - multiport
77 - set
78 - state
79 - time
80
81 Targets:
82 - ACCEPT
83 - CT
84 - DNAT
85 - DROP
86 - REJECT
87 - FLOWOFFLOAD
88 - LOG
89 - MARK
90 - MASQUERADE
91 - REDIRECT
92 - SET
93 - SNAT
94 - TCPMSS
95
96 Tables:
97 - filter
98 - mangle
99 - nat
100 - raw
101
102 endef
103
104 define Package/xtables-nft
105 $(call Package/iptables/Default)
106 TITLE:=IP firewall administration tool nft
107 DEPENDS:=@IPTABLES_NFTABLES +libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
108 endef
109
110 define Package/iptables-nft
111 $(call Package/iptables/Default)
112 TITLE:=IP firewall administration tool nft
113 DEPENDS:=+kmod-ipt-core +xtables-nft
114 PROVIDES:=iptables
115 ALTERNATIVES:=\
116 300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
117 300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
118 300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
119 endef
120
121 define Package/iptables-nft/description
122 Extra iptables nftables nft binaries.
123 iptables-nft
124 iptables-nft-restore
125 iptables-nft-save
126 iptables-translate
127 iptables-restore-translate
128 endef
129
130 define Package/iptables-mod-conntrack-extra
131 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
132 TITLE:=Extra connection tracking extensions
133 endef
134
135 define Package/iptables-mod-conntrack-extra/description
136 Extra iptables extensions for connection tracking.
137
138 Matches:
139 - connbytes
140 - connlimit
141 - connmark
142 - recent
143 - helper
144
145 Targets:
146 - CONNMARK
147
148 endef
149
150 define Package/iptables-mod-conntrack-label
151 $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
152 TITLE:=Connection tracking labeling extension
153 DEFAULT:=y if IPTABLES_CONNLABEL
154 endef
155
156 define Package/iptables-mod-conntrack-label/description
157 Match and set label(s) on connection tracking entries
158
159 Matches:
160 - connlabel
161
162 endef
163
164 define Package/iptables-mod-filter
165 $(call Package/iptables/Module, +kmod-ipt-filter)
166 TITLE:=Content inspection extensions
167 endef
168
169 define Package/iptables-mod-filter/description
170 iptables extensions for packet content inspection.
171 Includes support for:
172
173 Matches:
174 - string
175 - bpf
176
177 endef
178
179 define Package/iptables-mod-ipopt
180 $(call Package/iptables/Module, +kmod-ipt-ipopt)
181 TITLE:=IP/Packet option extensions
182 endef
183
184 define Package/iptables-mod-ipopt/description
185 iptables extensions for matching/changing IP packet options.
186
187 Matches:
188 - dscp
189 - ecn
190 - length
191 - statistic
192 - tcpmss
193 - unclean
194 - hl
195
196 Targets:
197 - DSCP
198 - CLASSIFY
199 - ECN
200 - HL
201
202 endef
203
204 define Package/iptables-mod-ipsec
205 $(call Package/iptables/Module, +kmod-ipt-ipsec)
206 TITLE:=IPsec extensions
207 endef
208
209 define Package/iptables-mod-ipsec/description
210 iptables extensions for matching ipsec traffic.
211
212 Matches:
213 - ah
214 - esp
215 - policy
216
217 endef
218
219 define Package/iptables-mod-nat-extra
220 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
221 TITLE:=Extra NAT extensions
222 endef
223
224 define Package/iptables-mod-nat-extra/description
225 iptables extensions for extra NAT targets.
226
227 Targets:
228 - MIRROR
229 - NETMAP
230 endef
231
232 define Package/iptables-mod-ulog
233 $(call Package/iptables/Module, +kmod-ipt-ulog)
234 TITLE:=user-space packet logging
235 endef
236
237 define Package/iptables-mod-ulog/description
238 iptables extensions for user-space packet logging.
239
240 Targets:
241 - ULOG
242
243 endef
244
245 define Package/iptables-mod-nflog
246 $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
247 TITLE:=Netfilter NFLOG target
248 endef
249
250 define Package/iptables-mod-nflog/description
251 iptables extension for user-space logging via NFNETLINK.
252
253 Includes:
254 - libxt_NFLOG
255
256 endef
257
258 define Package/iptables-mod-trace
259 $(call Package/iptables/Module, +kmod-ipt-debug)
260 TITLE:=Netfilter TRACE target
261 endef
262
263 define Package/iptables-mod-trace/description
264 iptables extension for TRACE target
265
266 Includes:
267 - libxt_TRACE
268
269 endef
270
271
272 define Package/iptables-mod-nfqueue
273 $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
274 TITLE:=Netfilter NFQUEUE target
275 endef
276
277 define Package/iptables-mod-nfqueue/description
278 iptables extension for user-space queuing via NFNETLINK.
279
280 Includes:
281 - libxt_NFQUEUE
282
283 endef
284
285 define Package/iptables-mod-hashlimit
286 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
287 TITLE:=hashlimit matching
288 endef
289
290 define Package/iptables-mod-hashlimit/description
291 iptables extensions for hashlimit matching
292
293 Matches:
294 - hashlimit
295
296 endef
297
298 define Package/iptables-mod-rpfilter
299 $(call Package/iptables/Module, +kmod-ipt-rpfilter)
300 TITLE:=rpfilter iptables extension
301 endef
302
303 define Package/iptables-mod-rpfilter/description
304 iptables extensions for reverse path filter test on a packet
305
306 Matches:
307 - rpfilter
308
309 endef
310
311 define Package/iptables-mod-iprange
312 $(call Package/iptables/Module, +kmod-ipt-iprange)
313 TITLE:=IP range extension
314 endef
315
316 define Package/iptables-mod-iprange/description
317 iptables extensions for matching ip ranges.
318
319 Matches:
320 - iprange
321
322 endef
323
324 define Package/iptables-mod-cluster
325 $(call Package/iptables/Module, +kmod-ipt-cluster)
326 TITLE:=Match cluster extension
327 endef
328
329 define Package/iptables-mod-cluster/description
330 iptables extensions for matching cluster.
331
332 Netfilter (IPv4/IPv6) module for matching cluster
333 This option allows you to build work-load-sharing clusters of
334 network servers/stateful firewalls without having a dedicated
335 load-balancing router/server/switch. Basically, this match returns
336 true when the packet must be handled by this cluster node. Thus,
337 all nodes see all packets and this match decides which node handles
338 what packets. The work-load sharing algorithm is based on source
339 address hashing.
340
341 This module is usable for ipv4 and ipv6.
342
343 If you select it, it enables kmod-ipt-cluster.
344
345 see `iptables -m cluster --help` for more information.
346 endef
347
348 define Package/iptables-mod-clusterip
349 $(call Package/iptables/Module, +kmod-ipt-clusterip)
350 TITLE:=Clusterip extension
351 endef
352
353 define Package/iptables-mod-clusterip/description
354 iptables extensions for CLUSTERIP.
355 The CLUSTERIP target allows you to build load-balancing clusters of
356 network servers without having a dedicated load-balancing
357 router/server/switch.
358
359 If you select it, it enables kmod-ipt-clusterip.
360
361 see `iptables -j CLUSTERIP --help` for more information.
362 endef
363
364 define Package/iptables-mod-extra
365 $(call Package/iptables/Module, +kmod-ipt-extra)
366 TITLE:=Other extra iptables extensions
367 endef
368
369 define Package/iptables-mod-extra/description
370 Other extra iptables extensions.
371
372 Matches:
373 - addrtype
374 - condition
375 - owner
376 - pkttype
377 - quota
378
379 endef
380
381 define Package/iptables-mod-physdev
382 $(call Package/iptables/Module, +kmod-ipt-physdev)
383 TITLE:=physdev iptables extension
384 endef
385
386 define Package/iptables-mod-physdev/description
387 The iptables physdev match.
388 endef
389
390 define Package/iptables-mod-led
391 $(call Package/iptables/Module, +kmod-ipt-led)
392 TITLE:=LED trigger iptables extension
393 endef
394
395 define Package/iptables-mod-led/description
396 iptables extension for triggering a LED.
397
398 Targets:
399 - LED
400
401 endef
402
403 define Package/iptables-mod-socket
404 $(call Package/iptables/Module, +kmod-ipt-socket)
405 TITLE:=Socket match iptables extensions
406 endef
407
408 define Package/iptables-mod-socket/description
409 Socket match iptables extensions.
410
411 Matches:
412 - socket
413
414 endef
415
416 define Package/iptables-mod-tproxy
417 $(call Package/iptables/Module, +kmod-ipt-tproxy)
418 TITLE:=Transparent proxy iptables extensions
419 endef
420
421 define Package/iptables-mod-tproxy/description
422 Transparent proxy iptables extensions.
423
424 Targets:
425 - TPROXY
426
427 endef
428
429 define Package/iptables-mod-tee
430 $(call Package/iptables/Module, +kmod-ipt-tee)
431 TITLE:=TEE iptables extensions
432 endef
433
434 define Package/iptables-mod-tee/description
435 TEE iptables extensions.
436
437 Targets:
438 - TEE
439
440 endef
441
442 define Package/iptables-mod-u32
443 $(call Package/iptables/Module, +kmod-ipt-u32)
444 TITLE:=U32 iptables extensions
445 endef
446
447 define Package/iptables-mod-u32/description
448 U32 iptables extensions.
449
450 Matches:
451 - u32
452
453 endef
454
455 define Package/iptables-mod-checksum
456 $(call Package/iptables/Module, +kmod-ipt-checksum)
457 TITLE:=IP CHECKSUM target extension
458 endef
459
460 define Package/iptables-mod-checksum/description
461 iptables extension for the CHECKSUM calculation target
462 endef
463
464 define Package/ip6tables-legacy
465 $(call Package/iptables/Default)
466 DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
467 CATEGORY:=Network
468 TITLE:=IPv6 firewall administration tool
469 PROVIDES:=ip6tables
470 ALTERNATIVES:=\
471 200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
472 200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
473 200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
474 endef
475
476 define Package/ip6tables-nft
477 $(call Package/iptables/Default)
478 DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
479 TITLE:=IP firewall administration tool nft
480 PROVIDES:=ip6tables
481 ALTERNATIVES:=\
482 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
483 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
484 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
485 endef
486
487 define Package/ip6tables-nft/description
488 Extra ip6tables nftables nft binaries.
489 ip6tables-nft
490 ip6tables-nft-restore
491 ip6tables-nft-save
492 ip6tables-translate
493 ip6tables-restore-translate
494 endef
495
496 define Package/ip6tables-extra
497 $(call Package/iptables/Default)
498 DEPENDS:=+libxtables +kmod-ip6tables-extra
499 TITLE:=IPv6 header matching modules
500 endef
501
502 define Package/ip6tables-extra/description
503 iptables header matching modules for IPv6
504 endef
505
506 define Package/ip6tables-mod-nat
507 $(call Package/iptables/Default)
508 DEPENDS:=+libxtables +kmod-ipt-nat6
509 TITLE:=IPv6 NAT extensions
510 endef
511
512 define Package/ip6tables-mod-nat/description
513 iptables extensions for IPv6-NAT targets.
514 endef
515
516 define Package/libip4tc
517 $(call Package/iptables/Default)
518 SECTION:=libs
519 CATEGORY:=Libraries
520 TITLE:=IPv4 firewall - shared libiptc library
521 ABI_VERSION:=2
522 endef
523
524 define Package/libip6tc
525 $(call Package/iptables/Default)
526 SECTION:=libs
527 CATEGORY:=Libraries
528 TITLE:=IPv6 firewall - shared libiptc library
529 ABI_VERSION:=2
530 endef
531
532 define Package/libiptext
533 $(call Package/iptables/Default)
534 SECTION:=libs
535 CATEGORY:=Libraries
536 TITLE:=IPv4 firewall - shared libiptext library
537 ABI_VERSION:=0
538 DEPENDS:=+libxtables
539 endef
540
541 define Package/libiptext6
542 $(call Package/iptables/Default)
543 SECTION:=libs
544 CATEGORY:=Libraries
545 TITLE:=IPv6 firewall - shared libiptext library
546 ABI_VERSION:=0
547 DEPENDS:=+libxtables
548 endef
549
550 define Package/libiptext-nft
551 $(call Package/iptables/Default)
552 SECTION:=libs
553 CATEGORY:=Libraries
554 TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
555 ABI_VERSION:=0
556 DEPENDS:=@IPTABLES_NFTABLES +libxtables
557 endef
558
559 define Package/libxtables
560 $(call Package/iptables/Default)
561 SECTION:=libs
562 CATEGORY:=Libraries
563 TITLE:=IPv4/IPv6 firewall - shared xtables library
564 MENU:=1
565 ABI_VERSION:=12
566 DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
567 endef
568
569 define Package/libxtables/config
570 config IPTABLES_CONNLABEL
571 bool "Enable Connlabel support"
572 default n
573 help
574 This enable connlabel support in iptables.
575
576 config IPTABLES_NFTABLES
577 bool "Enable Nftables support"
578 default y
579 help
580 This enable nftables support in iptables.
581 endef
582
583 TARGET_CPPFLAGS := \
584 -I$(PKG_BUILD_DIR)/include \
585 -I$(LINUX_DIR)/user_headers/include \
586 $(TARGET_CPPFLAGS)
587
588 TARGET_CFLAGS += \
589 -I$(PKG_BUILD_DIR)/include \
590 -I$(LINUX_DIR)/user_headers/include \
591 -ffunction-sections -fdata-sections \
592 -DNO_LEGACY
593
594 TARGET_LDFLAGS += \
595 -Wl,--gc-sections
596
597 CONFIGURE_ARGS += \
598 --enable-shared \
599 --enable-static \
600 --enable-devel \
601 --with-kernel="$(LINUX_DIR)/user_headers" \
602 --with-xtlibdir=/usr/lib/iptables \
603 --with-xt-lock-name=/var/run/xtables.lock \
604 $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
605 $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
606 $(if $(CONFIG_IPV6),,--disable-ipv6)
607
608 MAKE_FLAGS := \
609 $(TARGET_CONFIGURE_OPTS) \
610 COPT_FLAGS="$(TARGET_CFLAGS)" \
611 KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
612 KBUILD_OUTPUT="$(LINUX_DIR)" \
613 BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
614
615 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
616 define Build/Configure/rebuild
617 $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
618 rm -f $(PKG_BUILD_DIR)/.config_*
619 rm -f $(PKG_BUILD_DIR)/.configured_*
620 touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
621 endef
622 endif
623
624 define Build/Configure
625 $(Build/Configure/rebuild)
626 $(Build/Configure/Default)
627 endef
628
629 define Build/InstallDev
630 $(INSTALL_DIR) $(1)/usr/include
631 $(INSTALL_DIR) $(1)/usr/include/iptables
632 $(INSTALL_DIR) $(1)/usr/include/net/netfilter
633
634 # XXX: iptables header fixup, some headers are not installed by iptables anymore
635 $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
636 $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
637 $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
638 $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
639 $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
640
641 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
642 $(INSTALL_DIR) $(1)/usr/lib
643 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
644 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
645 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
646 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
647 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
648
649 # XXX: needed by firewall3
650 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
651 endef
652
653 define Package/xtables-legacy/install
654 $(INSTALL_DIR) $(1)/usr/sbin
655 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
656 endef
657
658 define Package/iptables-legacy/install
659 $(INSTALL_DIR) $(1)/usr/sbin
660 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
661 $(INSTALL_DIR) $(1)/usr/lib/iptables
662 endef
663
664 define Package/xtables-nft/install
665 $(INSTALL_DIR) $(1)/usr/sbin
666 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
667 endef
668
669 define Package/iptables-nft/install
670 $(INSTALL_DIR) $(1)/usr/sbin
671 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
672 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
673 endef
674
675 define Package/ip6tables-legacy/install
676 $(INSTALL_DIR) $(1)/usr/sbin
677 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
678 endef
679
680 define Package/ip6tables-nft/install
681 $(INSTALL_DIR) $(1)/usr/sbin
682 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
683 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
684 endef
685
686 define Package/libip4tc/install
687 $(INSTALL_DIR) $(1)/usr/lib
688 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
689 endef
690
691 define Package/libip6tc/install
692 $(INSTALL_DIR) $(1)/usr/lib
693 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
694 endef
695
696 define Package/libiptext/install
697 $(INSTALL_DIR) $(1)/usr/lib
698 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
699 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
700 endef
701
702 define Package/libiptext6/install
703 $(INSTALL_DIR) $(1)/usr/lib
704 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
705 endef
706
707 define Package/libiptext-nft/install
708 $(INSTALL_DIR) $(1)/usr/lib
709 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
710 endef
711
712 define Package/libxtables/install
713 $(INSTALL_DIR) $(1)/usr/lib
714 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
715 endef
716
717 define BuildPlugin
718 define Package/$(1)/install
719 $(INSTALL_DIR) $$(1)/usr/lib/iptables
720 for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
721 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
722 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
723 fi; \
724 done
725 $(3)
726 endef
727
728 $$(eval $$(call BuildPackage,$(1)))
729 endef
730
731 $(eval $(call BuildPackage,libxtables))
732 $(eval $(call BuildPackage,libip4tc))
733 $(eval $(call BuildPackage,libip6tc))
734 $(eval $(call BuildPackage,libiptext))
735 $(eval $(call BuildPackage,libiptext6))
736 $(eval $(call BuildPackage,libiptext-nft))
737 $(eval $(call BuildPackage,xtables-legacy))
738 $(eval $(call BuildPackage,iptables-legacy))
739 $(eval $(call BuildPackage,xtables-nft))
740 $(eval $(call BuildPackage,iptables-nft))
741 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
742 $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
743 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
744 $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
745 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
746 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
747 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
748 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
749 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
750 $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
751 $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
752 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
753 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
754 $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
755 $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
756 $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
757 $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
758 $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
759 $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
760 $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
761 $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
762 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
763 $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
764 $(eval $(call BuildPackage,ip6tables-legacy))
765 $(eval $(call BuildPackage,ip6tables-nft))
766 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
767 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
768
Staging tree of dedeckeh