projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
iptables: use ALTERNATIVES for ip(6)tables(-nft)
[openwrt/openwrt.git] / package / network / utils / iptables / Makefile
1 #
2 # Copyright (C) 2006-2016 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9 include $(INCLUDE_DIR)/kernel.mk
10
11 PKG_NAME:=iptables
12 PKG_VERSION:=1.8.7
13 PKG_RELEASE:=2
14
15 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17 PKG_HASH:=c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0
18
19 PKG_FIXUP:=autoreconf
20 PKG_FLAGS:=nonshared
21
22 PKG_INSTALL:=1
23 PKG_BUILD_PARALLEL:=1
24 PKG_LICENSE:=GPL-2.0
25 PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
26
27 include $(INCLUDE_DIR)/package.mk
28 ifeq ($(DUMP),)
29 -include $(LINUX_DIR)/.config
30 include $(INCLUDE_DIR)/netfilter.mk
31 STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
32 endif
33
34
35 define Package/iptables/Default
36 SECTION:=net
37 CATEGORY:=Network
38 SUBMENU:=Firewall
39 URL:=https://netfilter.org/
40 endef
41
42 define Package/iptables/Module
43 $(call Package/iptables/Default)
44 DEPENDS:=+iptables $(1)
45 endef
46
47 define Package/iptables
48 $(call Package/iptables/Default)
49 TITLE:=IP firewall administration tool
50 MENU:=1
51 DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
52 ALTERNATIVES:=\
53 200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
54 200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
55 200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
56 endef
57
58 define Package/iptables/config
59 config IPTABLES_CONNLABEL
60 bool "Enable Connlabel support"
61 default n
62 help
63 This enable connlabel support in iptables.
64
65 config IPTABLES_NFTABLES
66 bool "Enable Nftables support"
67 default y
68 help
69 This enable nftables support in iptables.
70 endef
71
72 define Package/iptables/description
73 IP firewall administration tool.
74
75 Matches:
76 - icmp
77 - tcp
78 - udp
79 - comment
80 - conntrack
81 - limit
82 - mac
83 - mark
84 - multiport
85 - set
86 - state
87 - time
88
89 Targets:
90 - ACCEPT
91 - CT
92 - DNAT
93 - DROP
94 - REJECT
95 - FLOWOFFLOAD
96 - LOG
97 - MARK
98 - MASQUERADE
99 - REDIRECT
100 - SET
101 - SNAT
102 - TCPMSS
103
104 Tables:
105 - filter
106 - mangle
107 - nat
108 - raw
109
110 endef
111
112 define Package/iptables-nft
113 $(call Package/iptables/Default)
114 TITLE:=IP firewall administration tool nft
115 DEPENDS:=@IPTABLES_NFTABLES +libxtables-nft +libip4tc +IPV6:libip6tc +kmod-ipt-core +kmod-nft-compat
116 ALTERNATIVES:=\
117 300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
118 300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
119 300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
120 endef
121
122 define Package/iptables-nft/description
123 Extra iptables nftables nft binaries.
124 iptables-nft
125 iptables-nft-restore
126 iptables-nft-save
127 iptables-translate
128 iptables-restore-translate
129 endef
130
131 define Package/iptables-mod-conntrack-extra
132 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
133 TITLE:=Extra connection tracking extensions
134 endef
135
136 define Package/iptables-mod-conntrack-extra/description
137 Extra iptables extensions for connection tracking.
138
139 Matches:
140 - connbytes
141 - connlimit
142 - connmark
143 - recent
144 - helper
145
146 Targets:
147 - CONNMARK
148
149 endef
150
151 define Package/iptables-mod-conntrack-label
152 $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
153 TITLE:=Connection tracking labeling extension
154 DEFAULT:=y if IPTABLES_CONNLABEL
155 endef
156
157 define Package/iptables-mod-conntrack-label/description
158 Match and set label(s) on connection tracking entries
159
160 Matches:
161 - connlabel
162
163 endef
164
165 define Package/iptables-mod-filter
166 $(call Package/iptables/Module, +kmod-ipt-filter)
167 TITLE:=Content inspection extensions
168 endef
169
170 define Package/iptables-mod-filter/description
171 iptables extensions for packet content inspection.
172 Includes support for:
173
174 Matches:
175 - string
176 - bpf
177
178 endef
179
180 define Package/iptables-mod-ipopt
181 $(call Package/iptables/Module, +kmod-ipt-ipopt)
182 TITLE:=IP/Packet option extensions
183 endef
184
185 define Package/iptables-mod-ipopt/description
186 iptables extensions for matching/changing IP packet options.
187
188 Matches:
189 - dscp
190 - ecn
191 - length
192 - statistic
193 - tcpmss
194 - unclean
195 - hl
196
197 Targets:
198 - DSCP
199 - CLASSIFY
200 - ECN
201 - HL
202
203 endef
204
205 define Package/iptables-mod-ipsec
206 $(call Package/iptables/Module, +kmod-ipt-ipsec)
207 TITLE:=IPsec extensions
208 endef
209
210 define Package/iptables-mod-ipsec/description
211 iptables extensions for matching ipsec traffic.
212
213 Matches:
214 - ah
215 - esp
216 - policy
217
218 endef
219
220 define Package/iptables-mod-nat-extra
221 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
222 TITLE:=Extra NAT extensions
223 endef
224
225 define Package/iptables-mod-nat-extra/description
226 iptables extensions for extra NAT targets.
227
228 Targets:
229 - MIRROR
230 - NETMAP
231 endef
232
233 define Package/iptables-mod-ulog
234 $(call Package/iptables/Module, +kmod-ipt-ulog)
235 TITLE:=user-space packet logging
236 endef
237
238 define Package/iptables-mod-ulog/description
239 iptables extensions for user-space packet logging.
240
241 Targets:
242 - ULOG
243
244 endef
245
246 define Package/iptables-mod-nflog
247 $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
248 TITLE:=Netfilter NFLOG target
249 endef
250
251 define Package/iptables-mod-nflog/description
252 iptables extension for user-space logging via NFNETLINK.
253
254 Includes:
255 - libxt_NFLOG
256
257 endef
258
259 define Package/iptables-mod-trace
260 $(call Package/iptables/Module, +kmod-ipt-debug)
261 TITLE:=Netfilter TRACE target
262 endef
263
264 define Package/iptables-mod-trace/description
265 iptables extension for TRACE target
266
267 Includes:
268 - libxt_TRACE
269
270 endef
271
272
273 define Package/iptables-mod-nfqueue
274 $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
275 TITLE:=Netfilter NFQUEUE target
276 endef
277
278 define Package/iptables-mod-nfqueue/description
279 iptables extension for user-space queuing via NFNETLINK.
280
281 Includes:
282 - libxt_NFQUEUE
283
284 endef
285
286 define Package/iptables-mod-hashlimit
287 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
288 TITLE:=hashlimit matching
289 endef
290
291 define Package/iptables-mod-hashlimit/description
292 iptables extensions for hashlimit matching
293
294 Matches:
295 - hashlimit
296
297 endef
298
299 define Package/iptables-mod-rpfilter
300 $(call Package/iptables/Module, +kmod-ipt-rpfilter)
301 TITLE:=rpfilter iptables extension
302 endef
303
304 define Package/iptables-mod-rpfilter/description
305 iptables extensions for reverse path filter test on a packet
306
307 Matches:
308 - rpfilter
309
310 endef
311
312 define Package/iptables-mod-iprange
313 $(call Package/iptables/Module, +kmod-ipt-iprange)
314 TITLE:=IP range extension
315 endef
316
317 define Package/iptables-mod-iprange/description
318 iptables extensions for matching ip ranges.
319
320 Matches:
321 - iprange
322
323 endef
324
325 define Package/iptables-mod-cluster
326 $(call Package/iptables/Module, +kmod-ipt-cluster)
327 TITLE:=Match cluster extension
328 endef
329
330 define Package/iptables-mod-cluster/description
331 iptables extensions for matching cluster.
332
333 Netfilter (IPv4/IPv6) module for matching cluster
334 This option allows you to build work-load-sharing clusters of
335 network servers/stateful firewalls without having a dedicated
336 load-balancing router/server/switch. Basically, this match returns
337 true when the packet must be handled by this cluster node. Thus,
338 all nodes see all packets and this match decides which node handles
339 what packets. The work-load sharing algorithm is based on source
340 address hashing.
341
342 This module is usable for ipv4 and ipv6.
343
344 If you select it, it enables kmod-ipt-cluster.
345
346 see `iptables -m cluster --help` for more information.
347 endef
348
349 define Package/iptables-mod-clusterip
350 $(call Package/iptables/Module, +kmod-ipt-clusterip)
351 TITLE:=Clusterip extension
352 endef
353
354 define Package/iptables-mod-clusterip/description
355 iptables extensions for CLUSTERIP.
356 The CLUSTERIP target allows you to build load-balancing clusters of
357 network servers without having a dedicated load-balancing
358 router/server/switch.
359
360 If you select it, it enables kmod-ipt-clusterip.
361
362 see `iptables -j CLUSTERIP --help` for more information.
363 endef
364
365 define Package/iptables-mod-extra
366 $(call Package/iptables/Module, +kmod-ipt-extra)
367 TITLE:=Other extra iptables extensions
368 endef
369
370 define Package/iptables-mod-extra/description
371 Other extra iptables extensions.
372
373 Matches:
374 - addrtype
375 - condition
376 - owner
377 - pkttype
378 - quota
379
380 endef
381
382 define Package/iptables-mod-physdev
383 $(call Package/iptables/Module, +kmod-ipt-physdev)
384 TITLE:=physdev iptables extension
385 endef
386
387 define Package/iptables-mod-physdev/description
388 The iptables physdev match.
389 endef
390
391 define Package/iptables-mod-led
392 $(call Package/iptables/Module, +kmod-ipt-led)
393 TITLE:=LED trigger iptables extension
394 endef
395
396 define Package/iptables-mod-led/description
397 iptables extension for triggering a LED.
398
399 Targets:
400 - LED
401
402 endef
403
404 define Package/iptables-mod-tproxy
405 $(call Package/iptables/Module, +kmod-ipt-tproxy)
406 TITLE:=Transparent proxy iptables extensions
407 endef
408
409 define Package/iptables-mod-tproxy/description
410 Transparent proxy iptables extensions.
411
412 Matches:
413 - socket
414
415 Targets:
416 - TPROXY
417
418 endef
419
420 define Package/iptables-mod-tee
421 $(call Package/iptables/Module, +kmod-ipt-tee)
422 TITLE:=TEE iptables extensions
423 endef
424
425 define Package/iptables-mod-tee/description
426 TEE iptables extensions.
427
428 Targets:
429 - TEE
430
431 endef
432
433 define Package/iptables-mod-u32
434 $(call Package/iptables/Module, +kmod-ipt-u32)
435 TITLE:=U32 iptables extensions
436 endef
437
438 define Package/iptables-mod-u32/description
439 U32 iptables extensions.
440
441 Matches:
442 - u32
443
444 endef
445
446 define Package/iptables-mod-checksum
447 $(call Package/iptables/Module, +kmod-ipt-checksum)
448 TITLE:=IP CHECKSUM target extension
449 endef
450
451 define Package/iptables-mod-checksum/description
452 iptables extension for the CHECKSUM calculation target
453 endef
454
455 define Package/ip6tables
456 $(call Package/iptables/Default)
457 DEPENDS:=@IPV6 +kmod-ip6tables +iptables
458 CATEGORY:=Network
459 TITLE:=IPv6 firewall administration tool
460 MENU:=1
461 ALTERNATIVES:=\
462 200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
463 200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
464 200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
465 endef
466
467 define Package/ip6tables-nft
468 $(call Package/iptables/Default)
469 DEPENDS:=@IPV6 +kmod-ip6tables +iptables-nft
470 TITLE:=IP firewall administration tool nft
471 ALTERNATIVES:=\
472 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
473 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
474 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
475 endef
476
477 define Package/ip6tables-nft/description
478 Extra ip6tables nftables nft binaries.
479 ip6tables-nft
480 ip6tables-nft-restore
481 ip6tables-nft-save
482 ip6tables-translate
483 ip6tables-restore-translate
484 endef
485
486 define Package/ip6tables-extra
487 $(call Package/iptables/Default)
488 DEPENDS:=ip6tables +kmod-ip6tables-extra
489 TITLE:=IPv6 header matching modules
490 endef
491
492 define Package/ip6tables-extra/description
493 iptables header matching modules for IPv6
494 endef
495
496 define Package/ip6tables-mod-nat
497 $(call Package/iptables/Default)
498 DEPENDS:=ip6tables +kmod-ipt-nat6
499 TITLE:=IPv6 NAT extensions
500 endef
501
502 define Package/ip6tables-mod-nat/description
503 iptables extensions for IPv6-NAT targets.
504 endef
505
506 define Package/libip4tc
507 $(call Package/iptables/Default)
508 SECTION:=libs
509 CATEGORY:=Libraries
510 TITLE:=IPv4 firewall - shared libiptc library
511 ABI_VERSION:=2
512 DEPENDS:=+libxtables
513 endef
514
515 define Package/libip6tc
516 $(call Package/iptables/Default)
517 SECTION:=libs
518 CATEGORY:=Libraries
519 TITLE:=IPv6 firewall - shared libiptc library
520 ABI_VERSION:=2
521 DEPENDS:=+libxtables
522 endef
523
524 define Package/libxtables
525 $(call Package/iptables/Default)
526 SECTION:=libs
527 CATEGORY:=Libraries
528 TITLE:=IPv4/IPv6 firewall - shared xtables library
529 ABI_VERSION:=12
530 DEPENDS:= \
531 +IPTABLES_CONNLABEL:libnetfilter-conntrack \
532 +IPTABLES_NFTABLES:libnftnl
533 endef
534
535 define Package/libxtables-nft
536 $(call Package/iptables/Default)
537 SECTION:=libs
538 CATEGORY:=Libraries
539 TITLE:=IPv4/IPv6 firewall - shared xtables nft library
540 ABI_VERSION:=12
541 DEPENDS:=+libxtables
542 endef
543
544 TARGET_CPPFLAGS := \
545 -I$(PKG_BUILD_DIR)/include \
546 -I$(LINUX_DIR)/user_headers/include \
547 $(TARGET_CPPFLAGS)
548
549 TARGET_CFLAGS += \
550 -I$(PKG_BUILD_DIR)/include \
551 -I$(LINUX_DIR)/user_headers/include \
552 -ffunction-sections -fdata-sections \
553 -DNO_LEGACY
554
555 TARGET_LDFLAGS += \
556 -Wl,--gc-sections
557
558 CONFIGURE_ARGS += \
559 --enable-shared \
560 --enable-static \
561 --enable-devel \
562 --with-kernel="$(LINUX_DIR)/user_headers" \
563 --with-xtlibdir=/usr/lib/iptables \
564 --with-xt-lock-name=/var/run/xtables.lock \
565 $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
566 $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
567 $(if $(CONFIG_IPV6),,--disable-ipv6)
568
569 MAKE_FLAGS := \
570 $(TARGET_CONFIGURE_OPTS) \
571 COPT_FLAGS="$(TARGET_CFLAGS)" \
572 KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
573 KBUILD_OUTPUT="$(LINUX_DIR)" \
574 BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
575
576 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
577 define Build/Configure/rebuild
578 $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
579 rm -f $(PKG_BUILD_DIR)/.config_*
580 rm -f $(PKG_BUILD_DIR)/.configured_*
581 touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
582 endef
583 endif
584
585 define Build/Configure
586 $(Build/Configure/rebuild)
587 $(Build/Configure/Default)
588 endef
589
590 define Build/InstallDev
591 $(INSTALL_DIR) $(1)/usr/include
592 $(INSTALL_DIR) $(1)/usr/include/iptables
593 $(INSTALL_DIR) $(1)/usr/include/net/netfilter
594
595 # XXX: iptables header fixup, some headers are not installed by iptables anymore
596 $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
597 $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
598 $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
599 $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
600 $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
601
602 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
603 $(INSTALL_DIR) $(1)/usr/lib
604 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
605 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
606 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
607 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
608 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
609
610 # XXX: needed by firewall3
611 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
612 endef
613
614 define Package/iptables/install
615 $(INSTALL_DIR) $(1)/usr/sbin
616 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
617 $(INSTALL_DIR) $(1)/usr/lib/iptables
618 endef
619
620 define Package/iptables-nft/install
621 $(INSTALL_DIR) $(1)/usr/sbin
622 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
623 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
624 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
625 endef
626
627 define Package/ip6tables/install
628 $(INSTALL_DIR) $(1)/usr/sbin
629 endef
630
631 define Package/ip6tables-nft/install
632 $(INSTALL_DIR) $(1)/usr/sbin
633 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
634 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
635 endef
636
637 define Package/libip4tc/install
638 $(INSTALL_DIR) $(1)/usr/lib
639 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
640 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
641 endef
642
643 define Package/libip6tc/install
644 $(INSTALL_DIR) $(1)/usr/lib
645 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
646 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
647 endef
648
649 define Package/libxtables/install
650 $(INSTALL_DIR) $(1)/usr/lib
651 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
652 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
653 endef
654
655 define Package/libxtables-nft/install
656 $(INSTALL_DIR) $(1)/usr/lib
657 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
658 endef
659
660 define BuildPlugin
661 define Package/$(1)/install
662 $(INSTALL_DIR) $$(1)/usr/lib/iptables
663 for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
664 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
665 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
666 fi; \
667 done
668 $(3)
669 endef
670
671 $$(eval $$(call BuildPackage,$(1)))
672 endef
673
674 $(eval $(call BuildPackage,libxtables))
675 $(eval $(call BuildPackage,libxtables-nft))
676 $(eval $(call BuildPackage,libip4tc))
677 $(eval $(call BuildPackage,libip6tc))
678 $(eval $(call BuildPackage,iptables))
679 $(eval $(call BuildPackage,iptables-nft))
680 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
681 $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
682 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
683 $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
684 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
685 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
686 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
687 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
688 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
689 $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
690 $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
691 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
692 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
693 $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
694 $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
695 $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
696 $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
697 $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
698 $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
699 $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
700 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
701 $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
702 $(eval $(call BuildPackage,ip6tables))
703 $(eval $(call BuildPackage,ip6tables-nft))
704 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
705 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
706
OpenWrt Source Repository