projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
procd: make mDNS TXT record parsing more solid
[openwrt/openwrt.git] / package / network / utils / iptables / Makefile
1 #
2 # Copyright (C) 2006-2016 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9 include $(INCLUDE_DIR)/kernel.mk
10
11 PKG_NAME:=iptables
12 PKG_VERSION:=1.8.7
13 PKG_RELEASE:=7
14
15 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17 PKG_HASH:=c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0
18
19 PKG_FIXUP:=autoreconf
20 PKG_FLAGS:=nonshared
21
22 PKG_INSTALL:=1
23 PKG_BUILD_PARALLEL:=1
24 PKG_LICENSE:=GPL-2.0
25 PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
26
27 include $(INCLUDE_DIR)/package.mk
28 ifeq ($(DUMP),)
29 -include $(LINUX_DIR)/.config
30 include $(INCLUDE_DIR)/netfilter.mk
31 STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
32 endif
33
34
35 define Package/iptables/Default
36 SECTION:=net
37 CATEGORY:=Network
38 SUBMENU:=Firewall
39 URL:=https://netfilter.org/
40 endef
41
42 define Package/iptables/Module
43 $(call Package/iptables/Default)
44 DEPENDS:=+libxtables $(1)
45 endef
46
47 define Package/xtables-legacy
48 $(call Package/iptables/Default)
49 TITLE:=IP firewall administration tool
50 DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
51 endef
52
53 define Package/iptables-zz-legacy
54 $(call Package/iptables/Default)
55 TITLE:=IP firewall administration tool
56 DEPENDS+= +xtables-legacy
57 PROVIDES:=iptables iptables-legacy
58 ALTERNATIVES:=\
59 200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
60 200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
61 200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
62 endef
63
64 define Package/iptables-zz-legacy/description
65 IP firewall administration tool.
66
67 Matches:
68 - icmp
69 - tcp
70 - udp
71 - comment
72 - conntrack
73 - limit
74 - mac
75 - mark
76 - multiport
77 - set
78 - state
79 - time
80
81 Targets:
82 - ACCEPT
83 - CT
84 - DNAT
85 - DROP
86 - REJECT
87 - FLOWOFFLOAD
88 - LOG
89 - MARK
90 - MASQUERADE
91 - REDIRECT
92 - SET
93 - SNAT
94 - TCPMSS
95
96 Tables:
97 - filter
98 - mangle
99 - nat
100 - raw
101
102 endef
103
104 define Package/xtables-nft
105 $(call Package/iptables/Default)
106 TITLE:=IP firewall administration tool nft
107 DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
108 endef
109
110 define Package/arptables-nft
111 $(call Package/iptables/Default)
112 DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
113 TITLE:=ARP firewall administration tool nft
114 PROVIDES:=arptables
115 ALTERNATIVES:=\
116 300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \
117 300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \
118 300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi
119 endef
120
121 define Package/ebtables-nft
122 $(call Package/iptables/Default)
123 DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
124 TITLE:=Bridge firewall administration tool nft
125 PROVIDES:=ebtables
126 ALTERNATIVES:=\
127 300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \
128 300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \
129 300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi
130 endef
131
132 define Package/iptables-nft
133 $(call Package/iptables/Default)
134 TITLE:=IP firewall administration tool nft
135 DEPENDS:=+kmod-ipt-core +xtables-nft
136 PROVIDES:=iptables
137 ALTERNATIVES:=\
138 300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
139 300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
140 300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
141 endef
142
143 define Package/iptables-nft/description
144 Extra iptables nftables nft binaries.
145 iptables-nft
146 iptables-nft-restore
147 iptables-nft-save
148 iptables-translate
149 iptables-restore-translate
150 endef
151
152 define Package/iptables-mod-conntrack-extra
153 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
154 TITLE:=Extra connection tracking extensions
155 endef
156
157 define Package/iptables-mod-conntrack-extra/description
158 Extra iptables extensions for connection tracking.
159
160 Matches:
161 - connbytes
162 - connlimit
163 - connmark
164 - recent
165 - helper
166
167 Targets:
168 - CONNMARK
169
170 endef
171
172 define Package/iptables-mod-conntrack-label
173 $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
174 TITLE:=Connection tracking labeling extension
175 DEFAULT:=y if IPTABLES_CONNLABEL
176 endef
177
178 define Package/iptables-mod-conntrack-label/description
179 Match and set label(s) on connection tracking entries
180
181 Matches:
182 - connlabel
183
184 endef
185
186 define Package/iptables-mod-filter
187 $(call Package/iptables/Module, +kmod-ipt-filter)
188 TITLE:=Content inspection extensions
189 endef
190
191 define Package/iptables-mod-filter/description
192 iptables extensions for packet content inspection.
193 Includes support for:
194
195 Matches:
196 - string
197 - bpf
198
199 endef
200
201 define Package/iptables-mod-ipopt
202 $(call Package/iptables/Module, +kmod-ipt-ipopt)
203 TITLE:=IP/Packet option extensions
204 endef
205
206 define Package/iptables-mod-ipopt/description
207 iptables extensions for matching/changing IP packet options.
208
209 Matches:
210 - dscp
211 - ecn
212 - length
213 - statistic
214 - tcpmss
215 - unclean
216 - hl
217
218 Targets:
219 - DSCP
220 - CLASSIFY
221 - ECN
222 - HL
223
224 endef
225
226 define Package/iptables-mod-ipsec
227 $(call Package/iptables/Module, +kmod-ipt-ipsec)
228 TITLE:=IPsec extensions
229 endef
230
231 define Package/iptables-mod-ipsec/description
232 iptables extensions for matching ipsec traffic.
233
234 Matches:
235 - ah
236 - esp
237 - policy
238
239 endef
240
241 define Package/iptables-mod-nat-extra
242 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
243 TITLE:=Extra NAT extensions
244 endef
245
246 define Package/iptables-mod-nat-extra/description
247 iptables extensions for extra NAT targets.
248
249 Targets:
250 - MIRROR
251 - NETMAP
252 endef
253
254 define Package/iptables-mod-nflog
255 $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
256 TITLE:=Netfilter NFLOG target
257 endef
258
259 define Package/iptables-mod-nflog/description
260 iptables extension for user-space logging via NFNETLINK.
261
262 Includes:
263 - libxt_NFLOG
264
265 endef
266
267 define Package/iptables-mod-trace
268 $(call Package/iptables/Module, +kmod-ipt-debug)
269 TITLE:=Netfilter TRACE target
270 endef
271
272 define Package/iptables-mod-trace/description
273 iptables extension for TRACE target
274
275 Includes:
276 - libxt_TRACE
277
278 endef
279
280
281 define Package/iptables-mod-nfqueue
282 $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
283 TITLE:=Netfilter NFQUEUE target
284 endef
285
286 define Package/iptables-mod-nfqueue/description
287 iptables extension for user-space queuing via NFNETLINK.
288
289 Includes:
290 - libxt_NFQUEUE
291
292 endef
293
294 define Package/iptables-mod-hashlimit
295 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
296 TITLE:=hashlimit matching
297 endef
298
299 define Package/iptables-mod-hashlimit/description
300 iptables extensions for hashlimit matching
301
302 Matches:
303 - hashlimit
304
305 endef
306
307 define Package/iptables-mod-rpfilter
308 $(call Package/iptables/Module, +kmod-ipt-rpfilter)
309 TITLE:=rpfilter iptables extension
310 endef
311
312 define Package/iptables-mod-rpfilter/description
313 iptables extensions for reverse path filter test on a packet
314
315 Matches:
316 - rpfilter
317
318 endef
319
320 define Package/iptables-mod-iprange
321 $(call Package/iptables/Module, +kmod-ipt-iprange)
322 TITLE:=IP range extension
323 endef
324
325 define Package/iptables-mod-iprange/description
326 iptables extensions for matching ip ranges.
327
328 Matches:
329 - iprange
330
331 endef
332
333 define Package/iptables-mod-cluster
334 $(call Package/iptables/Module, +kmod-ipt-cluster)
335 TITLE:=Match cluster extension
336 endef
337
338 define Package/iptables-mod-cluster/description
339 iptables extensions for matching cluster.
340
341 Netfilter (IPv4/IPv6) module for matching cluster
342 This option allows you to build work-load-sharing clusters of
343 network servers/stateful firewalls without having a dedicated
344 load-balancing router/server/switch. Basically, this match returns
345 true when the packet must be handled by this cluster node. Thus,
346 all nodes see all packets and this match decides which node handles
347 what packets. The work-load sharing algorithm is based on source
348 address hashing.
349
350 This module is usable for ipv4 and ipv6.
351
352 If you select it, it enables kmod-ipt-cluster.
353
354 see `iptables -m cluster --help` for more information.
355 endef
356
357 define Package/iptables-mod-clusterip
358 $(call Package/iptables/Module, +kmod-ipt-clusterip)
359 TITLE:=Clusterip extension
360 endef
361
362 define Package/iptables-mod-clusterip/description
363 iptables extensions for CLUSTERIP.
364 The CLUSTERIP target allows you to build load-balancing clusters of
365 network servers without having a dedicated load-balancing
366 router/server/switch.
367
368 If you select it, it enables kmod-ipt-clusterip.
369
370 see `iptables -j CLUSTERIP --help` for more information.
371 endef
372
373 define Package/iptables-mod-extra
374 $(call Package/iptables/Module, +kmod-ipt-extra)
375 TITLE:=Other extra iptables extensions
376 endef
377
378 define Package/iptables-mod-extra/description
379 Other extra iptables extensions.
380
381 Matches:
382 - addrtype
383 - condition
384 - owner
385 - pkttype
386 - quota
387
388 endef
389
390 define Package/iptables-mod-physdev
391 $(call Package/iptables/Module, +kmod-ipt-physdev)
392 TITLE:=physdev iptables extension
393 endef
394
395 define Package/iptables-mod-physdev/description
396 The iptables physdev match.
397 endef
398
399 define Package/iptables-mod-led
400 $(call Package/iptables/Module, +kmod-ipt-led)
401 TITLE:=LED trigger iptables extension
402 endef
403
404 define Package/iptables-mod-led/description
405 iptables extension for triggering a LED.
406
407 Targets:
408 - LED
409
410 endef
411
412 define Package/iptables-mod-socket
413 $(call Package/iptables/Module, +kmod-ipt-socket)
414 TITLE:=Socket match iptables extensions
415 endef
416
417 define Package/iptables-mod-socket/description
418 Socket match iptables extensions.
419
420 Matches:
421 - socket
422
423 endef
424
425 define Package/iptables-mod-tproxy
426 $(call Package/iptables/Module, +kmod-ipt-tproxy)
427 TITLE:=Transparent proxy iptables extensions
428 endef
429
430 define Package/iptables-mod-tproxy/description
431 Transparent proxy iptables extensions.
432
433 Targets:
434 - TPROXY
435
436 endef
437
438 define Package/iptables-mod-tee
439 $(call Package/iptables/Module, +kmod-ipt-tee)
440 TITLE:=TEE iptables extensions
441 endef
442
443 define Package/iptables-mod-tee/description
444 TEE iptables extensions.
445
446 Targets:
447 - TEE
448
449 endef
450
451 define Package/iptables-mod-u32
452 $(call Package/iptables/Module, +kmod-ipt-u32)
453 TITLE:=U32 iptables extensions
454 endef
455
456 define Package/iptables-mod-u32/description
457 U32 iptables extensions.
458
459 Matches:
460 - u32
461
462 endef
463
464 define Package/iptables-mod-checksum
465 $(call Package/iptables/Module, +kmod-ipt-checksum)
466 TITLE:=IP CHECKSUM target extension
467 endef
468
469 define Package/iptables-mod-checksum/description
470 iptables extension for the CHECKSUM calculation target
471 endef
472
473 define Package/ip6tables-zz-legacy
474 $(call Package/iptables/Default)
475 DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
476 CATEGORY:=Network
477 TITLE:=IPv6 firewall administration tool
478 PROVIDES:=ip6tables ip6tables-legacy
479 ALTERNATIVES:=\
480 200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
481 200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
482 200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
483 endef
484
485 define Package/ip6tables-nft
486 $(call Package/iptables/Default)
487 DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
488 TITLE:=IP firewall administration tool nft
489 PROVIDES:=ip6tables
490 ALTERNATIVES:=\
491 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
492 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
493 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
494 endef
495
496 define Package/ip6tables-nft/description
497 Extra ip6tables nftables nft binaries.
498 ip6tables-nft
499 ip6tables-nft-restore
500 ip6tables-nft-save
501 ip6tables-translate
502 ip6tables-restore-translate
503 endef
504
505 define Package/ip6tables-extra
506 $(call Package/iptables/Default)
507 DEPENDS:=+libxtables +kmod-ip6tables-extra
508 TITLE:=IPv6 header matching modules
509 endef
510
511 define Package/ip6tables-extra/description
512 iptables header matching modules for IPv6
513 endef
514
515 define Package/ip6tables-mod-nat
516 $(call Package/iptables/Default)
517 DEPENDS:=+libxtables +kmod-ipt-nat6
518 TITLE:=IPv6 NAT extensions
519 endef
520
521 define Package/ip6tables-mod-nat/description
522 iptables extensions for IPv6-NAT targets.
523 endef
524
525 define Package/libip4tc
526 $(call Package/iptables/Default)
527 SECTION:=libs
528 CATEGORY:=Libraries
529 TITLE:=IPv4 firewall - shared libiptc library
530 ABI_VERSION:=2
531 endef
532
533 define Package/libip6tc
534 $(call Package/iptables/Default)
535 SECTION:=libs
536 CATEGORY:=Libraries
537 TITLE:=IPv6 firewall - shared libiptc library
538 ABI_VERSION:=2
539 endef
540
541 define Package/libiptext
542 $(call Package/iptables/Default)
543 SECTION:=libs
544 CATEGORY:=Libraries
545 TITLE:=IPv4 firewall - shared libiptext library
546 ABI_VERSION:=0
547 DEPENDS:=+libxtables
548 endef
549
550 define Package/libiptext6
551 $(call Package/iptables/Default)
552 SECTION:=libs
553 CATEGORY:=Libraries
554 TITLE:=IPv6 firewall - shared libiptext library
555 ABI_VERSION:=0
556 DEPENDS:=+libxtables
557 endef
558
559 define Package/libiptext-nft
560 $(call Package/iptables/Default)
561 SECTION:=libs
562 CATEGORY:=Libraries
563 TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
564 ABI_VERSION:=0
565 DEPENDS:=+libxtables
566 endef
567
568 define Package/libxtables
569 $(call Package/iptables/Default)
570 SECTION:=libs
571 CATEGORY:=Libraries
572 TITLE:=IPv4/IPv6 firewall - shared xtables library
573 MENU:=1
574 ABI_VERSION:=12
575 DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
576 endef
577
578 define Package/libxtables/config
579 config IPTABLES_CONNLABEL
580 bool "Enable Connlabel support"
581 default n
582 help
583 This enable connlabel support in iptables.
584 endef
585
586 TARGET_CPPFLAGS := \
587 -I$(PKG_BUILD_DIR)/include \
588 -I$(LINUX_DIR)/user_headers/include \
589 $(TARGET_CPPFLAGS)
590
591 TARGET_CFLAGS += \
592 -I$(PKG_BUILD_DIR)/include \
593 -I$(LINUX_DIR)/user_headers/include \
594 -ffunction-sections -fdata-sections \
595 -DNO_LEGACY
596
597 TARGET_LDFLAGS += \
598 -Wl,--gc-sections
599
600 CONFIGURE_ARGS += \
601 --enable-shared \
602 --enable-static \
603 --enable-devel \
604 --with-kernel="$(LINUX_DIR)/user_headers" \
605 --with-xtlibdir=/usr/lib/iptables \
606 --with-xt-lock-name=/var/run/xtables.lock \
607 $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
608 $(if $(CONFIG_IPV6),,--disable-ipv6)
609
610 MAKE_FLAGS := \
611 $(TARGET_CONFIGURE_OPTS) \
612 COPT_FLAGS="$(TARGET_CFLAGS)" \
613 KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
614 KBUILD_OUTPUT="$(LINUX_DIR)" \
615 BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
616
617 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
618 define Build/Configure/rebuild
619 $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
620 rm -f $(PKG_BUILD_DIR)/.config_*
621 rm -f $(PKG_BUILD_DIR)/.configured_*
622 touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
623 endef
624 endif
625
626 define Build/Configure
627 $(Build/Configure/rebuild)
628 $(Build/Configure/Default)
629 endef
630
631 define Build/InstallDev
632 $(INSTALL_DIR) $(1)/usr/include
633 $(INSTALL_DIR) $(1)/usr/include/iptables
634 $(INSTALL_DIR) $(1)/usr/include/net/netfilter
635
636 # XXX: iptables header fixup, some headers are not installed by iptables anymore
637 $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
638 $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
639 $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
640 $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
641 $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
642
643 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
644 $(INSTALL_DIR) $(1)/usr/lib
645 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
646 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
647 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
648 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
649 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
650
651 # XXX: needed by firewall3
652 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
653 endef
654
655 define Package/xtables-legacy/install
656 $(INSTALL_DIR) $(1)/usr/sbin
657 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
658 endef
659
660 define Package/iptables-zz-legacy/install
661 $(INSTALL_DIR) $(1)/usr/sbin
662 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
663 $(INSTALL_DIR) $(1)/usr/lib/iptables
664 endef
665
666 define Package/xtables-nft/install
667 $(INSTALL_DIR) $(1)/usr/sbin
668 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
669 endef
670
671 define Package/arptables-nft/install
672 $(INSTALL_DIR) $(1)/usr/sbin
673 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/
674 $(INSTALL_DIR) $(1)/usr/lib/iptables
675 $(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
676 endef
677
678 define Package/ebtables-nft/install
679 $(INSTALL_DIR) $(1)/usr/sbin
680 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/
681 $(INSTALL_DIR) $(1)/usr/lib/iptables
682 $(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
683 endef
684
685 define Package/iptables-nft/install
686 $(INSTALL_DIR) $(1)/usr/sbin
687 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
688 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
689 endef
690
691 define Package/ip6tables-zz-legacy/install
692 $(INSTALL_DIR) $(1)/usr/sbin
693 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
694 endef
695
696 define Package/ip6tables-nft/install
697 $(INSTALL_DIR) $(1)/usr/sbin
698 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
699 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
700 endef
701
702 define Package/libip4tc/install
703 $(INSTALL_DIR) $(1)/usr/lib
704 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
705 endef
706
707 define Package/libip6tc/install
708 $(INSTALL_DIR) $(1)/usr/lib
709 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
710 endef
711
712 define Package/libiptext/install
713 $(INSTALL_DIR) $(1)/usr/lib
714 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
715 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
716 endef
717
718 define Package/libiptext6/install
719 $(INSTALL_DIR) $(1)/usr/lib
720 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
721 endef
722
723 define Package/libiptext-nft/install
724 $(INSTALL_DIR) $(1)/usr/lib
725 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
726 endef
727
728 define Package/libxtables/install
729 $(INSTALL_DIR) $(1)/usr/lib
730 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
731 endef
732
733 define BuildPlugin
734 define Package/$(1)/install
735 $(INSTALL_DIR) $$(1)/usr/lib/iptables
736 for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
737 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
738 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
739 fi; \
740 done
741 $(3)
742 endef
743
744 $$(eval $$(call BuildPackage,$(1)))
745 endef
746
747 $(eval $(call BuildPackage,libxtables))
748 $(eval $(call BuildPackage,libip4tc))
749 $(eval $(call BuildPackage,libip6tc))
750 $(eval $(call BuildPackage,libiptext))
751 $(eval $(call BuildPackage,libiptext6))
752 $(eval $(call BuildPackage,libiptext-nft))
753 $(eval $(call BuildPackage,xtables-legacy))
754 $(eval $(call BuildPackage,xtables-nft))
755 $(eval $(call BuildPackage,arptables-nft))
756 $(eval $(call BuildPackage,ebtables-nft))
757 $(eval $(call BuildPackage,iptables-nft))
758 $(eval $(call BuildPackage,iptables-zz-legacy))
759 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
760 $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
761 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
762 $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
763 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
764 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
765 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
766 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
767 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
768 $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
769 $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
770 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
771 $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
772 $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
773 $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
774 $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
775 $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
776 $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
777 $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
778 $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
779 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
780 $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
781 $(eval $(call BuildPackage,ip6tables-nft))
782 $(eval $(call BuildPackage,ip6tables-zz-legacy))
783 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
784 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
785
OpenWrt Source Repository