From 7d7323bccd6df4917f3a97e54cb237ee3849ca17 Mon Sep 17 00:00:00 2001 From: Martin Strobel Date: Sat, 7 Jul 2018 09:24:30 +0200 Subject: [PATCH] iptables: add ip[6|]tables-compat packages + libxtables-compat depends on IPTABLES_NFTABLES allows iptables-compat to use nft packet filtering allows to translate iptables-style to nft-style Signed-off-by: Martin Strobel --- package/network/utils/iptables/Makefile | 59 +++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 8423701f07..9bcb864b97 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -106,6 +106,21 @@ IP firewall administration tool. endef +define Package/iptables-compat +$(call Package/iptables/Default) + TITLE:=IP firewall administration tool compat + DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-compat +endef + +define Package/iptables-compat/description +Extra iptables nftables compat binaries. + iptables-compat + iptables-compat-restore + iptables-compat-save + iptables-translate + iptables-restore-translate +endef + define Package/iptables-mod-conntrack-extra $(call Package/iptables/Module, +kmod-ipt-conntrack-extra) TITLE:=Extra connection tracking extensions @@ -438,6 +453,20 @@ $(call Package/iptables/Default) MENU:=1 endef +define Package/ip6tables-compat +$(call Package/iptables/Default) + DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-compat + TITLE:=IP firewall administration tool compat +endef + +define Package/ip6tables-compat/description +Extra ip6tables nftables compat binaries. + iptables-compat + iptables-compat-restore + iptables-compat-save + iptables-translate + iptables-restore-translate +endef define Package/ip6tables-extra $(call Package/iptables/Default) @@ -497,6 +526,15 @@ define Package/libxtables +IPTABLES_NFTABLES:libnftnl endef +define Package/libxtables-compat + $(call Package/iptables/Default) + SECTION:=libs + CATEGORY:=Libraries + TITLE:=IPv4/IPv6 firewall - shared xtables compat library + ABI_VERSION:=$(PKG_VERSION) + DEPENDS:=libxtables +endef + TARGET_CPPFLAGS := \ -I$(PKG_BUILD_DIR)/include \ -I$(LINUX_DIR)/user_headers/include \ @@ -574,11 +612,24 @@ define Package/iptables/install $(INSTALL_DIR) $(1)/usr/lib/iptables endef +define Package/iptables-compat/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-compat-multi $(1)/usr/sbin/ + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-compat{,-restore,-save} $(1)/usr/sbin/ + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/ +endef + define Package/ip6tables/install $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/ endef +define Package/ip6tables-compat/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-compat{,-restore,-save} $(1)/usr/sbin/ + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/ +endef + define Package/libiptc/install $(INSTALL_DIR) $(1)/usr/lib $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/ @@ -602,6 +653,11 @@ define Package/libxtables/install $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/ endef +define Package/libxtables-compat/install + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/ +endef + define BuildPlugin define Package/$(1)/install $(INSTALL_DIR) $$(1)/usr/lib/iptables @@ -617,6 +673,7 @@ define BuildPlugin endef $(eval $(call BuildPackage,iptables)) +$(eval $(call BuildPackage,iptables-compat)) $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m))) $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m))) @@ -640,9 +697,11 @@ $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m))) $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m))) $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m))) $(eval $(call BuildPackage,ip6tables)) +$(eval $(call BuildPackage,ip6tables-compat)) $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m))) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) $(eval $(call BuildPackage,libiptc)) $(eval $(call BuildPackage,libip4tc)) $(eval $(call BuildPackage,libip6tc)) $(eval $(call BuildPackage,libxtables)) +$(eval $(call BuildPackage,libxtables-compat)) -- 2.30.2