package/network/utils/iptables/Makefile

   1 #
   2 # Copyright (C) 2006-2016 OpenWrt.org
   3 #
   4 # This is free software, licensed under the GNU General Public License v2.
   5 # See /LICENSE for more information.
   6 #
   7
   8 include $(TOPDIR)/rules.mk
   9 include $(INCLUDE_DIR)/kernel.mk
  10
  11 PKG_NAME:=iptables
  12 PKG_VERSION:=1.6.2
  13 PKG_RELEASE:=1
  14
  15 PKG_SOURCE_PROTO:=git
  16 PKG_SOURCE_URL:=https://git.netfilter.org/iptables
  17 PKG_SOURCE_VERSION:=c16bdec15137b241586310d0e61bc88cc3726004
  18 PKG_MIRROR_HASH:=72e4bec94a56dd600097846c773e1074ff705e38f800ef221db646c064371a53
  19
  20 PKG_FIXUP:=autoreconf
  21 PKG_FLAGS:=nonshared
  22
  23 PKG_INSTALL:=1
  24 PKG_BUILD_PARALLEL:=1
  25 PKG_LICENSE:=GPL-2.0
  26 PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
  27
  28 include $(INCLUDE_DIR)/package.mk
  29 ifeq ($(DUMP),)
  30   -include $(LINUX_DIR)/.config
  31   include $(INCLUDE_DIR)/netfilter.mk
  32   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
  33 endif
  34
  35
  36 define Package/iptables/Default
  37   SECTION:=net
  38   CATEGORY:=Network
  39   SUBMENU:=Firewall
  40   URL:=http://netfilter.org/
  41 endef
  42
  43 define Package/iptables/Module
  44 $(call Package/iptables/Default)
  45   DEPENDS:=iptables $(1)
  46 endef
  47
  48 define Package/iptables
  49 $(call Package/iptables/Default)
  50   TITLE:=IP firewall administration tool
  51   MENU:=1
  52   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
  53 endef
  54
  55 define Package/iptables/config
  56   config IPTABLES_CONNLABEL
  57         bool "Enable Connlabel support"
  58         default n
  59         help
  60                 This enable connlabel support in iptables.
  61
  62   config IPTABLES_NFTABLES
  63         bool "Enable Nftables support"
  64         default n
  65         help
  66                 This enable nftables support in iptables.
  67 endef
  68
  69 define Package/iptables/description
  70 IP firewall administration tool.
  71
  72  Matches:
  73   - icmp
  74   - tcp
  75   - udp
  76   - comment
  77   - conntrack
  78   - limit
  79   - mac
  80   - mark
  81   - multiport
  82   - set
  83   - state
  84   - time
  85
  86  Targets:
  87   - ACCEPT
  88   - CT
  89   - DNAT
  90   - DROP
  91   - REJECT
  92   - LOG
  93   - MARK
  94   - MASQUERADE
  95   - REDIRECT
  96   - SET
  97   - SNAT
  98   - TCPMSS
  99
 100  Tables:
 101   - filter
 102   - mangle
 103   - nat
 104   - raw
 105
 106 endef
 107
 108 define Package/iptables-mod-conntrack-extra
 109 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
 110   TITLE:=Extra connection tracking extensions
 111 endef
 112
 113 define Package/iptables-mod-conntrack-extra/description
 114 Extra iptables extensions for connection tracking.
 115
 116  Matches:
 117   - connbytes
 118   - connlimit
 119   - connmark
 120   - recent
 121   - helper
 122
 123  Targets:
 124   - CONNMARK
 125
 126 endef
 127
 128 define Package/iptables-mod-conntrack-label
 129 $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
 130   TITLE:=Connection tracking labeling extension
 131   DEFAULT:=y if IPTABLES_CONNLABEL
 132 endef
 133
 134 define Package/iptables-mod-conntrack-label/description
 135 Match and set label(s) on connection tracking entries
 136
 137  Matches:
 138   - connlabel
 139
 140 endef
 141
 142 define Package/iptables-mod-filter
 143 $(call Package/iptables/Module, +kmod-ipt-filter)
 144   TITLE:=Content inspection extensions
 145 endef
 146
 147 define Package/iptables-mod-filter/description
 148 iptables extensions for packet content inspection.
 149 Includes support for:
 150
 151  Matches:
 152   - string
 153
 154 endef
 155
 156 define Package/iptables-mod-ipopt
 157 $(call Package/iptables/Module, +kmod-ipt-ipopt)
 158   TITLE:=IP/Packet option extensions
 159 endef
 160
 161 define Package/iptables-mod-ipopt/description
 162 iptables extensions for matching/changing IP packet options.
 163
 164  Matches:
 165   - dscp
 166   - ecn
 167   - length
 168   - statistic
 169   - tcpmss
 170   - unclean
 171   - hl
 172
 173  Targets:
 174   - DSCP
 175   - CLASSIFY
 176   - ECN
 177   - HL
 178
 179 endef
 180
 181 define Package/iptables-mod-ipsec
 182 $(call Package/iptables/Module, +kmod-ipt-ipsec)
 183   TITLE:=IPsec extensions
 184 endef
 185
 186 define Package/iptables-mod-ipsec/description
 187 iptables extensions for matching ipsec traffic.
 188
 189  Matches:
 190   - ah
 191   - esp
 192   - policy
 193
 194 endef
 195
 196 define Package/iptables-mod-nat-extra
 197 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
 198   TITLE:=Extra NAT extensions
 199 endef
 200
 201 define Package/iptables-mod-nat-extra/description
 202 iptables extensions for extra NAT targets.
 203
 204  Targets:
 205   - MIRROR
 206   - NETMAP
 207 endef
 208
 209 define Package/iptables-mod-ulog
 210 $(call Package/iptables/Module, +kmod-ipt-ulog)
 211   TITLE:=user-space packet logging
 212 endef
 213
 214 define Package/iptables-mod-ulog/description
 215 iptables extensions for user-space packet logging.
 216
 217  Targets:
 218   - ULOG
 219
 220 endef
 221
 222 define Package/iptables-mod-nflog
 223 $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
 224   TITLE:=Netfilter NFLOG target
 225 endef
 226
 227 define Package/iptables-mod-nflog/description
 228  iptables extension for user-space logging via NFNETLINK.
 229
 230  Includes:
 231   - libxt_NFLOG
 232
 233 endef
 234
 235 define Package/iptables-mod-trace
 236 $(call Package/iptables/Module, +kmod-ipt-debug)
 237   TITLE:=Netfilter TRACE target
 238 endef
 239
 240 define Package/iptables-mod-trace/description
 241  iptables extension for TRACE target
 242
 243  Includes:
 244   - libxt_TRACE
 245
 246 endef
 247
 248
 249 define Package/iptables-mod-nfqueue
 250 $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
 251   TITLE:=Netfilter NFQUEUE target
 252 endef
 253
 254 define Package/iptables-mod-nfqueue/description
 255  iptables extension for user-space queuing via NFNETLINK.
 256
 257  Includes:
 258   - libxt_NFQUEUE
 259
 260 endef
 261
 262 define Package/iptables-mod-hashlimit
 263 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
 264   TITLE:=hashlimit matching
 265 endef
 266
 267 define Package/iptables-mod-hashlimit/description
 268 iptables extensions for hashlimit matching
 269
 270  Matches:
 271   - hashlimit
 272
 273 endef
 274
 275 define Package/iptables-mod-rpfilter
 276 $(call Package/iptables/Module, +kmod-ipt-rpfilter)
 277   TITLE:=rpfilter iptables extension
 278 endef
 279
 280 define Package/iptables-mod-rpfilter/description
 281 iptables extensions for reverse path filter test on a packet
 282
 283  Matches:
 284   - rpfilter
 285
 286 endef
 287
 288 define Package/iptables-mod-iprange
 289 $(call Package/iptables/Module, +kmod-ipt-iprange)
 290   TITLE:=IP range extension
 291 endef
 292
 293 define Package/iptables-mod-iprange/description
 294 iptables extensions for matching ip ranges.
 295
 296  Matches:
 297   - iprange
 298
 299 endef
 300
 301 define Package/iptables-mod-cluster
 302 $(call Package/iptables/Module, +kmod-ipt-cluster)
 303   TITLE:=Match cluster extension
 304 endef
 305
 306 define Package/iptables-mod-cluster/description
 307 iptables extensions for matching cluster.
 308
 309  Netfilter (IPv4/IPv6) module for matching cluster
 310  This option allows you to build work-load-sharing clusters of
 311  network servers/stateful firewalls without having a dedicated
 312  load-balancing router/server/switch. Basically, this match returns
 313  true when the packet must be handled by this cluster node. Thus,
 314  all nodes see all packets and this match decides which node handles
 315  what packets. The work-load sharing algorithm is based on source
 316  address hashing.
 317
 318  This module is usable for ipv4 and ipv6.
 319
 320  If you select it, it enables kmod-ipt-cluster.
 321
 322  see `iptables -m cluster --help` for more information.
 323 endef
 324
 325 define Package/iptables-mod-clusterip
 326 $(call Package/iptables/Module, +kmod-ipt-clusterip)
 327   TITLE:=Clusterip extension
 328 endef
 329
 330 define Package/iptables-mod-clusterip/description
 331 iptables extensions for CLUSTERIP.
 332  The CLUSTERIP target allows you to build load-balancing clusters of
 333  network servers without having a dedicated load-balancing
 334  router/server/switch.
 335
 336  If you select it, it enables kmod-ipt-clusterip.
 337
 338  see `iptables -j CLUSTERIP --help` for more information.
 339 endef
 340
 341 define Package/iptables-mod-extra
 342 $(call Package/iptables/Module, +kmod-ipt-extra)
 343   TITLE:=Other extra iptables extensions
 344 endef
 345
 346 define Package/iptables-mod-extra/description
 347 Other extra iptables extensions.
 348
 349  Matches:
 350   - addrtype
 351   - condition
 352   - owner
 353   - pkttype
 354   - quota
 355
 356 endef
 357
 358 define Package/iptables-mod-physdev
 359 $(call Package/iptables/Module, +kmod-ipt-physdev)
 360   TITLE:=physdev iptables extension
 361 endef
 362
 363 define Package/iptables-mod-physdev/description
 364 The iptables physdev match.
 365 endef
 366
 367 define Package/iptables-mod-led
 368 $(call Package/iptables/Module, +kmod-ipt-led)
 369   TITLE:=LED trigger iptables extension
 370 endef
 371
 372 define Package/iptables-mod-led/description
 373 iptables extension for triggering a LED.
 374
 375  Targets:
 376   - LED
 377
 378 endef
 379
 380 define Package/iptables-mod-tproxy
 381 $(call Package/iptables/Module, +kmod-ipt-tproxy)
 382   TITLE:=Transparent proxy iptables extensions
 383 endef
 384
 385 define Package/iptables-mod-tproxy/description
 386 Transparent proxy iptables extensions.
 387
 388  Matches:
 389   - socket
 390
 391  Targets:
 392   - TPROXY
 393
 394 endef
 395
 396 define Package/iptables-mod-tee
 397 $(call Package/iptables/Module, +kmod-ipt-tee)
 398   TITLE:=TEE iptables extensions
 399 endef
 400
 401 define Package/iptables-mod-tee/description
 402 TEE iptables extensions.
 403
 404  Targets:
 405   - TEE
 406
 407 endef
 408
 409 define Package/iptables-mod-u32
 410 $(call Package/iptables/Module, +kmod-ipt-u32)
 411   TITLE:=U32 iptables extensions
 412 endef
 413
 414 define Package/iptables-mod-u32/description
 415 U32 iptables extensions.
 416
 417  Matches:
 418   - u32
 419
 420 endef
 421
 422 define Package/iptables-mod-checksum
 423 $(call Package/iptables/Module, +kmod-ipt-checksum)
 424   TITLE:=IP CHECKSUM target extension
 425 endef
 426
 427 define Package/iptables-mod-checksum/description
 428 iptables extension for the CHECKSUM calculation target
 429 endef
 430
 431 define Package/ip6tables
 432 $(call Package/iptables/Default)
 433   DEPENDS:=@IPV6 +kmod-ip6tables +iptables
 434   CATEGORY:=Network
 435   TITLE:=IPv6 firewall administration tool
 436   MENU:=1
 437 endef
 438
 439
 440 define Package/ip6tables-extra
 441 $(call Package/iptables/Default)
 442   DEPENDS:=ip6tables +kmod-ip6tables-extra
 443   TITLE:=IPv6 header matching modules
 444 endef
 445
 446 define Package/ip6tables-mod-extra/description
 447 iptables header matching modules for IPv6
 448 endef
 449
 450 define Package/ip6tables-mod-nat
 451 $(call Package/iptables/Default)
 452   DEPENDS:=ip6tables +kmod-ipt-nat6
 453   TITLE:=IPv6 NAT extensions
 454 endef
 455
 456 define Package/ip6tables-mod-nat/description
 457 iptables extensions for IPv6-NAT targets.
 458 endef
 459
 460 define Package/libiptc
 461 $(call Package/iptables/Default)
 462   SECTION:=libs
 463   CATEGORY:=Libraries
 464   DEPENDS:=+libip4tc +libip6tc +libxtables
 465   ABI_VERSION:=$(PKG_VERSION)
 466   TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
 467 endef
 468
 469 define Package/libip4tc
 470 $(call Package/iptables/Default)
 471   SECTION:=libs
 472   CATEGORY:=Libraries
 473   TITLE:=IPv4 firewall - shared libiptc library
 474   ABI_VERSION:=$(PKG_VERSION)
 475   DEPENDS:=+libxtables
 476 endef
 477
 478 define Package/libip6tc
 479 $(call Package/iptables/Default)
 480   SECTION:=libs
 481   CATEGORY:=Libraries
 482   TITLE:=IPv6 firewall - shared libiptc library
 483   ABI_VERSION:=$(PKG_VERSION)
 484   DEPENDS:=+libxtables
 485 endef
 486
 487 define Package/libxtables
 488  $(call Package/iptables/Default)
 489  SECTION:=libs
 490  CATEGORY:=Libraries
 491  TITLE:=IPv4/IPv6 firewall - shared xtables library
 492  ABI_VERSION:=$(PKG_VERSION)
 493  DEPENDS:= \
 494         +IPTABLES_CONNLABEL:libnetfilter-conntrack \
 495         +IPTABLES_NFTABLES:libnftnl
 496 endef
 497
 498 TARGET_CPPFLAGS := \
 499         -I$(PKG_BUILD_DIR)/include \
 500         -I$(LINUX_DIR)/user_headers/include \
 501         $(TARGET_CPPFLAGS)
 502
 503 TARGET_CFLAGS += \
 504         -I$(PKG_BUILD_DIR)/include \
 505         -I$(LINUX_DIR)/user_headers/include \
 506         -ffunction-sections -fdata-sections \
 507         -DNO_LEGACY
 508
 509 TARGET_LDFLAGS += \
 510         -Wl,--gc-sections
 511
 512 CONFIGURE_ARGS += \
 513         --enable-shared \
 514         --enable-static \
 515         --enable-devel \
 516         --with-kernel="$(LINUX_DIR)/user_headers" \
 517         --with-xtlibdir=/usr/lib/iptables \
 518         --with-xt-lock-name=/var/run/xtables.lock \
 519         $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
 520         $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
 521         $(if $(CONFIG_IPV6),,--disable-ipv6)
 522
 523 MAKE_FLAGS := \
 524         $(TARGET_CONFIGURE_OPTS) \
 525         COPT_FLAGS="$(TARGET_CFLAGS)" \
 526         KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
 527         KBUILD_OUTPUT="$(LINUX_DIR)" \
 528         BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
 529
 530 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
 531   define Build/Configure/rebuild
 532         $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
 533         rm -f $(PKG_BUILD_DIR)/.config_*
 534         rm -f $(PKG_BUILD_DIR)/.configured_*
 535         touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
 536   endef
 537 endif
 538
 539 define Build/Configure
 540 $(Build/Configure/rebuild)
 541 $(Build/Configure/Default)
 542 endef
 543
 544 define Build/InstallDev
 545         $(INSTALL_DIR) $(1)/usr/include
 546         $(INSTALL_DIR) $(1)/usr/include/iptables
 547         $(INSTALL_DIR) $(1)/usr/include/net/netfilter
 548
 549         # XXX: iptables header fixup, some headers are not installed by iptables anymore
 550         $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
 551         $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
 552         $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
 553         $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
 554         $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
 555
 556         $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
 557         $(INSTALL_DIR) $(1)/usr/lib
 558         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
 559         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
 560         $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 561         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
 562         $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
 563
 564         # XXX: needed by firewall3
 565         $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
 566 endef
 567
 568 define Package/iptables/install
 569         $(INSTALL_DIR) $(1)/usr/sbin
 570         $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
 571         $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
 572         $(INSTALL_DIR) $(1)/usr/lib/iptables
 573 endef
 574
 575 define Package/ip6tables/install
 576         $(INSTALL_DIR) $(1)/usr/sbin
 577         $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
 578 endef
 579
 580 define Package/libiptc/install
 581         $(INSTALL_DIR) $(1)/usr/lib
 582         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
 583 endef
 584
 585 define Package/libip4tc/install
 586         $(INSTALL_DIR) $(1)/usr/lib
 587         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
 588         $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
 589 endef
 590
 591 define Package/libip6tc/install
 592         $(INSTALL_DIR) $(1)/usr/lib
 593         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
 594         $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
 595 endef
 596
 597 define Package/libxtables/install
 598         $(INSTALL_DIR) $(1)/usr/lib
 599         $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
 600         $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
 601 endef
 602
 603 define BuildPlugin
 604   define Package/$(1)/install
 605         $(INSTALL_DIR) $$(1)/usr/lib/iptables
 606         for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
 607                 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
 608                         $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
 609                 fi; \
 610         done
 611         $(3)
 612   endef
 613
 614   $$(eval $$(call BuildPackage,$(1)))
 615 endef
 616
 617 $(eval $(call BuildPackage,iptables))
 618 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
 619 $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
 620 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
 621 $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
 622 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
 623 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
 624 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
 625 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
 626 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
 627 $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
 628 $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
 629 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
 630 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
 631 $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
 632 $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
 633 $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
 634 $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
 635 $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
 636 $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
 637 $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
 638 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
 639 $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
 640 $(eval $(call BuildPackage,ip6tables))
 641 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
 642 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
 643 $(eval $(call BuildPackage,libiptc))
 644 $(eval $(call BuildPackage,libip4tc))
 645 $(eval $(call BuildPackage,libip6tc))
 646 $(eval $(call BuildPackage,libxtables))