Startseite Erkunden Hilfe
Anmelden
OpenWrt
/
openwrt
Mirror von https://github.com/openwrt/openwrt.git
2
0
Fork 0
Dateien Issues 0 Wiki
Struktur: 0538dc693b
Branches Tags
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 18 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.8.7
    13. 

  13. PKG_RELEASE:=2
    14. 

  14. 

  15. PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
    16. 

  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
    17. 

  17. PKG_HASH:=c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0
    18. 

  18. 

  19. PKG_FIXUP:=autoreconf
    20. 

  20. PKG_FLAGS:=nonshared
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_PARALLEL:=1
    24. 

  24. PKG_LICENSE:=GPL-2.0
    25. 

  25. PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
    26. 

  26. 

  27. include $(INCLUDE_DIR)/package.mk
    28. 

  28. ifeq ($(DUMP),)
    29. 

  29.   -include $(LINUX_DIR)/.config
    30. 

  30.   include $(INCLUDE_DIR)/netfilter.mk
    31. 

  31.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
    32. 

  32. endif
    33. 

  33. 

  34. 

  35. define Package/iptables/Default
    36. 

  36.   SECTION:=net
    37. 

  37.   CATEGORY:=Network
    38. 

  38.   SUBMENU:=Firewall
    39. 

  39.   URL:=https://netfilter.org/
    40. 

  40. endef
    41. 

  41. 

  42. define Package/iptables/Module
    43. 

  43. $(call Package/iptables/Default)
    44. 

  44.   DEPENDS:=+iptables $(1)
    45. 

  45. endef
    46. 

  46. 

  47. define Package/iptables
    48. 

  48. $(call Package/iptables/Default)
    49. 

  49.   TITLE:=IP firewall administration tool
    50. 

  50.   MENU:=1
    51. 

  51.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
    52. 

  52.   ALTERNATIVES:=\
    53. 

  53.     200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
    54. 

  54.     200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
    55. 

  55.     200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
    56. 

  56. endef
    57. 

  57. 

  58. define Package/iptables/config
    59. 

  59.   config IPTABLES_CONNLABEL
    60. 

  60. 	bool "Enable Connlabel support"
    61. 

  61. 	default n
    62. 

  62. 	help
    63. 

  63. 		This enable connlabel support in iptables.
    64. 

  64. 

  65.   config IPTABLES_NFTABLES
    66. 

  66. 	bool "Enable Nftables support"
    67. 

  67. 	default y
    68. 

  68. 	help
    69. 

  69. 		This enable nftables support in iptables.
    70. 

  70. endef
    71. 

  71. 

  72. define Package/iptables/description
    73. 

  73. IP firewall administration tool.
    74. 

  74. 

  75.  Matches:
    76. 

  76.   - icmp
    77. 

  77.   - tcp
    78. 

  78.   - udp
    79. 

  79.   - comment
    80. 

  80.   - conntrack
    81. 

  81.   - limit
    82. 

  82.   - mac
    83. 

  83.   - mark
    84. 

  84.   - multiport
    85. 

  85.   - set
    86. 

  86.   - state
    87. 

  87.   - time
    88. 

  88. 

  89.  Targets:
    90. 

  90.   - ACCEPT
    91. 

  91.   - CT
    92. 

  92.   - DNAT
    93. 

  93.   - DROP
    94. 

  94.   - REJECT
    95. 

  95.   - FLOWOFFLOAD
    96. 

  96.   - LOG
    97. 

  97.   - MARK
    98. 

  98.   - MASQUERADE
    99. 

  99.   - REDIRECT
    100. 

  100.   - SET
    101. 

  101.   - SNAT
    102. 

  102.   - TCPMSS
    103. 

  103. 

  104.  Tables:
    105. 

  105.   - filter
    106. 

  106.   - mangle
    107. 

  107.   - nat
    108. 

  108.   - raw
    109. 

  109. 

  110. endef
    111. 

  111. 

  112. define Package/iptables-nft
    113. 

  113. $(call Package/iptables/Default)
    114. 

  114.   TITLE:=IP firewall administration tool nft
    115. 

  115.   DEPENDS:=@IPTABLES_NFTABLES +libxtables-nft +libip4tc +IPV6:libip6tc +kmod-ipt-core +kmod-nft-compat
    116. 

  116.   ALTERNATIVES:=\
    117. 

  117.     300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
    118. 

  118.     300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
    119. 

  119.     300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
    120. 

  120. endef
    121. 

  121. 

  122. define Package/iptables-nft/description
    123. 

  123. Extra iptables nftables nft binaries.
    124. 

  124.   iptables-nft
    125. 

  125.   iptables-nft-restore
    126. 

  126.   iptables-nft-save
    127. 

  127.   iptables-translate
    128. 

  128.   iptables-restore-translate
    129. 

  129. endef
    130. 

  130. 

  131. define Package/iptables-mod-conntrack-extra
    132. 

  132. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
    133. 

  133.   TITLE:=Extra connection tracking extensions
    134. 

  134. endef
    135. 

  135. 

  136. define Package/iptables-mod-conntrack-extra/description
    137. 

  137. Extra iptables extensions for connection tracking.
    138. 

  138. 

  139.  Matches:
    140. 

  140.   - connbytes
    141. 

  141.   - connlimit
    142. 

  142.   - connmark
    143. 

  143.   - recent
    144. 

  144.   - helper
    145. 

  145. 

  146.  Targets:
    147. 

  147.   - CONNMARK
    148. 

  148. 

  149. endef
    150. 

  150. 

  151. define Package/iptables-mod-conntrack-label
    152. 

  152. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    153. 

  153.   TITLE:=Connection tracking labeling extension
    154. 

  154.   DEFAULT:=y if IPTABLES_CONNLABEL
    155. 

  155. endef
    156. 

  156. 

  157. define Package/iptables-mod-conntrack-label/description
    158. 

  158. Match and set label(s) on connection tracking entries
    159. 

  159. 

  160.  Matches:
    161. 

  161.   - connlabel
    162. 

  162. 

  163. endef
    164. 

  164. 

  165. define Package/iptables-mod-filter
    166. 

  166. $(call Package/iptables/Module, +kmod-ipt-filter)
    167. 

  167.   TITLE:=Content inspection extensions
    168. 

  168. endef
    169. 

  169. 

  170. define Package/iptables-mod-filter/description
    171. 

  171. iptables extensions for packet content inspection.
    172. 

  172. Includes support for:
    173. 

  173. 

  174.  Matches:
    175. 

  175.   - string
    176. 

  176.   - bpf
    177. 

  177. 

  178. endef
    179. 

  179. 

  180. define Package/iptables-mod-ipopt
    181. 

  181. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    182. 

  182.   TITLE:=IP/Packet option extensions
    183. 

  183. endef
    184. 

  184. 

  185. define Package/iptables-mod-ipopt/description
    186. 

  186. iptables extensions for matching/changing IP packet options.
    187. 

  187. 

  188.  Matches:
    189. 

  189.   - dscp
    190. 

  190.   - ecn
    191. 

  191.   - length
    192. 

  192.   - statistic
    193. 

  193.   - tcpmss
    194. 

  194.   - unclean
    195. 

  195.   - hl
    196. 

  196. 

  197.  Targets:
    198. 

  198.   - DSCP
    199. 

  199.   - CLASSIFY
    200. 

  200.   - ECN
    201. 

  201.   - HL
    202. 

  202. 

  203. endef
    204. 

  204. 

  205. define Package/iptables-mod-ipsec
    206. 

  206. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    207. 

  207.   TITLE:=IPsec extensions
    208. 

  208. endef
    209. 

  209. 

  210. define Package/iptables-mod-ipsec/description
    211. 

  211. iptables extensions for matching ipsec traffic.
    212. 

  212. 

  213.  Matches:
    214. 

  214.   - ah
    215. 

  215.   - esp
    216. 

  216.   - policy
    217. 

  217. 

  218. endef
    219. 

  219. 

  220. define Package/iptables-mod-nat-extra
    221. 

  221. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    222. 

  222.   TITLE:=Extra NAT extensions
    223. 

  223. endef
    224. 

  224. 

  225. define Package/iptables-mod-nat-extra/description
    226. 

  226. iptables extensions for extra NAT targets.
    227. 

  227. 

  228.  Targets:
    229. 

  229.   - MIRROR
    230. 

  230.   - NETMAP
    231. 

  231. endef
    232. 

  232. 

  233. define Package/iptables-mod-ulog
    234. 

  234. $(call Package/iptables/Module, +kmod-ipt-ulog)
    235. 

  235.   TITLE:=user-space packet logging
    236. 

  236. endef
    237. 

  237. 

  238. define Package/iptables-mod-ulog/description
    239. 

  239. iptables extensions for user-space packet logging.
    240. 

  240. 

  241.  Targets:
    242. 

  242.   - ULOG
    243. 

  243. 

  244. endef
    245. 

  245. 

  246. define Package/iptables-mod-nflog
    247. 

  247. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    248. 

  248.   TITLE:=Netfilter NFLOG target
    249. 

  249. endef
    250. 

  250. 

  251. define Package/iptables-mod-nflog/description
    252. 

  252.  iptables extension for user-space logging via NFNETLINK.
    253. 

  253. 

  254.  Includes:
    255. 

  255.   - libxt_NFLOG
    256. 

  256. 

  257. endef
    258. 

  258. 

  259. define Package/iptables-mod-trace
    260. 

  260. $(call Package/iptables/Module, +kmod-ipt-debug)
    261. 

  261.   TITLE:=Netfilter TRACE target
    262. 

  262. endef
    263. 

  263. 

  264. define Package/iptables-mod-trace/description
    265. 

  265.  iptables extension for TRACE target
    266. 

  266. 

  267.  Includes:
    268. 

  268.   - libxt_TRACE
    269. 

  269. 

  270. endef
    271. 

  271. 

  272. 

  273. define Package/iptables-mod-nfqueue
    274. 

  274. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    275. 

  275.   TITLE:=Netfilter NFQUEUE target
    276. 

  276. endef
    277. 

  277. 

  278. define Package/iptables-mod-nfqueue/description
    279. 

  279.  iptables extension for user-space queuing via NFNETLINK.
    280. 

  280. 

  281.  Includes:
    282. 

  282.   - libxt_NFQUEUE
    283. 

  283. 

  284. endef
    285. 

  285. 

  286. define Package/iptables-mod-hashlimit
    287. 

  287. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    288. 

  288.   TITLE:=hashlimit matching
    289. 

  289. endef
    290. 

  290. 

  291. define Package/iptables-mod-hashlimit/description
    292. 

  292. iptables extensions for hashlimit matching
    293. 

  293. 

  294.  Matches:
    295. 

  295.   - hashlimit
    296. 

  296. 

  297. endef
    298. 

  298. 

  299. define Package/iptables-mod-rpfilter
    300. 

  300. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    301. 

  301.   TITLE:=rpfilter iptables extension
    302. 

  302. endef
    303. 

  303. 

  304. define Package/iptables-mod-rpfilter/description
    305. 

  305. iptables extensions for reverse path filter test on a packet
    306. 

  306. 

  307.  Matches:
    308. 

  308.   - rpfilter
    309. 

  309. 

  310. endef
    311. 

  311. 

  312. define Package/iptables-mod-iprange
    313. 

  313. $(call Package/iptables/Module, +kmod-ipt-iprange)
    314. 

  314.   TITLE:=IP range extension
    315. 

  315. endef
    316. 

  316. 

  317. define Package/iptables-mod-iprange/description
    318. 

  318. iptables extensions for matching ip ranges.
    319. 

  319. 

  320.  Matches:
    321. 

  321.   - iprange
    322. 

  322. 

  323. endef
    324. 

  324. 

  325. define Package/iptables-mod-cluster
    326. 

  326. $(call Package/iptables/Module, +kmod-ipt-cluster)
    327. 

  327.   TITLE:=Match cluster extension
    328. 

  328. endef
    329. 

  329. 

  330. define Package/iptables-mod-cluster/description
    331. 

  331. iptables extensions for matching cluster.
    332. 

  332. 

  333.  Netfilter (IPv4/IPv6) module for matching cluster
    334. 

  334.  This option allows you to build work-load-sharing clusters of
    335. 

  335.  network servers/stateful firewalls without having a dedicated
    336. 

  336.  load-balancing router/server/switch. Basically, this match returns
    337. 

  337.  true when the packet must be handled by this cluster node. Thus,
    338. 

  338.  all nodes see all packets and this match decides which node handles
    339. 

  339.  what packets. The work-load sharing algorithm is based on source
    340. 

  340.  address hashing.
    341. 

  341. 

  342.  This module is usable for ipv4 and ipv6.
    343. 

  343. 

  344.  If you select it, it enables kmod-ipt-cluster.
    345. 

  345. 

  346.  see `iptables -m cluster --help` for more information.
    347. 

  347. endef
    348. 

  348. 

  349. define Package/iptables-mod-clusterip
    350. 

  350. $(call Package/iptables/Module, +kmod-ipt-clusterip)
    351. 

  351.   TITLE:=Clusterip extension
    352. 

  352. endef
    353. 

  353. 

  354. define Package/iptables-mod-clusterip/description
    355. 

  355. iptables extensions for CLUSTERIP.
    356. 

  356.  The CLUSTERIP target allows you to build load-balancing clusters of
    357. 

  357.  network servers without having a dedicated load-balancing
    358. 

  358.  router/server/switch.
    359. 

  359. 

  360.  If you select it, it enables kmod-ipt-clusterip.
    361. 

  361. 

  362.  see `iptables -j CLUSTERIP --help` for more information.
    363. 

  363. endef
    364. 

  364. 

  365. define Package/iptables-mod-extra
    366. 

  366. $(call Package/iptables/Module, +kmod-ipt-extra)
    367. 

  367.   TITLE:=Other extra iptables extensions
    368. 

  368. endef
    369. 

  369. 

  370. define Package/iptables-mod-extra/description
    371. 

  371. Other extra iptables extensions.
    372. 

  372. 

  373.  Matches:
    374. 

  374.   - addrtype
    375. 

  375.   - condition
    376. 

  376.   - owner
    377. 

  377.   - pkttype
    378. 

  378.   - quota
    379. 

  379. 

  380. endef
    381. 

  381. 

  382. define Package/iptables-mod-physdev
    383. 

  383. $(call Package/iptables/Module, +kmod-ipt-physdev)
    384. 

  384.   TITLE:=physdev iptables extension
    385. 

  385. endef
    386. 

  386. 

  387. define Package/iptables-mod-physdev/description
    388. 

  388. The iptables physdev match.
    389. 

  389. endef
    390. 

  390. 

  391. define Package/iptables-mod-led
    392. 

  392. $(call Package/iptables/Module, +kmod-ipt-led)
    393. 

  393.   TITLE:=LED trigger iptables extension
    394. 

  394. endef
    395. 

  395. 

  396. define Package/iptables-mod-led/description
    397. 

  397. iptables extension for triggering a LED.
    398. 

  398. 

  399.  Targets:
    400. 

  400.   - LED
    401. 

  401. 

  402. endef
    403. 

  403. 

  404. define Package/iptables-mod-tproxy
    405. 

  405. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    406. 

  406.   TITLE:=Transparent proxy iptables extensions
    407. 

  407. endef
    408. 

  408. 

  409. define Package/iptables-mod-tproxy/description
    410. 

  410. Transparent proxy iptables extensions.
    411. 

  411. 

  412.  Matches:
    413. 

  413.   - socket
    414. 

  414. 

  415.  Targets:
    416. 

  416.   - TPROXY
    417. 

  417. 

  418. endef
    419. 

  419. 

  420. define Package/iptables-mod-tee
    421. 

  421. $(call Package/iptables/Module, +kmod-ipt-tee)
    422. 

  422.   TITLE:=TEE iptables extensions
    423. 

  423. endef
    424. 

  424. 

  425. define Package/iptables-mod-tee/description
    426. 

  426. TEE iptables extensions.
    427. 

  427. 

  428.  Targets:
    429. 

  429.   - TEE
    430. 

  430. 

  431. endef
    432. 

  432. 

  433. define Package/iptables-mod-u32
    434. 

  434. $(call Package/iptables/Module, +kmod-ipt-u32)
    435. 

  435.   TITLE:=U32 iptables extensions
    436. 

  436. endef
    437. 

  437. 

  438. define Package/iptables-mod-u32/description
    439. 

  439. U32 iptables extensions.
    440. 

  440. 

  441.  Matches:
    442. 

  442.   - u32
    443. 

  443. 

  444. endef
    445. 

  445. 

  446. define Package/iptables-mod-checksum
    447. 

  447. $(call Package/iptables/Module, +kmod-ipt-checksum)
    448. 

  448.   TITLE:=IP CHECKSUM target extension
    449. 

  449. endef
    450. 

  450. 

  451. define Package/iptables-mod-checksum/description
    452. 

  452. iptables extension for the CHECKSUM calculation target
    453. 

  453. endef
    454. 

  454. 

  455. define Package/ip6tables
    456. 

  456. $(call Package/iptables/Default)
    457. 

  457.   DEPENDS:=@IPV6 +kmod-ip6tables +iptables
    458. 

  458.   CATEGORY:=Network
    459. 

  459.   TITLE:=IPv6 firewall administration tool
    460. 

  460.   MENU:=1
    461. 

  461.   ALTERNATIVES:=\
    462. 

  462.     200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
    463. 

  463.     200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
    464. 

  464.     200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
    465. 

  465. endef
    466. 

  466. 

  467. define Package/ip6tables-nft
    468. 

  468. $(call Package/iptables/Default)
    469. 

  469.   DEPENDS:=@IPV6 +kmod-ip6tables +iptables-nft
    470. 

  470.   TITLE:=IP firewall administration tool nft
    471. 

  471.   ALTERNATIVES:=\
    472. 

  472.     300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
    473. 

  473.     300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
    474. 

  474.     300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
    475. 

  475. endef
    476. 

  476. 

  477. define Package/ip6tables-nft/description
    478. 

  478. Extra ip6tables nftables nft binaries.
    479. 

  479.   ip6tables-nft
    480. 

  480.   ip6tables-nft-restore
    481. 

  481.   ip6tables-nft-save
    482. 

  482.   ip6tables-translate
    483. 

  483.   ip6tables-restore-translate
    484. 

  484. endef
    485. 

  485. 

  486. define Package/ip6tables-extra
    487. 

  487. $(call Package/iptables/Default)
    488. 

  488.   DEPENDS:=ip6tables +kmod-ip6tables-extra
    489. 

  489.   TITLE:=IPv6 header matching modules
    490. 

  490. endef
    491. 

  491. 

  492. define Package/ip6tables-extra/description
    493. 

  493. iptables header matching modules for IPv6
    494. 

  494. endef
    495. 

  495. 

  496. define Package/ip6tables-mod-nat
    497. 

  497. $(call Package/iptables/Default)
    498. 

  498.   DEPENDS:=ip6tables +kmod-ipt-nat6
    499. 

  499.   TITLE:=IPv6 NAT extensions
    500. 

  500. endef
    501. 

  501. 

  502. define Package/ip6tables-mod-nat/description
    503. 

  503. iptables extensions for IPv6-NAT targets.
    504. 

  504. endef
    505. 

  505. 

  506. define Package/libip4tc
    507. 

  507. $(call Package/iptables/Default)
    508. 

  508.   SECTION:=libs
    509. 

  509.   CATEGORY:=Libraries
    510. 

  510.   TITLE:=IPv4 firewall - shared libiptc library
    511. 

  511.   ABI_VERSION:=2
    512. 

  512.   DEPENDS:=+libxtables
    513. 

  513. endef
    514. 

  514. 

  515. define Package/libip6tc
    516. 

  516. $(call Package/iptables/Default)
    517. 

  517.   SECTION:=libs
    518. 

  518.   CATEGORY:=Libraries
    519. 

  519.   TITLE:=IPv6 firewall - shared libiptc library
    520. 

  520.   ABI_VERSION:=2
    521. 

  521.   DEPENDS:=+libxtables
    522. 

  522. endef
    523. 

  523. 

  524. define Package/libxtables
    525. 

  525.  $(call Package/iptables/Default)
    526. 

  526.  SECTION:=libs
    527. 

  527.  CATEGORY:=Libraries
    528. 

  528.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    529. 

  529.  ABI_VERSION:=12
    530. 

  530.  DEPENDS:= \
    531. 

  531. 	+IPTABLES_CONNLABEL:libnetfilter-conntrack \
    532. 

  532. 	+IPTABLES_NFTABLES:libnftnl
    533. 

  533. endef
    534. 

  534. 

  535. define Package/libxtables-nft
    536. 

  536.  $(call Package/iptables/Default)
    537. 

  537.  SECTION:=libs
    538. 

  538.  CATEGORY:=Libraries
    539. 

  539.  TITLE:=IPv4/IPv6 firewall - shared xtables nft library
    540. 

  540.  ABI_VERSION:=12
    541. 

  541.  DEPENDS:=+libxtables
    542. 

  542. endef
    543. 

  543. 

  544. TARGET_CPPFLAGS := \
    545. 

  545. 	-I$(PKG_BUILD_DIR)/include \
    546. 

  546. 	-I$(LINUX_DIR)/user_headers/include \
    547. 

  547. 	$(TARGET_CPPFLAGS)
    548. 

  548. 

  549. TARGET_CFLAGS += \
    550. 

  550. 	-I$(PKG_BUILD_DIR)/include \
    551. 

  551. 	-I$(LINUX_DIR)/user_headers/include \
    552. 

  552. 	-ffunction-sections -fdata-sections \
    553. 

  553. 	-DNO_LEGACY
    554. 

  554. 

  555. TARGET_LDFLAGS += \
    556. 

  556. 	-Wl,--gc-sections
    557. 

  557. 

  558. CONFIGURE_ARGS += \
    559. 

  559. 	--enable-shared \
    560. 

  560. 	--enable-static \
    561. 

  561. 	--enable-devel \
    562. 

  562. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    563. 

  563. 	--with-xtlibdir=/usr/lib/iptables \
    564. 

  564. 	--with-xt-lock-name=/var/run/xtables.lock \
    565. 

  565. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    566. 

  566. 	$(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
    567. 

  567. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    568. 

  568. 

  569. MAKE_FLAGS := \
    570. 

  570. 	$(TARGET_CONFIGURE_OPTS) \
    571. 

  571. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    572. 

  572. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    573. 

  573. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    574. 

  574. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    575. 

  575. 

  576. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    577. 

  577.   define Build/Configure/rebuild
    578. 

  578. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    579. 

  579. 	rm -f $(PKG_BUILD_DIR)/.config_*
    580. 

  580. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    581. 

  581. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    582. 

  582.   endef
    583. 

  583. endif
    584. 

  584. 

  585. define Build/Configure
    586. 

  586. $(Build/Configure/rebuild)
    587. 

  587. $(Build/Configure/Default)
    588. 

  588. endef
    589. 

  589. 

  590. define Build/InstallDev
    591. 

  591. 	$(INSTALL_DIR) $(1)/usr/include
    592. 

  592. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    593. 

  593. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    594. 

  594. 

  595. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    596. 

  596. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    597. 

  597. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    598. 

  598. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    599. 

  599. 	$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
    600. 

  600. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    601. 

  601. 

  602. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    603. 

  603. 	$(INSTALL_DIR) $(1)/usr/lib
    604. 

  604. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    605. 

  605. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    606. 

  606. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    607. 

  607. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    608. 

  608. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    609. 

  609. 

  610. 	# XXX: needed by firewall3
    611. 

  611. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    612. 

  612. endef
    613. 

  613. 

  614. define Package/iptables/install
    615. 

  615. 	$(INSTALL_DIR) $(1)/usr/sbin
    616. 

  616. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
    617. 

  617. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
    618. 

  618. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    619. 

  619. endef
    620. 

  620. 

  621. define Package/iptables-nft/install
    622. 

  622. 	$(INSTALL_DIR) $(1)/usr/sbin
    623. 

  623. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
    624. 

  624. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
    625. 

  625. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
    626. 

  626. endef
    627. 

  627. 

  628. define Package/ip6tables/install
    629. 

  629. 	$(INSTALL_DIR) $(1)/usr/sbin
    630. 

  630. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
    631. 

  631. endef
    632. 

  632. 

  633. define Package/ip6tables-nft/install
    634. 

  634. 	$(INSTALL_DIR) $(1)/usr/sbin
    635. 

  635. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
    636. 

  636. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
    637. 

  637. endef
    638. 

  638. 

  639. define Package/libip4tc/install
    640. 

  640. 	$(INSTALL_DIR) $(1)/usr/lib
    641. 

  641. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
    642. 

  642. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    643. 

  643. endef
    644. 

  644. 

  645. define Package/libip6tc/install
    646. 

  646. 	$(INSTALL_DIR) $(1)/usr/lib
    647. 

  647. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
    648. 

  648. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    649. 

  649. endef
    650. 

  650. 

  651. define Package/libxtables/install
    652. 

  652. 	$(INSTALL_DIR) $(1)/usr/lib
    653. 

  653. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
    654. 

  654. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    655. 

  655. endef
    656. 

  656. 

  657. define Package/libxtables-nft/install
    658. 

  658. 	$(INSTALL_DIR) $(1)/usr/lib
    659. 

  659. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
    660. 

  660. endef
    661. 

  661. 

  662. define BuildPlugin
    663. 

  663.   define Package/$(1)/install
    664. 

  664. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    665. 

  665. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    666. 

  666. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    667. 

  667. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    668. 

  668. 		fi; \
    669. 

  669. 	done
    670. 

  670. 	$(3)
    671. 

  671.   endef
    672. 

  672. 

  673.   $$(eval $$(call BuildPackage,$(1)))
    674. 

  674. endef
    675. 

  675. 

  676. $(eval $(call BuildPackage,libxtables))
    677. 

  677. $(eval $(call BuildPackage,libxtables-nft))
    678. 

  678. $(eval $(call BuildPackage,libip4tc))
    679. 

  679. $(eval $(call BuildPackage,libip6tc))
    680. 

  680. $(eval $(call BuildPackage,iptables))
    681. 

  681. $(eval $(call BuildPackage,iptables-nft))
    682. 

  682. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    683. 

  683. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    684. 

  684. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    685. 

  685. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    686. 

  686. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    687. 

  687. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    688. 

  688. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    689. 

  689. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    690. 

  690. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    691. 

  691. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    692. 

  692. $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
    693. 

  693. $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
    694. 

  694. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    695. 

  695. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    696. 

  696. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    697. 

  697. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    698. 

  698. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    699. 

  699. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    700. 

  700. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    701. 

  701. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    702. 

  702. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    703. 

  703. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    704. 

  704. $(eval $(call BuildPackage,ip6tables))
    705. 

  705. $(eval $(call BuildPackage,ip6tables-nft))
    706. 

  706. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    707. 

  707. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    708. 

  708.