firewall3: fix mark rules for local traffic, fix race condition

[openwrt/openwrt.git] / package / network / config / firewall / Makefile
diff --git a/package/network/config/firewall/Makefile b/package/network/config/firewall/Makefile

index 16a683c48a698eeaf5770485af2a75f1f0c9eada..ffce0c37bfa0bd12f974a221c81dbc74370ef201 100644 (file)
--- a/package/network/config/firewall/Makefile
+++ b/package/network/config/firewall/Makefile
@@ -1,34 +1,39 @@
  #
-# Copyright (C) 2008-2012 OpenWrt.org
+# Copyright (C) 2013-2016 OpenWrt.org
+# Copyright (C) 2016 LEDE project
  #
  # This is free software, licensed under the GNU General Public License v2.
  # See /LICENSE for more information.
+#
  
  include $(TOPDIR)/rules.mk
  
  PKG_NAME:=firewall
+PKG_VERSION:=2016-05-02
+PKG_RELEASE:=$(PKG_SOURCE_VERSION)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL=$(OPENWRT_GIT)/project/firewall3.git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=6cccf1ba7f0c3eb34ef4a7adc6af501376bfa875
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+PKG_LICENSE:=ISC
  
-PKG_VERSION:=2
-PKG_RELEASE:=54
+PKG_CONFIG_DEPENDS := CONFIG_IPV6
  
  include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
  
  define Package/firewall
    SECTION:=net
    CATEGORY:=Base system
-  URL:=http://openwrt.org/
-  TITLE:=OpenWrt firewall
-  MAINTAINER:=Jo-Philipp Wich <xm@subsignal.org>
-  DEPENDS:=+iptables +kmod-ipt-conntrack +kmod-ipt-nat
-  PKGARCH:=all
+  TITLE:=OpenWrt C Firewall
+  DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +kmod-ipt-nat
  endef
  
  define Package/firewall/description
- UCI based firewall for OpenWrt
-endef
-
-define Build/Compile
-       true
+ This package provides a config-compatible C implementation of the UCI firewall.
  endef
  
  define Package/firewall/conffiles
@@ -36,23 +41,21 @@ define Package/firewall/conffiles
  /etc/firewall.user
  endef
  
+TARGET_CFLAGS += -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+CMAKE_OPTIONS += $(if $(CONFIG_IPV6),,-DDISABLE_IPV6=1)
+
  define Package/firewall/install
-       $(INSTALL_DIR) $(1)/lib/firewall
-       $(INSTALL_DATA) ./files/lib/*.sh $(1)/lib/firewall
         $(INSTALL_DIR) $(1)/sbin
-       $(INSTALL_BIN) ./files/bin/fw $(1)/sbin
-       $(INSTALL_DIR) $(1)/etc/config
-       $(INSTALL_DATA) ./files/firewall.config $(1)/etc/config/firewall
-       $(INSTALL_DIR) $(1)/etc/init.d/
+       $(INSTALL_BIN) $(PKG_BUILD_DIR)/firewall3 $(1)/sbin/fw3
+       $(INSTALL_DIR) $(1)/etc/init.d
         $(INSTALL_BIN) ./files/firewall.init $(1)/etc/init.d/firewall
         $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
         $(INSTALL_DATA) ./files/firewall.hotplug $(1)/etc/hotplug.d/iface/20-firewall
-       $(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
-       $(INSTALL_DATA) ./files/reflection.hotplug $(1)/etc/hotplug.d/firewall/10-nat-reflection
-       $(INSTALL_DIR) $(1)/etc
-       $(INSTALL_DATA) ./files/firewall.user $(1)/etc
-       $(INSTALL_DIR) $(1)/lib/upgrade/keep.d
-       $(INSTALL_DATA) ./files/firewall.upgrade $(1)/lib/upgrade/keep.d/firewall
+       $(INSTALL_DIR) $(1)/etc/config/
+       $(INSTALL_DATA) ./files/firewall.config $(1)/etc/config/firewall
+       $(INSTALL_DIR) $(1)/etc/
+       $(INSTALL_DATA) ./files/firewall.user $(1)/etc/firewall.user
  endef
  
  $(eval $(call BuildPackage,firewall))