Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
OpenWrt
/
openwrt
mirror de https://github.com/openwrt/openwrt.git
2
0
Fork 0
Ficheiros Problemas 0 Wiki
Árvore: 9300a20dcc
Ramos Etiquetas
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 20 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.8.8
    13. 

  13. PKG_RELEASE:=1
    14. 

  14. 

  15. PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
    16. 

  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
    17. 

  17. PKG_HASH:=71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f
    18. 

  18. 

  19. PKG_FIXUP:=autoreconf
    20. 

  20. PKG_FLAGS:=nonshared
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_PARALLEL:=1
    24. 

  24. PKG_LICENSE:=GPL-2.0
    25. 

  25. PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
    26. 

  26. 

  27. include $(INCLUDE_DIR)/package.mk
    28. 

  28. ifeq ($(DUMP),)
    29. 

  29.   -include $(LINUX_DIR)/.config
    30. 

  30.   include $(INCLUDE_DIR)/netfilter.mk
    31. 

  31.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
    32. 

  32. endif
    33. 

  33. 

  34. 

  35. define Package/iptables/Default
    36. 

  36.   SECTION:=net
    37. 

  37.   CATEGORY:=Network
    38. 

  38.   SUBMENU:=Firewall
    39. 

  39.   URL:=https://netfilter.org/
    40. 

  40. endef
    41. 

  41. 

  42. define Package/iptables/Module
    43. 

  43. $(call Package/iptables/Default)
    44. 

  44.   DEPENDS:=+libxtables $(1)
    45. 

  45. endef
    46. 

  46. 

  47. define Package/xtables-legacy
    48. 

  48. $(call Package/iptables/Default)
    49. 

  49.   TITLE:=IP firewall administration tool
    50. 

  50.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
    51. 

  51. endef
    52. 

  52. 

  53. define Package/iptables-zz-legacy
    54. 

  54. $(call Package/iptables/Default)
    55. 

  55.   TITLE:=IP firewall administration tool
    56. 

  56.   DEPENDS+= +xtables-legacy
    57. 

  57.   PROVIDES:=iptables iptables-legacy
    58. 

  58.   ALTERNATIVES:=\
    59. 

  59.     200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
    60. 

  60.     200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
    61. 

  61.     200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
    62. 

  62. endef
    63. 

  63. 

  64. define Package/iptables-zz-legacy/description
    65. 

  65. IP firewall administration tool.
    66. 

  66. 

  67.  Matches:
    68. 

  68.   - icmp
    69. 

  69.   - tcp
    70. 

  70.   - udp
    71. 

  71.   - comment
    72. 

  72.   - conntrack
    73. 

  73.   - limit
    74. 

  74.   - mac
    75. 

  75.   - mark
    76. 

  76.   - multiport
    77. 

  77.   - set
    78. 

  78.   - state
    79. 

  79.   - time
    80. 

  80. 

  81.  Targets:
    82. 

  82.   - ACCEPT
    83. 

  83.   - CT
    84. 

  84.   - DNAT
    85. 

  85.   - DROP
    86. 

  86.   - REJECT
    87. 

  87.   - FLOWOFFLOAD
    88. 

  88.   - LOG
    89. 

  89.   - MARK
    90. 

  90.   - MASQUERADE
    91. 

  91.   - REDIRECT
    92. 

  92.   - SET
    93. 

  93.   - SNAT
    94. 

  94.   - TCPMSS
    95. 

  95. 

  96.  Tables:
    97. 

  97.   - filter
    98. 

  98.   - mangle
    99. 

  99.   - nat
    100. 

  100.   - raw
    101. 

  101. 

  102. endef
    103. 

  103. 

  104. define Package/xtables-nft
    105. 

  105. $(call Package/iptables/Default)
    106. 

  106.   TITLE:=IP firewall administration tool nft
    107. 

  107.   DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
    108. 

  108. endef
    109. 

  109. 

  110. define Package/arptables-nft
    111. 

  111. $(call Package/iptables/Default)
    112. 

  112.   DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
    113. 

  113.   TITLE:=ARP firewall administration tool nft
    114. 

  114.   PROVIDES:=arptables
    115. 

  115.   ALTERNATIVES:=\
    116. 

  116.     300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \
    117. 

  117.     300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \
    118. 

  118.     300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi
    119. 

  119. endef
    120. 

  120. 

  121. define Package/ebtables-nft
    122. 

  122. $(call Package/iptables/Default)
    123. 

  123.   DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
    124. 

  124.   TITLE:=Bridge firewall administration tool nft
    125. 

  125.   PROVIDES:=ebtables
    126. 

  126.   ALTERNATIVES:=\
    127. 

  127.     300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \
    128. 

  128.     300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \
    129. 

  129.     300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi
    130. 

  130. endef
    131. 

  131. 

  132. define Package/iptables-nft
    133. 

  133. $(call Package/iptables/Default)
    134. 

  134.   TITLE:=IP firewall administration tool nft
    135. 

  135.   DEPENDS:=+kmod-ipt-core +xtables-nft
    136. 

  136.   PROVIDES:=iptables
    137. 

  137.   ALTERNATIVES:=\
    138. 

  138.     300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
    139. 

  139.     300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
    140. 

  140.     300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
    141. 

  141. endef
    142. 

  142. 

  143. define Package/iptables-nft/description
    144. 

  144. Extra iptables nftables nft binaries.
    145. 

  145.   iptables-nft
    146. 

  146.   iptables-nft-restore
    147. 

  147.   iptables-nft-save
    148. 

  148.   iptables-translate
    149. 

  149.   iptables-restore-translate
    150. 

  150. endef
    151. 

  151. 

  152. define Package/iptables-mod-conntrack-extra
    153. 

  153. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
    154. 

  154.   TITLE:=Extra connection tracking extensions
    155. 

  155. endef
    156. 

  156. 

  157. define Package/iptables-mod-conntrack-extra/description
    158. 

  158. Extra iptables extensions for connection tracking.
    159. 

  159. 

  160.  Matches:
    161. 

  161.   - connbytes
    162. 

  162.   - connlimit
    163. 

  163.   - connmark
    164. 

  164.   - recent
    165. 

  165.   - helper
    166. 

  166. 

  167.  Targets:
    168. 

  168.   - CONNMARK
    169. 

  169. 

  170. endef
    171. 

  171. 

  172. define Package/iptables-mod-conntrack-label
    173. 

  173. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    174. 

  174.   TITLE:=Connection tracking labeling extension
    175. 

  175.   DEFAULT:=y if IPTABLES_CONNLABEL
    176. 

  176. endef
    177. 

  177. 

  178. define Package/iptables-mod-conntrack-label/description
    179. 

  179. Match and set label(s) on connection tracking entries
    180. 

  180. 

  181.  Matches:
    182. 

  182.   - connlabel
    183. 

  183. 

  184. endef
    185. 

  185. 

  186. define Package/iptables-mod-filter
    187. 

  187. $(call Package/iptables/Module, +kmod-ipt-filter)
    188. 

  188.   TITLE:=Content inspection extensions
    189. 

  189. endef
    190. 

  190. 

  191. define Package/iptables-mod-filter/description
    192. 

  192. iptables extensions for packet content inspection.
    193. 

  193. Includes support for:
    194. 

  194. 

  195.  Matches:
    196. 

  196.   - string
    197. 

  197.   - bpf
    198. 

  198. 

  199. endef
    200. 

  200. 

  201. define Package/iptables-mod-ipopt
    202. 

  202. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    203. 

  203.   TITLE:=IP/Packet option extensions
    204. 

  204. endef
    205. 

  205. 

  206. define Package/iptables-mod-ipopt/description
    207. 

  207. iptables extensions for matching/changing IP packet options.
    208. 

  208. 

  209.  Matches:
    210. 

  210.   - dscp
    211. 

  211.   - ecn
    212. 

  212.   - length
    213. 

  213.   - statistic
    214. 

  214.   - tcpmss
    215. 

  215.   - unclean
    216. 

  216.   - hl
    217. 

  217. 

  218.  Targets:
    219. 

  219.   - DSCP
    220. 

  220.   - CLASSIFY
    221. 

  221.   - ECN
    222. 

  222.   - HL
    223. 

  223. 

  224. endef
    225. 

  225. 

  226. define Package/iptables-mod-ipsec
    227. 

  227. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    228. 

  228.   TITLE:=IPsec extensions
    229. 

  229. endef
    230. 

  230. 

  231. define Package/iptables-mod-ipsec/description
    232. 

  232. iptables extensions for matching ipsec traffic.
    233. 

  233. 

  234.  Matches:
    235. 

  235.   - ah
    236. 

  236.   - esp
    237. 

  237.   - policy
    238. 

  238. 

  239. endef
    240. 

  240. 

  241. define Package/iptables-mod-nat-extra
    242. 

  242. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    243. 

  243.   TITLE:=Extra NAT extensions
    244. 

  244. endef
    245. 

  245. 

  246. define Package/iptables-mod-nat-extra/description
    247. 

  247. iptables extensions for extra NAT targets.
    248. 

  248. 

  249.  Targets:
    250. 

  250.   - MIRROR
    251. 

  251.   - NETMAP
    252. 

  252. endef
    253. 

  253. 

  254. define Package/iptables-mod-nflog
    255. 

  255. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    256. 

  256.   TITLE:=Netfilter NFLOG target
    257. 

  257. endef
    258. 

  258. 

  259. define Package/iptables-mod-nflog/description
    260. 

  260.  iptables extension for user-space logging via NFNETLINK.
    261. 

  261. 

  262.  Includes:
    263. 

  263.   - libxt_NFLOG
    264. 

  264. 

  265. endef
    266. 

  266. 

  267. define Package/iptables-mod-trace
    268. 

  268. $(call Package/iptables/Module, +kmod-ipt-debug)
    269. 

  269.   TITLE:=Netfilter TRACE target
    270. 

  270. endef
    271. 

  271. 

  272. define Package/iptables-mod-trace/description
    273. 

  273.  iptables extension for TRACE target
    274. 

  274. 

  275.  Includes:
    276. 

  276.   - libxt_TRACE
    277. 

  277. 

  278. endef
    279. 

  279. 

  280. 

  281. define Package/iptables-mod-nfqueue
    282. 

  282. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    283. 

  283.   TITLE:=Netfilter NFQUEUE target
    284. 

  284. endef
    285. 

  285. 

  286. define Package/iptables-mod-nfqueue/description
    287. 

  287.  iptables extension for user-space queuing via NFNETLINK.
    288. 

  288. 

  289.  Includes:
    290. 

  290.   - libxt_NFQUEUE
    291. 

  291. 

  292. endef
    293. 

  293. 

  294. define Package/iptables-mod-hashlimit
    295. 

  295. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    296. 

  296.   TITLE:=hashlimit matching
    297. 

  297. endef
    298. 

  298. 

  299. define Package/iptables-mod-hashlimit/description
    300. 

  300. iptables extensions for hashlimit matching
    301. 

  301. 

  302.  Matches:
    303. 

  303.   - hashlimit
    304. 

  304. 

  305. endef
    306. 

  306. 

  307. define Package/iptables-mod-rpfilter
    308. 

  308. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    309. 

  309.   TITLE:=rpfilter iptables extension
    310. 

  310. endef
    311. 

  311. 

  312. define Package/iptables-mod-rpfilter/description
    313. 

  313. iptables extensions for reverse path filter test on a packet
    314. 

  314. 

  315.  Matches:
    316. 

  316.   - rpfilter
    317. 

  317. 

  318. endef
    319. 

  319. 

  320. define Package/iptables-mod-iprange
    321. 

  321. $(call Package/iptables/Module, +kmod-ipt-iprange)
    322. 

  322.   TITLE:=IP range extension
    323. 

  323. endef
    324. 

  324. 

  325. define Package/iptables-mod-iprange/description
    326. 

  326. iptables extensions for matching ip ranges.
    327. 

  327. 

  328.  Matches:
    329. 

  329.   - iprange
    330. 

  330. 

  331. endef
    332. 

  332. 

  333. define Package/iptables-mod-cluster
    334. 

  334. $(call Package/iptables/Module, +kmod-ipt-cluster)
    335. 

  335.   TITLE:=Match cluster extension
    336. 

  336. endef
    337. 

  337. 

  338. define Package/iptables-mod-cluster/description
    339. 

  339. iptables extensions for matching cluster.
    340. 

  340. 

  341.  Netfilter (IPv4/IPv6) module for matching cluster
    342. 

  342.  This option allows you to build work-load-sharing clusters of
    343. 

  343.  network servers/stateful firewalls without having a dedicated
    344. 

  344.  load-balancing router/server/switch. Basically, this match returns
    345. 

  345.  true when the packet must be handled by this cluster node. Thus,
    346. 

  346.  all nodes see all packets and this match decides which node handles
    347. 

  347.  what packets. The work-load sharing algorithm is based on source
    348. 

  348.  address hashing.
    349. 

  349. 

  350.  This module is usable for ipv4 and ipv6.
    351. 

  351. 

  352.  If you select it, it enables kmod-ipt-cluster.
    353. 

  353. 

  354.  see `iptables -m cluster --help` for more information.
    355. 

  355. endef
    356. 

  356. 

  357. define Package/iptables-mod-clusterip
    358. 

  358. $(call Package/iptables/Module, +kmod-ipt-clusterip)
    359. 

  359.   TITLE:=Clusterip extension
    360. 

  360. endef
    361. 

  361. 

  362. define Package/iptables-mod-clusterip/description
    363. 

  363. iptables extensions for CLUSTERIP.
    364. 

  364.  The CLUSTERIP target allows you to build load-balancing clusters of
    365. 

  365.  network servers without having a dedicated load-balancing
    366. 

  366.  router/server/switch.
    367. 

  367. 

  368.  If you select it, it enables kmod-ipt-clusterip.
    369. 

  369. 

  370.  see `iptables -j CLUSTERIP --help` for more information.
    371. 

  371. endef
    372. 

  372. 

  373. define Package/iptables-mod-extra
    374. 

  374. $(call Package/iptables/Module, +kmod-ipt-extra)
    375. 

  375.   TITLE:=Other extra iptables extensions
    376. 

  376. endef
    377. 

  377. 

  378. define Package/iptables-mod-extra/description
    379. 

  379. Other extra iptables extensions.
    380. 

  380. 

  381.  Matches:
    382. 

  382.   - addrtype
    383. 

  383.   - condition
    384. 

  384.   - owner
    385. 

  385.   - pkttype
    386. 

  386.   - quota
    387. 

  387. 

  388. endef
    389. 

  389. 

  390. define Package/iptables-mod-physdev
    391. 

  391. $(call Package/iptables/Module, +kmod-ipt-physdev)
    392. 

  392.   TITLE:=physdev iptables extension
    393. 

  393. endef
    394. 

  394. 

  395. define Package/iptables-mod-physdev/description
    396. 

  396. The iptables physdev match.
    397. 

  397. endef
    398. 

  398. 

  399. define Package/iptables-mod-led
    400. 

  400. $(call Package/iptables/Module, +kmod-ipt-led)
    401. 

  401.   TITLE:=LED trigger iptables extension
    402. 

  402. endef
    403. 

  403. 

  404. define Package/iptables-mod-led/description
    405. 

  405. iptables extension for triggering a LED.
    406. 

  406. 

  407.  Targets:
    408. 

  408.   - LED
    409. 

  409. 

  410. endef
    411. 

  411. 

  412. define Package/iptables-mod-socket
    413. 

  413. $(call Package/iptables/Module, +kmod-ipt-socket)
    414. 

  414.   TITLE:=Socket match iptables extensions
    415. 

  415. endef
    416. 

  416. 

  417. define Package/iptables-mod-socket/description
    418. 

  418. Socket match iptables extensions.
    419. 

  419. 

  420.  Matches:
    421. 

  421.   - socket
    422. 

  422. 

  423. endef
    424. 

  424. 

  425. define Package/iptables-mod-tproxy
    426. 

  426. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    427. 

  427.   TITLE:=Transparent proxy iptables extensions
    428. 

  428. endef
    429. 

  429. 

  430. define Package/iptables-mod-tproxy/description
    431. 

  431. Transparent proxy iptables extensions.
    432. 

  432. 

  433.  Targets:
    434. 

  434.   - TPROXY
    435. 

  435. 

  436. endef
    437. 

  437. 

  438. define Package/iptables-mod-tee
    439. 

  439. $(call Package/iptables/Module, +kmod-ipt-tee)
    440. 

  440.   TITLE:=TEE iptables extensions
    441. 

  441. endef
    442. 

  442. 

  443. define Package/iptables-mod-tee/description
    444. 

  444. TEE iptables extensions.
    445. 

  445. 

  446.  Targets:
    447. 

  447.   - TEE
    448. 

  448. 

  449. endef
    450. 

  450. 

  451. define Package/iptables-mod-u32
    452. 

  452. $(call Package/iptables/Module, +kmod-ipt-u32)
    453. 

  453.   TITLE:=U32 iptables extensions
    454. 

  454. endef
    455. 

  455. 

  456. define Package/iptables-mod-u32/description
    457. 

  457. U32 iptables extensions.
    458. 

  458. 

  459.  Matches:
    460. 

  460.   - u32
    461. 

  461. 

  462. endef
    463. 

  463. 

  464. define Package/iptables-mod-checksum
    465. 

  465. $(call Package/iptables/Module, +kmod-ipt-checksum)
    466. 

  466.   TITLE:=IP CHECKSUM target extension
    467. 

  467. endef
    468. 

  468. 

  469. define Package/iptables-mod-checksum/description
    470. 

  470. iptables extension for the CHECKSUM calculation target
    471. 

  471. endef
    472. 

  472. 

  473. define Package/ip6tables-zz-legacy
    474. 

  474. $(call Package/iptables/Default)
    475. 

  475.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
    476. 

  476.   CATEGORY:=Network
    477. 

  477.   TITLE:=IPv6 firewall administration tool
    478. 

  478.   PROVIDES:=ip6tables ip6tables-legacy
    479. 

  479.   ALTERNATIVES:=\
    480. 

  480.     200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
    481. 

  481.     200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
    482. 

  482.     200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
    483. 

  483. endef
    484. 

  484. 

  485. define Package/ip6tables-nft
    486. 

  486. $(call Package/iptables/Default)
    487. 

  487.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
    488. 

  488.   TITLE:=IP firewall administration tool nft
    489. 

  489.   PROVIDES:=ip6tables
    490. 

  490.   ALTERNATIVES:=\
    491. 

  491.     300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
    492. 

  492.     300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
    493. 

  493.     300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
    494. 

  494. endef
    495. 

  495. 

  496. define Package/ip6tables-nft/description
    497. 

  497. Extra ip6tables nftables nft binaries.
    498. 

  498.   ip6tables-nft
    499. 

  499.   ip6tables-nft-restore
    500. 

  500.   ip6tables-nft-save
    501. 

  501.   ip6tables-translate
    502. 

  502.   ip6tables-restore-translate
    503. 

  503. endef
    504. 

  504. 

  505. define Package/ip6tables-extra
    506. 

  506. $(call Package/iptables/Default)
    507. 

  507.   DEPENDS:=+libxtables +kmod-ip6tables-extra
    508. 

  508.   TITLE:=IPv6 header matching modules
    509. 

  509. endef
    510. 

  510. 

  511. define Package/ip6tables-extra/description
    512. 

  512. iptables header matching modules for IPv6
    513. 

  513. endef
    514. 

  514. 

  515. define Package/ip6tables-mod-nat
    516. 

  516. $(call Package/iptables/Default)
    517. 

  517.   DEPENDS:=+libxtables +kmod-ipt-nat6
    518. 

  518.   TITLE:=IPv6 NAT extensions
    519. 

  519. endef
    520. 

  520. 

  521. define Package/ip6tables-mod-nat/description
    522. 

  522. iptables extensions for IPv6-NAT targets.
    523. 

  523. endef
    524. 

  524. 

  525. define Package/libip4tc
    526. 

  526. $(call Package/iptables/Default)
    527. 

  527.   SECTION:=libs
    528. 

  528.   CATEGORY:=Libraries
    529. 

  529.   TITLE:=IPv4 firewall - shared libiptc library
    530. 

  530.   ABI_VERSION:=2
    531. 

  531. endef
    532. 

  532. 

  533. define Package/libip6tc
    534. 

  534. $(call Package/iptables/Default)
    535. 

  535.   SECTION:=libs
    536. 

  536.   CATEGORY:=Libraries
    537. 

  537.   TITLE:=IPv6 firewall - shared libiptc library
    538. 

  538.   ABI_VERSION:=2
    539. 

  539. endef
    540. 

  540. 

  541. define Package/libiptext
    542. 

  542.  $(call Package/iptables/Default)
    543. 

  543.  SECTION:=libs
    544. 

  544.  CATEGORY:=Libraries
    545. 

  545.  TITLE:=IPv4 firewall - shared libiptext library
    546. 

  546.  ABI_VERSION:=0
    547. 

  547.  DEPENDS:=+libxtables
    548. 

  548. endef
    549. 

  549. 

  550. define Package/libiptext6
    551. 

  551.  $(call Package/iptables/Default)
    552. 

  552.  SECTION:=libs
    553. 

  553.  CATEGORY:=Libraries
    554. 

  554.  TITLE:=IPv6 firewall - shared libiptext library
    555. 

  555.  ABI_VERSION:=0
    556. 

  556.  DEPENDS:=+libxtables
    557. 

  557. endef
    558. 

  558. 

  559. define Package/libiptext-nft
    560. 

  560.  $(call Package/iptables/Default)
    561. 

  561.  SECTION:=libs
    562. 

  562.  CATEGORY:=Libraries
    563. 

  563.  TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
    564. 

  564.  ABI_VERSION:=0
    565. 

  565.  DEPENDS:=+libxtables
    566. 

  566. endef
    567. 

  567. 

  568. define Package/libxtables
    569. 

  569.  $(call Package/iptables/Default)
    570. 

  570.  SECTION:=libs
    571. 

  571.  CATEGORY:=Libraries
    572. 

  572.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    573. 

  573.  MENU:=1
    574. 

  574.  ABI_VERSION:=12
    575. 

  575.  DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
    576. 

  576. endef
    577. 

  577. 

  578. define Package/libxtables/config
    579. 

  579.   config IPTABLES_CONNLABEL
    580. 

  580. 	bool "Enable Connlabel support"
    581. 

  581. 	default n
    582. 

  582. 	help
    583. 

  583. 		This enable connlabel support in iptables.
    584. 

  584. endef
    585. 

  585. 

  586. TARGET_CPPFLAGS := \
    587. 

  587. 	-I$(PKG_BUILD_DIR)/include \
    588. 

  588. 	-I$(LINUX_DIR)/user_headers/include \
    589. 

  589. 	$(TARGET_CPPFLAGS)
    590. 

  590. 

  591. TARGET_CFLAGS += \
    592. 

  592. 	-I$(PKG_BUILD_DIR)/include \
    593. 

  593. 	-I$(LINUX_DIR)/user_headers/include \
    594. 

  594. 	-ffunction-sections -fdata-sections \
    595. 

  595. 	-DNO_LEGACY
    596. 

  596. 

  597. TARGET_LDFLAGS += \
    598. 

  598. 	-Wl,--gc-sections
    599. 

  599. 

  600. CONFIGURE_ARGS += \
    601. 

  601. 	--enable-shared \
    602. 

  602. 	--enable-static \
    603. 

  603. 	--enable-devel \
    604. 

  604. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    605. 

  605. 	--with-xtlibdir=/usr/lib/iptables \
    606. 

  606. 	--with-xt-lock-name=/var/run/xtables.lock \
    607. 

  607. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    608. 

  608. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    609. 

  609. 

  610. MAKE_FLAGS := \
    611. 

  611. 	$(TARGET_CONFIGURE_OPTS) \
    612. 

  612. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    613. 

  613. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    614. 

  614. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    615. 

  615. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    616. 

  616. 

  617. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    618. 

  618.   define Build/Configure/rebuild
    619. 

  619. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    620. 

  620. 	rm -f $(PKG_BUILD_DIR)/.config_*
    621. 

  621. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    622. 

  622. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    623. 

  623.   endef
    624. 

  624. endif
    625. 

  625. 

  626. define Build/Configure
    627. 

  627. $(Build/Configure/rebuild)
    628. 

  628. $(Build/Configure/Default)
    629. 

  629. endef
    630. 

  630. 

  631. define Build/InstallDev
    632. 

  632. 	$(INSTALL_DIR) $(1)/usr/include
    633. 

  633. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    634. 

  634. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    635. 

  635. 

  636. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    637. 

  637. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    638. 

  638. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    639. 

  639. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    640. 

  640. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    641. 

  641. 

  642. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    643. 

  643. 	$(INSTALL_DIR) $(1)/usr/lib
    644. 

  644. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    645. 

  645. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    646. 

  646. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    647. 

  647. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    648. 

  648. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    649. 

  649. 

  650. 	# XXX: needed by firewall3
    651. 

  651. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    652. 

  652. endef
    653. 

  653. 

  654. define Package/xtables-legacy/install
    655. 

  655. 	$(INSTALL_DIR) $(1)/usr/sbin
    656. 

  656. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
    657. 

  657. endef
    658. 

  658. 

  659. define Package/iptables-zz-legacy/install
    660. 

  660. 	$(INSTALL_DIR) $(1)/usr/sbin
    661. 

  661. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
    662. 

  662. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    663. 

  663. endef
    664. 

  664. 

  665. define Package/xtables-nft/install
    666. 

  666. 	$(INSTALL_DIR) $(1)/usr/sbin
    667. 

  667. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
    668. 

  668. endef
    669. 

  669. 

  670. define Package/arptables-nft/install
    671. 

  671. 	$(INSTALL_DIR) $(1)/usr/sbin
    672. 

  672. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/
    673. 

  673. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    674. 

  674. 	$(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
    675. 

  675. endef
    676. 

  676. 

  677. define Package/ebtables-nft/install
    678. 

  678. 	$(INSTALL_DIR) $(1)/usr/sbin
    679. 

  679. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/
    680. 

  680. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    681. 

  681. 	$(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
    682. 

  682. endef
    683. 

  683. 

  684. define Package/iptables-nft/install
    685. 

  685. 	$(INSTALL_DIR) $(1)/usr/sbin
    686. 

  686. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
    687. 

  687. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
    688. 

  688. endef
    689. 

  689. 

  690. define Package/ip6tables-zz-legacy/install
    691. 

  691. 	$(INSTALL_DIR) $(1)/usr/sbin
    692. 

  692. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
    693. 

  693. endef
    694. 

  694. 

  695. define Package/ip6tables-nft/install
    696. 

  696. 	$(INSTALL_DIR) $(1)/usr/sbin
    697. 

  697. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
    698. 

  698. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
    699. 

  699. endef
    700. 

  700. 

  701. define Package/libip4tc/install
    702. 

  702. 	$(INSTALL_DIR) $(1)/usr/lib
    703. 

  703. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
    704. 

  704. endef
    705. 

  705. 

  706. define Package/libip6tc/install
    707. 

  707. 	$(INSTALL_DIR) $(1)/usr/lib
    708. 

  708. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
    709. 

  709. endef
    710. 

  710. 

  711. define Package/libiptext/install
    712. 

  712. 	$(INSTALL_DIR) $(1)/usr/lib
    713. 

  713. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    714. 

  714. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    715. 

  715. endef
    716. 

  716. 

  717. define Package/libiptext6/install
    718. 

  718. 	$(INSTALL_DIR) $(1)/usr/lib
    719. 

  719. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    720. 

  720. endef
    721. 

  721. 

  722. define Package/libiptext-nft/install
    723. 

  723. 	$(INSTALL_DIR) $(1)/usr/lib
    724. 

  724. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
    725. 

  725. endef
    726. 

  726. 

  727. define Package/libxtables/install
    728. 

  728. 	$(INSTALL_DIR) $(1)/usr/lib
    729. 

  729. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
    730. 

  730. endef
    731. 

  731. 

  732. define BuildPlugin
    733. 

  733.   define Package/$(1)/install
    734. 

  734. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    735. 

  735. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    736. 

  736. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    737. 

  737. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    738. 

  738. 		fi; \
    739. 

  739. 	done
    740. 

  740. 	$(3)
    741. 

  741.   endef
    742. 

  742. 

  743.   $$(eval $$(call BuildPackage,$(1)))
    744. 

  744. endef
    745. 

  745. 

  746. $(eval $(call BuildPackage,libxtables))
    747. 

  747. $(eval $(call BuildPackage,libip4tc))
    748. 

  748. $(eval $(call BuildPackage,libip6tc))
    749. 

  749. $(eval $(call BuildPackage,libiptext))
    750. 

  750. $(eval $(call BuildPackage,libiptext6))
    751. 

  751. $(eval $(call BuildPackage,libiptext-nft))
    752. 

  752. $(eval $(call BuildPackage,xtables-legacy))
    753. 

  753. $(eval $(call BuildPackage,xtables-nft))
    754. 

  754. $(eval $(call BuildPackage,arptables-nft))
    755. 

  755. $(eval $(call BuildPackage,ebtables-nft))
    756. 

  756. $(eval $(call BuildPackage,iptables-nft))
    757. 

  757. $(eval $(call BuildPackage,iptables-zz-legacy))
    758. 

  758. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    759. 

  759. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    760. 

  760. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    761. 

  761. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    762. 

  762. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    763. 

  763. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    764. 

  764. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    765. 

  765. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    766. 

  766. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    767. 

  767. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    768. 

  768. $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
    769. 

  769. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    770. 

  770. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    771. 

  771. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    772. 

  772. $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
    773. 

  773. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    774. 

  774. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    775. 

  775. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    776. 

  776. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    777. 

  777. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    778. 

  778. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    779. 

  779. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    780. 

  780. $(eval $(call BuildPackage,ip6tables-nft))
    781. 

  781. $(eval $(call BuildPackage,ip6tables-zz-legacy))
    782. 

  782. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    783. 

  783. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    784. 

  784.