include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
-PKG_VERSION:=1.6.2
-PKG_RELEASE:=3
+PKG_VERSION:=1.8.3
+PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://git.netfilter.org/iptables
-PKG_SOURCE_VERSION:=c16bdec15137b241586310d0e61bc88cc3726004
-PKG_MIRROR_HASH:=72e4bec94a56dd600097846c773e1074ff705e38f800ef221db646c064371a53
+PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_HASH:=a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80
PKG_FIXUP:=autoreconf
PKG_FLAGS:=nonshared
SECTION:=net
CATEGORY:=Network
SUBMENU:=Firewall
- URL:=http://netfilter.org/
+ URL:=https://netfilter.org/
endef
define Package/iptables/Module
endef
-define Package/iptables-compat
+define Package/iptables-nft
$(call Package/iptables/Default)
- TITLE:=IP firewall administration tool compat
- DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-compat
+ TITLE:=IP firewall administration tool nft
+ DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-nft
endef
-define Package/iptables-compat/description
-Extra iptables nftables compat binaries.
- iptables-compat
- iptables-compat-restore
- iptables-compat-save
+define Package/iptables-nft/description
+Extra iptables nftables nft binaries.
+ iptables-nft
+ iptables-nft-restore
+ iptables-nft-save
iptables-translate
iptables-restore-translate
endef
MENU:=1
endef
-define Package/ip6tables-compat
+define Package/ip6tables-nft
$(call Package/iptables/Default)
- DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-compat
- TITLE:=IP firewall administration tool compat
+ DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-nft
+ TITLE:=IP firewall administration tool nft
endef
-define Package/ip6tables-compat/description
-Extra ip6tables nftables compat binaries.
- iptables-compat
- iptables-compat-restore
- iptables-compat-save
+define Package/ip6tables-nft/description
+Extra ip6tables nftables nft binaries.
+ iptables-nft
+ iptables-nft-restore
+ iptables-nft-save
iptables-translate
iptables-restore-translate
endef
SECTION:=libs
CATEGORY:=Libraries
DEPENDS:=+libip4tc +libip6tc +libxtables
- ABI_VERSION:=$(PKG_VERSION)
- TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
+ ABI_VERSION:=0
+ TITLE:=IPv4/IPv6 firewall - shared libiptc library (nf compatibility stub)
endef
define Package/libip4tc
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4 firewall - shared libiptc library
- ABI_VERSION:=$(PKG_VERSION)
+ ABI_VERSION:=2
DEPENDS:=+libxtables
endef
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv6 firewall - shared libiptc library
- ABI_VERSION:=$(PKG_VERSION)
+ ABI_VERSION:=2
DEPENDS:=+libxtables
endef
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables library
- ABI_VERSION:=$(PKG_VERSION)
+ ABI_VERSION:=12
DEPENDS:= \
+IPTABLES_CONNLABEL:libnetfilter-conntrack \
+IPTABLES_NFTABLES:libnftnl
endef
-define Package/libxtables-compat
+define Package/libxtables-nft
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
- TITLE:=IPv4/IPv6 firewall - shared xtables compat library
- ABI_VERSION:=$(PKG_VERSION)
+ TITLE:=IPv4/IPv6 firewall - shared xtables nft library
+ ABI_VERSION:=12
DEPENDS:=libxtables
endef
define Package/iptables/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/iptables
endef
-define Package/iptables-compat/install
+define Package/iptables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-compat-multi $(1)/usr/sbin/
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-compat{,-restore,-save} $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
endef
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
endef
-define Package/ip6tables-compat/install
+define Package/ip6tables-nft/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-compat{,-restore,-save} $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/libiptc/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so.* $(1)/usr/lib/
endef
define Package/libip4tc/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
endef
define Package/libip6tc/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
endef
define Package/libxtables/install
$(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
endef
-define Package/libxtables-compat/install
+define Package/libxtables-nft/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
endef
endef
$(eval $(call BuildPackage,iptables))
-$(eval $(call BuildPackage,iptables-compat))
+$(eval $(call BuildPackage,iptables-nft))
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
$(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
$(eval $(call BuildPackage,ip6tables))
-$(eval $(call BuildPackage,ip6tables-compat))
+$(eval $(call BuildPackage,ip6tables-nft))
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
$(eval $(call BuildPackage,libiptc))
$(eval $(call BuildPackage,libip4tc))
$(eval $(call BuildPackage,libip6tc))
$(eval $(call BuildPackage,libxtables))
-$(eval $(call BuildPackage,libxtables-compat))
+$(eval $(call BuildPackage,libxtables-nft))