Startsida Utforska Hjälp
Registrera dig Logga in
OpenWrt
/
openwrt
spegling av https://github.com/openwrt/openwrt.git
2
0
Fork 0
Filer Ärenden 0 Wiki
Träd: 7f54bf6fe2
Grenar Taggar
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 20 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.8.8
    13. 

  13. PKG_RELEASE:=1
    14. 

  14. 

  15. PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
    16. 

  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
    17. 

  17. PKG_HASH:=71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f
    18. 

  18. 

  19. PKG_FIXUP:=autoreconf
    20. 

  20. PKG_FLAGS:=nonshared
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_PARALLEL:=1
    24. 

  24. PKG_LICENSE:=GPL-2.0
    25. 

  25. PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
    26. 

  26. 

  27. include $(INCLUDE_DIR)/package.mk
    28. 

  28. ifeq ($(DUMP),)
    29. 

  29.   -include $(LINUX_DIR)/.config
    30. 

  30.   include $(INCLUDE_DIR)/netfilter.mk
    31. 

  31.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
    32. 

  32. endif
    33. 

  33. 

  34. 

  35. define Package/iptables/Default
    36. 

  36.   SECTION:=net
    37. 

  37.   CATEGORY:=Network
    38. 

  38.   SUBMENU:=Firewall
    39. 

  39.   URL:=https://netfilter.org/
    40. 

  40. endef
    41. 

  41. 

  42. define Package/iptables/Module
    43. 

  43. $(call Package/iptables/Default)
    44. 

  44.   DEPENDS:=+libxtables $(1)
    45. 

  45. endef
    46. 

  46. 

  47. define Package/xtables-legacy
    48. 

  48. $(call Package/iptables/Default)
    49. 

  49.   TITLE:=IP firewall administration tool
    50. 

  50.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
    51. 

  51. endef
    52. 

  52. 

  53. define Package/iptables-zz-legacy
    54. 

  54. $(call Package/iptables/Default)
    55. 

  55.   TITLE:=IP firewall administration tool
    56. 

  56.   DEPENDS+= +xtables-legacy
    57. 

  57.   PROVIDES:=iptables iptables-legacy
    58. 

  58.   ALTERNATIVES:=\
    59. 

  59.     200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
    60. 

  60.     200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
    61. 

  61.     200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
    62. 

  62. endef
    63. 

  63. 

  64. define Package/iptables-zz-legacy/description
    65. 

  65. IP firewall administration tool.
    66. 

  66. 

  67.  Matches:
    68. 

  68.   - icmp
    69. 

  69.   - tcp
    70. 

  70.   - udp
    71. 

  71.   - comment
    72. 

  72.   - conntrack
    73. 

  73.   - limit
    74. 

  74.   - mac
    75. 

  75.   - mark
    76. 

  76.   - multiport
    77. 

  77.   - set
    78. 

  78.   - state
    79. 

  79.   - time
    80. 

  80. 

  81.  Targets:
    82. 

  82.   - ACCEPT
    83. 

  83.   - CT
    84. 

  84.   - DNAT
    85. 

  85.   - DROP
    86. 

  86.   - REJECT
    87. 

  87.   - FLOWOFFLOAD
    88. 

  88.   - LOG
    89. 

  89.   - MARK
    90. 

  90.   - MASQUERADE
    91. 

  91.   - REDIRECT
    92. 

  92.   - SET
    93. 

  93.   - SNAT
    94. 

  94.   - TCPMSS
    95. 

  95. 

  96.  Tables:
    97. 

  97.   - filter
    98. 

  98.   - mangle
    99. 

  99.   - nat
    100. 

  100.   - raw
    101. 

  101. 

  102. endef
    103. 

  103. 

  104. define Package/xtables-nft
    105. 

  105. $(call Package/iptables/Default)
    106. 

  106.   TITLE:=IP firewall administration tool nft
    107. 

  107.   DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
    108. 

  108. endef
    109. 

  109. 

  110. define Package/arptables-nft
    111. 

  111. $(call Package/iptables/Default)
    112. 

  112.   DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
    113. 

  113.   TITLE:=ARP firewall administration tool nft
    114. 

  114.   PROVIDES:=arptables
    115. 

  115.   ALTERNATIVES:=\
    116. 

  116.     300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \
    117. 

  117.     300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \
    118. 

  118.     300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi
    119. 

  119. endef
    120. 

  120. 

  121. define Package/ebtables-nft
    122. 

  122. $(call Package/iptables/Default)
    123. 

  123.   DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
    124. 

  124.   TITLE:=Bridge firewall administration tool nft
    125. 

  125.   PROVIDES:=ebtables
    126. 

  126.   ALTERNATIVES:=\
    127. 

  127.     300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \
    128. 

  128.     300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \
    129. 

  129.     300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi
    130. 

  130. endef
    131. 

  131. 

  132. define Package/iptables-nft
    133. 

  133. $(call Package/iptables/Default)
    134. 

  134.   TITLE:=IP firewall administration tool nft
    135. 

  135.   DEPENDS:=+kmod-ipt-core +xtables-nft
    136. 

  136.   PROVIDES:=iptables
    137. 

  137.   ALTERNATIVES:=\
    138. 

  138.     300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
    139. 

  139.     300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
    140. 

  140.     300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
    141. 

  141. endef
    142. 

  142. 

  143. define Package/iptables-nft/description
    144. 

  144. Extra iptables nftables nft binaries.
    145. 

  145.   iptables-nft
    146. 

  146.   iptables-nft-restore
    147. 

  147.   iptables-nft-save
    148. 

  148.   iptables-translate
    149. 

  149.   iptables-restore-translate
    150. 

  150. endef
    151. 

  151. 

  152. define Package/iptables-mod-conntrack-extra
    153. 

  153. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
    154. 

  154.   TITLE:=Extra connection tracking extensions
    155. 

  155. endef
    156. 

  156. 

  157. define Package/iptables-mod-conntrack-extra/description
    158. 

  158. Extra iptables extensions for connection tracking.
    159. 

  159. 

  160.  Matches:
    161. 

  161.   - connbytes
    162. 

  162.   - connlimit
    163. 

  163.   - connmark
    164. 

  164.   - recent
    165. 

  165.   - helper
    166. 

  166. 

  167.  Targets:
    168. 

  168.   - CONNMARK
    169. 

  169. 

  170. endef
    171. 

  171. 

  172. define Package/iptables-mod-conntrack-label
    173. 

  173. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    174. 

  174.   TITLE:=Connection tracking labeling extension
    175. 

  175.   DEFAULT:=y if IPTABLES_CONNLABEL
    176. 

  176. endef
    177. 

  177. 

  178. define Package/iptables-mod-conntrack-label/description
    179. 

  179. Match and set label(s) on connection tracking entries
    180. 

  180. 

  181.  Matches:
    182. 

  182.   - connlabel
    183. 

  183. 

  184. endef
    185. 

  185. 

  186. define Package/iptables-mod-filter
    187. 

  187. $(call Package/iptables/Module, +kmod-ipt-filter)
    188. 

  188.   TITLE:=Content inspection extensions
    189. 

  189. endef
    190. 

  190. 

  191. define Package/iptables-mod-filter/description
    192. 

  192. iptables extensions for packet content inspection.
    193. 

  193. Includes support for:
    194. 

  194. 

  195.  Matches:
    196. 

  196.   - string
    197. 

  197.   - bpf
    198. 

  198. 

  199. endef
    200. 

  200. 

  201. define Package/iptables-mod-ipopt
    202. 

  202. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    203. 

  203.   TITLE:=IP/Packet option extensions
    204. 

  204. endef
    205. 

  205. 

  206. define Package/iptables-mod-ipopt/description
    207. 

  207. iptables extensions for matching/changing IP packet options.
    208. 

  208. 

  209.  Matches:
    210. 

  210.   - dscp
    211. 

  211.   - ecn
    212. 

  212.   - length
    213. 

  213.   - statistic
    214. 

  214.   - tcpmss
    215. 

  215.   - unclean
    216. 

  216.   - hl
    217. 

  217. 

  218.  Targets:
    219. 

  219.   - DSCP
    220. 

  220.   - CLASSIFY
    221. 

  221.   - ECN
    222. 

  222.   - HL
    223. 

  223. 

  224. endef
    225. 

  225. 

  226. define Package/iptables-mod-ipsec
    227. 

  227. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    228. 

  228.   TITLE:=IPsec extensions
    229. 

  229. endef
    230. 

  230. 

  231. define Package/iptables-mod-ipsec/description
    232. 

  232. iptables extensions for matching ipsec traffic.
    233. 

  233. 

  234.  Matches:
    235. 

  235.   - ah
    236. 

  236.   - esp
    237. 

  237.   - policy
    238. 

  238. 

  239. endef
    240. 

  240. 

  241. define Package/iptables-mod-nat-extra
    242. 

  242. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    243. 

  243.   TITLE:=Extra NAT extensions
    244. 

  244. endef
    245. 

  245. 

  246. define Package/iptables-mod-nat-extra/description
    247. 

  247. iptables extensions for extra NAT targets.
    248. 

  248. 

  249.  Targets:
    250. 

  250.   - MIRROR
    251. 

  251.   - NETMAP
    252. 

  252. endef
    253. 

  253. 

  254. define Package/iptables-mod-ulog
    255. 

  255. $(call Package/iptables/Module, +kmod-ipt-ulog)
    256. 

  256.   TITLE:=user-space packet logging
    257. 

  257. endef
    258. 

  258. 

  259. define Package/iptables-mod-ulog/description
    260. 

  260. iptables extensions for user-space packet logging.
    261. 

  261. 

  262.  Targets:
    263. 

  263.   - ULOG
    264. 

  264. 

  265. endef
    266. 

  266. 

  267. define Package/iptables-mod-nflog
    268. 

  268. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    269. 

  269.   TITLE:=Netfilter NFLOG target
    270. 

  270. endef
    271. 

  271. 

  272. define Package/iptables-mod-nflog/description
    273. 

  273.  iptables extension for user-space logging via NFNETLINK.
    274. 

  274. 

  275.  Includes:
    276. 

  276.   - libxt_NFLOG
    277. 

  277. 

  278. endef
    279. 

  279. 

  280. define Package/iptables-mod-trace
    281. 

  281. $(call Package/iptables/Module, +kmod-ipt-debug)
    282. 

  282.   TITLE:=Netfilter TRACE target
    283. 

  283. endef
    284. 

  284. 

  285. define Package/iptables-mod-trace/description
    286. 

  286.  iptables extension for TRACE target
    287. 

  287. 

  288.  Includes:
    289. 

  289.   - libxt_TRACE
    290. 

  290. 

  291. endef
    292. 

  292. 

  293. 

  294. define Package/iptables-mod-nfqueue
    295. 

  295. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    296. 

  296.   TITLE:=Netfilter NFQUEUE target
    297. 

  297. endef
    298. 

  298. 

  299. define Package/iptables-mod-nfqueue/description
    300. 

  300.  iptables extension for user-space queuing via NFNETLINK.
    301. 

  301. 

  302.  Includes:
    303. 

  303.   - libxt_NFQUEUE
    304. 

  304. 

  305. endef
    306. 

  306. 

  307. define Package/iptables-mod-hashlimit
    308. 

  308. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    309. 

  309.   TITLE:=hashlimit matching
    310. 

  310. endef
    311. 

  311. 

  312. define Package/iptables-mod-hashlimit/description
    313. 

  313. iptables extensions for hashlimit matching
    314. 

  314. 

  315.  Matches:
    316. 

  316.   - hashlimit
    317. 

  317. 

  318. endef
    319. 

  319. 

  320. define Package/iptables-mod-rpfilter
    321. 

  321. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    322. 

  322.   TITLE:=rpfilter iptables extension
    323. 

  323. endef
    324. 

  324. 

  325. define Package/iptables-mod-rpfilter/description
    326. 

  326. iptables extensions for reverse path filter test on a packet
    327. 

  327. 

  328.  Matches:
    329. 

  329.   - rpfilter
    330. 

  330. 

  331. endef
    332. 

  332. 

  333. define Package/iptables-mod-iprange
    334. 

  334. $(call Package/iptables/Module, +kmod-ipt-iprange)
    335. 

  335.   TITLE:=IP range extension
    336. 

  336. endef
    337. 

  337. 

  338. define Package/iptables-mod-iprange/description
    339. 

  339. iptables extensions for matching ip ranges.
    340. 

  340. 

  341.  Matches:
    342. 

  342.   - iprange
    343. 

  343. 

  344. endef
    345. 

  345. 

  346. define Package/iptables-mod-cluster
    347. 

  347. $(call Package/iptables/Module, +kmod-ipt-cluster)
    348. 

  348.   TITLE:=Match cluster extension
    349. 

  349. endef
    350. 

  350. 

  351. define Package/iptables-mod-cluster/description
    352. 

  352. iptables extensions for matching cluster.
    353. 

  353. 

  354.  Netfilter (IPv4/IPv6) module for matching cluster
    355. 

  355.  This option allows you to build work-load-sharing clusters of
    356. 

  356.  network servers/stateful firewalls without having a dedicated
    357. 

  357.  load-balancing router/server/switch. Basically, this match returns
    358. 

  358.  true when the packet must be handled by this cluster node. Thus,
    359. 

  359.  all nodes see all packets and this match decides which node handles
    360. 

  360.  what packets. The work-load sharing algorithm is based on source
    361. 

  361.  address hashing.
    362. 

  362. 

  363.  This module is usable for ipv4 and ipv6.
    364. 

  364. 

  365.  If you select it, it enables kmod-ipt-cluster.
    366. 

  366. 

  367.  see `iptables -m cluster --help` for more information.
    368. 

  368. endef
    369. 

  369. 

  370. define Package/iptables-mod-clusterip
    371. 

  371. $(call Package/iptables/Module, +kmod-ipt-clusterip)
    372. 

  372.   TITLE:=Clusterip extension
    373. 

  373. endef
    374. 

  374. 

  375. define Package/iptables-mod-clusterip/description
    376. 

  376. iptables extensions for CLUSTERIP.
    377. 

  377.  The CLUSTERIP target allows you to build load-balancing clusters of
    378. 

  378.  network servers without having a dedicated load-balancing
    379. 

  379.  router/server/switch.
    380. 

  380. 

  381.  If you select it, it enables kmod-ipt-clusterip.
    382. 

  382. 

  383.  see `iptables -j CLUSTERIP --help` for more information.
    384. 

  384. endef
    385. 

  385. 

  386. define Package/iptables-mod-extra
    387. 

  387. $(call Package/iptables/Module, +kmod-ipt-extra)
    388. 

  388.   TITLE:=Other extra iptables extensions
    389. 

  389. endef
    390. 

  390. 

  391. define Package/iptables-mod-extra/description
    392. 

  392. Other extra iptables extensions.
    393. 

  393. 

  394.  Matches:
    395. 

  395.   - addrtype
    396. 

  396.   - condition
    397. 

  397.   - owner
    398. 

  398.   - pkttype
    399. 

  399.   - quota
    400. 

  400. 

  401. endef
    402. 

  402. 

  403. define Package/iptables-mod-physdev
    404. 

  404. $(call Package/iptables/Module, +kmod-ipt-physdev)
    405. 

  405.   TITLE:=physdev iptables extension
    406. 

  406. endef
    407. 

  407. 

  408. define Package/iptables-mod-physdev/description
    409. 

  409. The iptables physdev match.
    410. 

  410. endef
    411. 

  411. 

  412. define Package/iptables-mod-led
    413. 

  413. $(call Package/iptables/Module, +kmod-ipt-led)
    414. 

  414.   TITLE:=LED trigger iptables extension
    415. 

  415. endef
    416. 

  416. 

  417. define Package/iptables-mod-led/description
    418. 

  418. iptables extension for triggering a LED.
    419. 

  419. 

  420.  Targets:
    421. 

  421.   - LED
    422. 

  422. 

  423. endef
    424. 

  424. 

  425. define Package/iptables-mod-socket
    426. 

  426. $(call Package/iptables/Module, +kmod-ipt-socket)
    427. 

  427.   TITLE:=Socket match iptables extensions
    428. 

  428. endef
    429. 

  429. 

  430. define Package/iptables-mod-socket/description
    431. 

  431. Socket match iptables extensions.
    432. 

  432. 

  433.  Matches:
    434. 

  434.   - socket
    435. 

  435. 

  436. endef
    437. 

  437. 

  438. define Package/iptables-mod-tproxy
    439. 

  439. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    440. 

  440.   TITLE:=Transparent proxy iptables extensions
    441. 

  441. endef
    442. 

  442. 

  443. define Package/iptables-mod-tproxy/description
    444. 

  444. Transparent proxy iptables extensions.
    445. 

  445. 

  446.  Targets:
    447. 

  447.   - TPROXY
    448. 

  448. 

  449. endef
    450. 

  450. 

  451. define Package/iptables-mod-tee
    452. 

  452. $(call Package/iptables/Module, +kmod-ipt-tee)
    453. 

  453.   TITLE:=TEE iptables extensions
    454. 

  454. endef
    455. 

  455. 

  456. define Package/iptables-mod-tee/description
    457. 

  457. TEE iptables extensions.
    458. 

  458. 

  459.  Targets:
    460. 

  460.   - TEE
    461. 

  461. 

  462. endef
    463. 

  463. 

  464. define Package/iptables-mod-u32
    465. 

  465. $(call Package/iptables/Module, +kmod-ipt-u32)
    466. 

  466.   TITLE:=U32 iptables extensions
    467. 

  467. endef
    468. 

  468. 

  469. define Package/iptables-mod-u32/description
    470. 

  470. U32 iptables extensions.
    471. 

  471. 

  472.  Matches:
    473. 

  473.   - u32
    474. 

  474. 

  475. endef
    476. 

  476. 

  477. define Package/iptables-mod-checksum
    478. 

  478. $(call Package/iptables/Module, +kmod-ipt-checksum)
    479. 

  479.   TITLE:=IP CHECKSUM target extension
    480. 

  480. endef
    481. 

  481. 

  482. define Package/iptables-mod-checksum/description
    483. 

  483. iptables extension for the CHECKSUM calculation target
    484. 

  484. endef
    485. 

  485. 

  486. define Package/ip6tables-zz-legacy
    487. 

  487. $(call Package/iptables/Default)
    488. 

  488.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
    489. 

  489.   CATEGORY:=Network
    490. 

  490.   TITLE:=IPv6 firewall administration tool
    491. 

  491.   PROVIDES:=ip6tables ip6tables-legacy
    492. 

  492.   ALTERNATIVES:=\
    493. 

  493.     200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
    494. 

  494.     200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
    495. 

  495.     200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
    496. 

  496. endef
    497. 

  497. 

  498. define Package/ip6tables-nft
    499. 

  499. $(call Package/iptables/Default)
    500. 

  500.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
    501. 

  501.   TITLE:=IP firewall administration tool nft
    502. 

  502.   PROVIDES:=ip6tables
    503. 

  503.   ALTERNATIVES:=\
    504. 

  504.     300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
    505. 

  505.     300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
    506. 

  506.     300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
    507. 

  507. endef
    508. 

  508. 

  509. define Package/ip6tables-nft/description
    510. 

  510. Extra ip6tables nftables nft binaries.
    511. 

  511.   ip6tables-nft
    512. 

  512.   ip6tables-nft-restore
    513. 

  513.   ip6tables-nft-save
    514. 

  514.   ip6tables-translate
    515. 

  515.   ip6tables-restore-translate
    516. 

  516. endef
    517. 

  517. 

  518. define Package/ip6tables-extra
    519. 

  519. $(call Package/iptables/Default)
    520. 

  520.   DEPENDS:=+libxtables +kmod-ip6tables-extra
    521. 

  521.   TITLE:=IPv6 header matching modules
    522. 

  522. endef
    523. 

  523. 

  524. define Package/ip6tables-extra/description
    525. 

  525. iptables header matching modules for IPv6
    526. 

  526. endef
    527. 

  527. 

  528. define Package/ip6tables-mod-nat
    529. 

  529. $(call Package/iptables/Default)
    530. 

  530.   DEPENDS:=+libxtables +kmod-ipt-nat6
    531. 

  531.   TITLE:=IPv6 NAT extensions
    532. 

  532. endef
    533. 

  533. 

  534. define Package/ip6tables-mod-nat/description
    535. 

  535. iptables extensions for IPv6-NAT targets.
    536. 

  536. endef
    537. 

  537. 

  538. define Package/libip4tc
    539. 

  539. $(call Package/iptables/Default)
    540. 

  540.   SECTION:=libs
    541. 

  541.   CATEGORY:=Libraries
    542. 

  542.   TITLE:=IPv4 firewall - shared libiptc library
    543. 

  543.   ABI_VERSION:=2
    544. 

  544. endef
    545. 

  545. 

  546. define Package/libip6tc
    547. 

  547. $(call Package/iptables/Default)
    548. 

  548.   SECTION:=libs
    549. 

  549.   CATEGORY:=Libraries
    550. 

  550.   TITLE:=IPv6 firewall - shared libiptc library
    551. 

  551.   ABI_VERSION:=2
    552. 

  552. endef
    553. 

  553. 

  554. define Package/libiptext
    555. 

  555.  $(call Package/iptables/Default)
    556. 

  556.  SECTION:=libs
    557. 

  557.  CATEGORY:=Libraries
    558. 

  558.  TITLE:=IPv4 firewall - shared libiptext library
    559. 

  559.  ABI_VERSION:=0
    560. 

  560.  DEPENDS:=+libxtables
    561. 

  561. endef
    562. 

  562. 

  563. define Package/libiptext6
    564. 

  564.  $(call Package/iptables/Default)
    565. 

  565.  SECTION:=libs
    566. 

  566.  CATEGORY:=Libraries
    567. 

  567.  TITLE:=IPv6 firewall - shared libiptext library
    568. 

  568.  ABI_VERSION:=0
    569. 

  569.  DEPENDS:=+libxtables
    570. 

  570. endef
    571. 

  571. 

  572. define Package/libiptext-nft
    573. 

  573.  $(call Package/iptables/Default)
    574. 

  574.  SECTION:=libs
    575. 

  575.  CATEGORY:=Libraries
    576. 

  576.  TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
    577. 

  577.  ABI_VERSION:=0
    578. 

  578.  DEPENDS:=+libxtables
    579. 

  579. endef
    580. 

  580. 

  581. define Package/libxtables
    582. 

  582.  $(call Package/iptables/Default)
    583. 

  583.  SECTION:=libs
    584. 

  584.  CATEGORY:=Libraries
    585. 

  585.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    586. 

  586.  MENU:=1
    587. 

  587.  ABI_VERSION:=12
    588. 

  588.  DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
    589. 

  589. endef
    590. 

  590. 

  591. define Package/libxtables/config
    592. 

  592.   config IPTABLES_CONNLABEL
    593. 

  593. 	bool "Enable Connlabel support"
    594. 

  594. 	default n
    595. 

  595. 	help
    596. 

  596. 		This enable connlabel support in iptables.
    597. 

  597. endef
    598. 

  598. 

  599. TARGET_CPPFLAGS := \
    600. 

  600. 	-I$(PKG_BUILD_DIR)/include \
    601. 

  601. 	-I$(LINUX_DIR)/user_headers/include \
    602. 

  602. 	$(TARGET_CPPFLAGS)
    603. 

  603. 

  604. TARGET_CFLAGS += \
    605. 

  605. 	-I$(PKG_BUILD_DIR)/include \
    606. 

  606. 	-I$(LINUX_DIR)/user_headers/include \
    607. 

  607. 	-ffunction-sections -fdata-sections \
    608. 

  608. 	-DNO_LEGACY
    609. 

  609. 

  610. TARGET_LDFLAGS += \
    611. 

  611. 	-Wl,--gc-sections
    612. 

  612. 

  613. CONFIGURE_ARGS += \
    614. 

  614. 	--enable-shared \
    615. 

  615. 	--enable-static \
    616. 

  616. 	--enable-devel \
    617. 

  617. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    618. 

  618. 	--with-xtlibdir=/usr/lib/iptables \
    619. 

  619. 	--with-xt-lock-name=/var/run/xtables.lock \
    620. 

  620. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    621. 

  621. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    622. 

  622. 

  623. MAKE_FLAGS := \
    624. 

  624. 	$(TARGET_CONFIGURE_OPTS) \
    625. 

  625. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    626. 

  626. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    627. 

  627. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    628. 

  628. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    629. 

  629. 

  630. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    631. 

  631.   define Build/Configure/rebuild
    632. 

  632. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    633. 

  633. 	rm -f $(PKG_BUILD_DIR)/.config_*
    634. 

  634. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    635. 

  635. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    636. 

  636.   endef
    637. 

  637. endif
    638. 

  638. 

  639. define Build/Configure
    640. 

  640. $(Build/Configure/rebuild)
    641. 

  641. $(Build/Configure/Default)
    642. 

  642. endef
    643. 

  643. 

  644. define Build/InstallDev
    645. 

  645. 	$(INSTALL_DIR) $(1)/usr/include
    646. 

  646. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    647. 

  647. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    648. 

  648. 

  649. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    650. 

  650. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    651. 

  651. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    652. 

  652. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    653. 

  653. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    654. 

  654. 

  655. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    656. 

  656. 	$(INSTALL_DIR) $(1)/usr/lib
    657. 

  657. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    658. 

  658. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    659. 

  659. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    660. 

  660. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    661. 

  661. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    662. 

  662. 

  663. 	# XXX: needed by firewall3
    664. 

  664. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    665. 

  665. endef
    666. 

  666. 

  667. define Package/xtables-legacy/install
    668. 

  668. 	$(INSTALL_DIR) $(1)/usr/sbin
    669. 

  669. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
    670. 

  670. endef
    671. 

  671. 

  672. define Package/iptables-zz-legacy/install
    673. 

  673. 	$(INSTALL_DIR) $(1)/usr/sbin
    674. 

  674. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
    675. 

  675. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    676. 

  676. endef
    677. 

  677. 

  678. define Package/xtables-nft/install
    679. 

  679. 	$(INSTALL_DIR) $(1)/usr/sbin
    680. 

  680. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
    681. 

  681. endef
    682. 

  682. 

  683. define Package/arptables-nft/install
    684. 

  684. 	$(INSTALL_DIR) $(1)/usr/sbin
    685. 

  685. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/
    686. 

  686. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    687. 

  687. 	$(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
    688. 

  688. endef
    689. 

  689. 

  690. define Package/ebtables-nft/install
    691. 

  691. 	$(INSTALL_DIR) $(1)/usr/sbin
    692. 

  692. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/
    693. 

  693. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    694. 

  694. 	$(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
    695. 

  695. endef
    696. 

  696. 

  697. define Package/iptables-nft/install
    698. 

  698. 	$(INSTALL_DIR) $(1)/usr/sbin
    699. 

  699. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
    700. 

  700. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
    701. 

  701. endef
    702. 

  702. 

  703. define Package/ip6tables-zz-legacy/install
    704. 

  704. 	$(INSTALL_DIR) $(1)/usr/sbin
    705. 

  705. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
    706. 

  706. endef
    707. 

  707. 

  708. define Package/ip6tables-nft/install
    709. 

  709. 	$(INSTALL_DIR) $(1)/usr/sbin
    710. 

  710. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
    711. 

  711. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
    712. 

  712. endef
    713. 

  713. 

  714. define Package/libip4tc/install
    715. 

  715. 	$(INSTALL_DIR) $(1)/usr/lib
    716. 

  716. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
    717. 

  717. endef
    718. 

  718. 

  719. define Package/libip6tc/install
    720. 

  720. 	$(INSTALL_DIR) $(1)/usr/lib
    721. 

  721. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
    722. 

  722. endef
    723. 

  723. 

  724. define Package/libiptext/install
    725. 

  725. 	$(INSTALL_DIR) $(1)/usr/lib
    726. 

  726. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    727. 

  727. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    728. 

  728. endef
    729. 

  729. 

  730. define Package/libiptext6/install
    731. 

  731. 	$(INSTALL_DIR) $(1)/usr/lib
    732. 

  732. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    733. 

  733. endef
    734. 

  734. 

  735. define Package/libiptext-nft/install
    736. 

  736. 	$(INSTALL_DIR) $(1)/usr/lib
    737. 

  737. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
    738. 

  738. endef
    739. 

  739. 

  740. define Package/libxtables/install
    741. 

  741. 	$(INSTALL_DIR) $(1)/usr/lib
    742. 

  742. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
    743. 

  743. endef
    744. 

  744. 

  745. define BuildPlugin
    746. 

  746.   define Package/$(1)/install
    747. 

  747. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    748. 

  748. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    749. 

  749. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    750. 

  750. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    751. 

  751. 		fi; \
    752. 

  752. 	done
    753. 

  753. 	$(3)
    754. 

  754.   endef
    755. 

  755. 

  756.   $$(eval $$(call BuildPackage,$(1)))
    757. 

  757. endef
    758. 

  758. 

  759. $(eval $(call BuildPackage,libxtables))
    760. 

  760. $(eval $(call BuildPackage,libip4tc))
    761. 

  761. $(eval $(call BuildPackage,libip6tc))
    762. 

  762. $(eval $(call BuildPackage,libiptext))
    763. 

  763. $(eval $(call BuildPackage,libiptext6))
    764. 

  764. $(eval $(call BuildPackage,libiptext-nft))
    765. 

  765. $(eval $(call BuildPackage,xtables-legacy))
    766. 

  766. $(eval $(call BuildPackage,iptables-zz-legacy))
    767. 

  767. $(eval $(call BuildPackage,xtables-nft))
    768. 

  768. $(eval $(call BuildPackage,arptables-nft))
    769. 

  769. $(eval $(call BuildPackage,ebtables-nft))
    770. 

  770. $(eval $(call BuildPackage,iptables-nft))
    771. 

  771. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    772. 

  772. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    773. 

  773. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    774. 

  774. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    775. 

  775. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    776. 

  776. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    777. 

  777. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    778. 

  778. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    779. 

  779. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    780. 

  780. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    781. 

  781. $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
    782. 

  782. $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
    783. 

  783. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    784. 

  784. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    785. 

  785. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    786. 

  786. $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
    787. 

  787. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    788. 

  788. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    789. 

  789. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    790. 

  790. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    791. 

  791. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    792. 

  792. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    793. 

  793. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    794. 

  794. $(eval $(call BuildPackage,ip6tables-zz-legacy))
    795. 

  795. $(eval $(call BuildPackage,ip6tables-nft))
    796. 

  796. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    797. 

  797. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    798. 

  798.