projects / openwrt / svn-archive / archive.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[backfire] backport r27648
[openwrt/svn-archive/archive.git] / package / iptables / Makefile
1 #
2 # Copyright (C) 2006-2011 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 include $(TOPDIR)/rules.mk
9 include $(INCLUDE_DIR)/kernel.mk
10
11 PKG_NAME:=iptables
12 PKG_VERSION:=1.4.6
13 PKG_RELEASE:=3
14
15 PKG_MD5SUM:=c67cf30e281a924def6426be0973df56
16 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17 PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
18 ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
19 ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
20 ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
21
22 PKG_FIXUP:=autoreconf
23
24 include $(INCLUDE_DIR)/package.mk
25 ifeq ($(DUMP),)
26 -include $(LINUX_DIR)/.config
27 include $(INCLUDE_DIR)/netfilter.mk
28 STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
29 endif
30
31
32 define Package/iptables/Default
33 SECTION:=net
34 CATEGORY:=Network
35 URL:=http://netfilter.org/
36 endef
37
38 define Package/iptables/Module
39 $(call Package/iptables/Default)
40 DEPENDS:=iptables $(1)
41 endef
42
43 define Package/iptables
44 $(call Package/iptables/Default)
45 TITLE:=IPv4 firewall administration tool
46 MENU:=1
47 DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
48 endef
49
50 define Package/iptables/description
51 IPv4 firewall administration tool.
52
53 Matches:
54 - icmp
55 - tcp
56 - udp
57 - comment
58 - limit
59 - mac
60 - multiport
61
62 Targets:
63 - ACCEPT
64 - DROP
65 - REJECT
66 - LOG
67 - TCPMSS
68
69 Tables:
70 - filter
71 - mangle
72
73 endef
74
75 define Package/iptables-mod-conntrack
76 $(call Package/iptables/Module, +kmod-ipt-conntrack)
77 TITLE:=Basic connection tracking extensions
78 endef
79
80 define Package/iptables-mod-conntrack/description
81 Basic iptables extensions for connection tracking.
82
83 Matches:
84 - state
85 - conntrack
86
87 Targets:
88 - NOTRACK
89
90 Tables:
91 - raw
92
93 endef
94
95 define Package/iptables-mod-conntrack-extra
96 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
97 TITLE:=Extra connection tracking extensions
98 endef
99
100 define Package/iptables-mod-conntrack-extra/description
101 Extra iptables extensions for connection tracking.
102
103 Matches:
104 - connbytes
105 - connmark
106 - recent
107 - helper
108
109 Targets:
110 - CONNMARK
111
112 endef
113
114 define Package/iptables-mod-filter
115 $(call Package/iptables/Module, +kmod-ipt-filter)
116 TITLE:=Content inspection extensions
117 endef
118
119 define Package/iptables-mod-filter/description
120 iptables extensions for packet content inspection.
121 Includes support for:
122
123 Matches:
124 - layer7
125 - string
126
127 endef
128
129 define Package/iptables-mod-imq
130 $(call Package/iptables/Module, +kmod-ipt-imq)
131 TITLE:=IMQ support
132 endef
133
134 define Package/iptables-mod-imq/description
135 iptables extension for IMQ support.
136
137 Targets:
138 - IMQ
139
140 endef
141
142 define Package/iptables-mod-ipopt
143 $(call Package/iptables/Module, +kmod-ipt-ipopt)
144 TITLE:=IP/Packet option extensions
145 endef
146
147 define Package/iptables-mod-ipopt/description
148 iptables extensions for matching/changing IP packet options.
149
150 Matches:
151 - dscp
152 - hashlimit
153 - ecn
154 - length
155 - mark
156 - statistic
157 - tcpmss
158 - time
159 - unclean
160 - hl
161
162 Targets:
163 - DSCP
164 - CLASSIFY
165 - ECN
166 - MARK
167 - HL
168
169 endef
170
171 define Package/iptables-mod-ipsec
172 $(call Package/iptables/Module, +kmod-ipt-ipsec)
173 TITLE:=IPsec extensions
174 endef
175
176 define Package/iptables-mod-ipsec/description
177 iptables extensions for matching ipsec traffic.
178
179 Matches:
180 - ah
181 - esp
182 - policy
183
184 endef
185
186 define Package/iptables-mod-ipset
187 $(call Package/iptables/Module, @LINUX_2_6)
188 TITLE:=IPset iptables extensions
189 endef
190
191 define Package/iptables-mod-ipset/description
192 IPset iptables extensions.
193
194 Matches:
195 - set
196
197 Targets:
198 - SET
199
200 endef
201
202 define Package/iptables-mod-nat
203 $(call Package/iptables/Module, +kmod-ipt-nat)
204 TITLE:=Basic NAT extensions
205 endef
206
207 define Package/iptables-mod-nat/description
208 iptables extensions for basic NAT targets.
209
210 Targets:
211 - SNAT
212 - DNAT
213 - MASQUERADE
214
215 Tables:
216 - nat
217
218 endef
219
220 define Package/iptables-mod-nat-extra
221 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
222 TITLE:=Extra NAT extensions
223 endef
224
225 define Package/iptables-mod-nat-extra/description
226 iptables extensions for extra NAT targets.
227
228 Targets:
229 - MIRROR
230 - NETMAP
231 - REDIRECT
232
233 endef
234
235 define Package/iptables-mod-ulog
236 $(call Package/iptables/Module, +kmod-ipt-ulog)
237 TITLE:=user-space packet logging
238 endef
239
240 define Package/iptables-mod-ulog/description
241 iptables extensions for user-space packet logging.
242
243 Targets:
244 - ULOG
245
246 endef
247
248 define Package/iptables-mod-hashlimit
249 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
250 TITLE:=hashlimit matching
251 endef
252
253 define Package/iptables-mod-hashlimit/description
254 iptables extensions for hashlimit matching
255
256 Matches:
257 - hashlimit
258
259 endef
260
261 define Package/iptables-mod-iprange
262 $(call Package/iptables/Module, +kmod-ipt-iprange)
263 TITLE:=IP range extension
264 endef
265
266 define Package/iptables-mod-iprange/description
267 iptables extensions for matching ip ranges.
268
269 Matches:
270 - iprange
271
272 endef
273
274 define Package/iptables-mod-extra
275 $(call Package/iptables/Module, +kmod-ipt-extra)
276 TITLE:=Other extra iptables extensions
277 endef
278
279 define Package/iptables-mod-extra/description
280 Other extra iptables extensions.
281
282 Matches:
283 - condition
284 - owner
285 - physdev (if ebtables is enabled)
286 - pkttype
287 - quota
288
289 endef
290
291 define Package/iptables-utils
292 $(call Package/iptables/Module, )
293 TITLE:=iptables save and restore utilities
294 endef
295
296 define Package/ip6tables
297 $(call Package/iptables/Default)
298 DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
299 CATEGORY:=IPv6
300 TITLE:=IPv6 firewall administration tool
301 MENU:=1
302 endef
303
304 define Package/ip6tables-utils
305 $(call Package/iptables/Default)
306 DEPENDS:=ip6tables
307 CATEGORY:=IPv6
308 TITLE:=ip6tables save and restore utilities
309 endef
310
311 define Package/libiptc
312 $(call Package/iptables/Default)
313 SECTION:=libs
314 CATEGORY:=Libraries
315 DEPENDS:=+libip4tc +libip6tc
316 TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
317 endef
318
319 define Package/libip4tc
320 $(call Package/iptables/Default)
321 SECTION:=libs
322 CATEGORY:=Libraries
323 TITLE:=IPv4 firewall - shared libiptc library
324 endef
325
326 define Package/libip6tc
327 $(call Package/iptables/Default)
328 SECTION:=libs
329 CATEGORY:=Libraries
330 TITLE:=IPv6 firewall - shared libiptc library
331 endef
332
333 define Package/libxtables
334 $(call Package/iptables/Default)
335 SECTION:=libs
336 CATEGORY:=Libraries
337 TITLE:=IPv4/IPv6 firewall - shared xtables library
338 endef
339
340
341 TARGET_CPPFLAGS := \
342 -I$(PKG_BUILD_DIR)/include \
343 -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
344 $(TARGET_CPPFLAGS)
345
346 CONFIGURE_ARGS += \
347 --enable-shared \
348 --enable-devel \
349 --enable-ipv6 \
350 --with-kernel="$(LINUX_DIR)" \
351 --with-xtlibdir=/usr/lib/iptables
352
353 IPTABLES_MAKEOPTS = \
354 $(TARGET_CONFIGURE_OPTS) \
355 COPT_FLAGS="$(TARGET_CFLAGS)" \
356 LDFLAGS="-rdynamic -static-libgcc" \
357 KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
358 KBUILD_OUTPUT="$(LINUX_DIR)" \
359 DESTDIR="$(PKG_INSTALL_DIR)" \
360 $(MAKE_TARGETS)
361
362 define Build/Compile
363 $(INSTALL_DIR) $(PKG_INSTALL_DIR)
364 $(MAKE) -C $(PKG_BUILD_DIR) $(IPTABLES_MAKEOPTS)
365 $(MAKE) -C $(PKG_BUILD_DIR) $(IPTABLES_MAKEOPTS) install
366 $(MAKE) -C $(PKG_BUILD_DIR)/libipq $(IPTABLES_MAKEOPTS)
367 $(MAKE) -C $(PKG_BUILD_DIR)/libipq $(IPTABLES_MAKEOPTS) install
368 endef
369
370 define Build/InstallDev
371 $(INSTALL_DIR) $(1)/usr/include
372 $(INSTALL_DIR) $(1)/usr/include/iptables
373 $(INSTALL_DIR) $(1)/usr/include/net/netfilter
374
375 # XXX: iptables header fixup, some headers are not installed by iptables anymore
376 $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
377 $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
378 $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
379 $(CP) $(PKG_BUILD_DIR)/include/libipq/libipq.h $(1)/usr/include/
380 $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
381 $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
382
383 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
384 $(INSTALL_DIR) $(1)/usr/lib
385 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
386 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
387 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.a $(1)/usr/lib/
388 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
389 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
390 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
391 endef
392
393 define Package/iptables/install
394 $(INSTALL_DIR) $(1)/usr/sbin
395 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
396 $(INSTALL_DIR) $(1)/usr/lib/iptables
397 (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
398 for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
399 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
400 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
401 fi; \
402 done \
403 )
404 endef
405
406 define Package/iptables-utils/install
407 $(INSTALL_DIR) $(1)/usr/sbin
408 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables-multi $(1)/usr/sbin/
409 $(LN) iptables-multi $(1)/usr/sbin/iptables-save
410 $(LN) iptables-multi $(1)/usr/sbin/iptables-restore
411 endef
412
413 define Package/ip6tables/install
414 $(INSTALL_DIR) $(1)/usr/sbin
415 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
416 $(INSTALL_DIR) $(1)/usr/lib/iptables
417 (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
418 $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
419 )
420 endef
421
422 define Package/ip6tables-utils/install
423 $(INSTALL_DIR) $(1)/usr/sbin
424 $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-multi $(1)/usr/sbin/
425 $(LN) ip6tables-multi $(1)/usr/sbin/ip6tables-save
426 $(LN) ip6tables-multi $(1)/usr/sbin/ip6tables-restore
427 endef
428
429 define Package/libiptc/install
430 $(INSTALL_DIR) $(1)/usr/lib
431 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
432 endef
433
434 define Package/libip4tc/install
435 $(INSTALL_DIR) $(1)/usr/lib
436 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
437 endef
438
439 define Package/libip6tc/install
440 $(INSTALL_DIR) $(1)/usr/lib
441 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
442 endef
443
444 define Package/libxtables/install
445 $(INSTALL_DIR) $(1)/usr/lib
446 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
447 endef
448
449 define BuildPlugin
450 define Package/$(1)/install
451 $(INSTALL_DIR) $$(1)/usr/lib/iptables
452 for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
453 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
454 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
455 fi; \
456 done
457 $(3)
458 endef
459
460 $$(eval $$(call BuildPackage,$(1)))
461 endef
462
463 L7_INSTALL:=\
464 $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
465 $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
466
467
468 $(eval $(call BuildPackage,iptables))
469 $(eval $(call BuildPackage,iptables-utils))
470 $(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
471 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
472 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
473 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
474 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
475 $(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
476 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
477 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
478 $(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
479 $(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
480 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
481 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
482 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
483 $(eval $(call BuildPackage,ip6tables))
484 $(eval $(call BuildPackage,ip6tables-utils))
485 $(eval $(call BuildPackage,libiptc))
486 $(eval $(call BuildPackage,libip4tc))
487 $(eval $(call BuildPackage,libip6tc))
488 $(eval $(call BuildPackage,libxtables))
OpenWrt SVN history