include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
-PKG_VERSION:=1.4.10
-PKG_RELEASE:=5
+PKG_VERSION:=1.4.20
+PKG_RELEASE:=1
-PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
+PKG_MD5SUM:=387b92d3efcf4f07fe31c3bf0f1d18f5
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
define Package/iptables
$(call Package/iptables/Default)
- TITLE:=IPv4 firewall administration tool
+ TITLE:=IP firewall administration tool
MENU:=1
- DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
+ DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
endef
define Package/iptables/description
-IPv4 firewall administration tool.
+IP firewall administration tool.
Matches:
- icmp
- tcp
- udp
- comment
+ - conntrack
- limit
- mac
+ - mark
- multiport
+ - set
+ - state
+ - time
Targets:
- ACCEPT
+ - CT
+ - DNAT
- DROP
- REJECT
- LOG
+ - MARK
+ - MASQUERADE
+ - REDIRECT
+ - SET
+ - SNAT
- TCPMSS
Tables:
- filter
- mangle
+ - nat
+ - raw
endef
- dscp
- ecn
- length
- - mark
- statistic
- tcpmss
- - time
- unclean
- hl
- DSCP
- CLASSIFY
- ECN
- - MARK
- HL
endef
endef
-define Package/iptables-mod-ipset
-$(call Package/iptables/Module,)
- TITLE:=IPset iptables extensions
-endef
-
-define Package/iptables-mod-ipset/description
-IPset iptables extensions.
-
- Matches:
- - set
-
- Targets:
- - SET
-
-endef
-
define Package/iptables-mod-nat-extra
$(call Package/iptables/Module, +kmod-ipt-nat-extra)
TITLE:=Extra NAT extensions
Targets:
- MIRROR
- NETMAP
- - REDIRECT
endef
define Package/iptables-mod-ulog
define Package/ip6tables
$(call Package/iptables/Default)
- DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
- CATEGORY:=IPv6
+ DEPENDS:=@IPV6 +kmod-ip6tables +iptables
+ CATEGORY:=Network
TITLE:=IPv6 firewall administration tool
MENU:=1
endef
+
+define Package/ip6tables-mod-nat
+$(call Package/iptables/Default)
+ DEPENDS:=ip6tables +kmod-ipt-nat6
+ TITLE:=IPv6 NAT extensions
+endef
+
+define Package/ip6tables-mod-nat/description
+iptables extensions for IPv6-NAT targets.
+endef
+
define Package/libiptc
$(call Package/iptables/Default)
SECTION:=libs
TARGET_CFLAGS += \
-I$(PKG_BUILD_DIR)/include \
- -I$(LINUX_DIR)/user_headers/include
+ -I$(LINUX_DIR)/user_headers/include \
+ -ffunction-sections -fdata-sections
+
+TARGET_LDFLAGS += \
+ -Wl,--gc-sections
CONFIGURE_ARGS += \
--enable-shared \
--enable-devel \
- $(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
--with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \
--enable-static
COPT_FLAGS="$(TARGET_CFLAGS)" \
KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
KBUILD_OUTPUT="$(LINUX_DIR)" \
- BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
+ BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(INSTALL_DIR) $(1)/usr/include/net/netfilter
# XXX: iptables header fixup, some headers are not installed by iptables anymore
- $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
+ $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
+
+ # XXX: needed by firewall3
+ $(INSTALL_DIR) $(1)/usr/lib/iptables
+ $(CP) $(PKG_BUILD_DIR)/extensions/libext*.a $(1)/usr/lib/iptables/
endef
define Package/iptables/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
- $(LN) iptables $(1)/usr/sbin/iptables-save
- $(LN) iptables $(1)/usr/sbin/iptables-restore
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/iptables
endef
define Package/ip6tables/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
- $(LN) ip6tables $(1)/usr/sbin/ip6tables-save
- $(LN) ip6tables $(1)/usr/sbin/ip6tables-restore
- $(INSTALL_DIR) $(1)/usr/lib/iptables
- (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
- $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
- )
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
endef
define Package/libiptc/install
define BuildPlugin
define Package/$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/iptables
- for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
+ for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
fi; \
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
-$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
$(eval $(call BuildPackage,ip6tables))
+$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
$(eval $(call BuildPackage,libiptc))
$(eval $(call BuildPackage,libip4tc))
$(eval $(call BuildPackage,libip6tc))