Inicio Explorar Ayuda
Registro Iniciar sesión
OpenWrt
/
openwrt
espejo de https://github.com/openwrt/openwrt.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Árbol: b30ba14e2a
Ramas Etiquetas
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 14 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.6.1
    13. 

  13. PKG_RELEASE:=1
    14. 

  14. 

  15. PKG_SOURCE_PROTO:=git
    16. 

  16. PKG_SOURCE_URL:=https://git.netfilter.org/iptables
    17. 

  17. PKG_SOURCE_VERSION:=7df66f1c13563cfbab75246b009ce36f69ee4487
    18. 

  18. PKG_MIRROR_HASH:=22f15ef41fd8e3724bedcee666b7b6a3491d2d038d580ef1fb032718dcb73f14
    19. 

  19. 

  20. PKG_FIXUP:=autoreconf
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_PARALLEL:=1
    24. 

  24. PKG_LICENSE:=GPL-2.0
    25. 

  25. 

  26. include $(INCLUDE_DIR)/package.mk
    27. 

  27. ifeq ($(DUMP),)
    28. 

  28.   -include $(LINUX_DIR)/.config
    29. 

  29.   include $(INCLUDE_DIR)/netfilter.mk
    30. 

  30.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
    31. 

  31. endif
    32. 

  32. 

  33. 

  34. define Package/iptables/Default
    35. 

  35.   SECTION:=net
    36. 

  36.   CATEGORY:=Network
    37. 

  37.   SUBMENU:=Firewall
    38. 

  38.   URL:=http://netfilter.org/
    39. 

  39. endef
    40. 

  40. 

  41. define Package/iptables/Module
    42. 

  42. $(call Package/iptables/Default)
    43. 

  43.   DEPENDS:=iptables $(1)
    44. 

  44. endef
    45. 

  45. 

  46. define Package/iptables
    47. 

  47. $(call Package/iptables/Default)
    48. 

  48.   TITLE:=IP firewall administration tool
    49. 

  49.   MENU:=1
    50. 

  50.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
    51. 

  51. endef
    52. 

  52. 

  53. define Package/iptables/config
    54. 

  54.   config IPTABLES_CONNLABEL
    55. 

  55. 	bool "Enable Connlabel support"
    56. 

  56. 	default n
    57. 

  57. 	help
    58. 

  58. 		This enable connlabel support in iptables.
    59. 

  59. 

  60.   config IPTABLES_NFTABLES
    61. 

  61. 	bool "Enable Nftables support"
    62. 

  62. 	default n
    63. 

  63. 	help
    64. 

  64. 		This enable nftables support in iptables.
    65. 

  65. endef
    66. 

  66. 

  67. define Package/iptables/description
    68. 

  68. IP firewall administration tool.
    69. 

  69. 

  70.  Matches:
    71. 

  71.   - icmp
    72. 

  72.   - tcp
    73. 

  73.   - udp
    74. 

  74.   - comment
    75. 

  75.   - conntrack
    76. 

  76.   - limit
    77. 

  77.   - mac
    78. 

  78.   - mark
    79. 

  79.   - multiport
    80. 

  80.   - set
    81. 

  81.   - state
    82. 

  82.   - time
    83. 

  83. 

  84.  Targets:
    85. 

  85.   - ACCEPT
    86. 

  86.   - CT
    87. 

  87.   - DNAT
    88. 

  88.   - DROP
    89. 

  89.   - REJECT
    90. 

  90.   - LOG
    91. 

  91.   - MARK
    92. 

  92.   - MASQUERADE
    93. 

  93.   - REDIRECT
    94. 

  94.   - SET
    95. 

  95.   - SNAT
    96. 

  96.   - TCPMSS
    97. 

  97. 

  98.  Tables:
    99. 

  99.   - filter
    100. 

  100.   - mangle
    101. 

  101.   - nat
    102. 

  102.   - raw
    103. 

  103. 

  104. endef
    105. 

  105. 

  106. define Package/iptables-mod-conntrack-extra
    107. 

  107. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
    108. 

  108.   TITLE:=Extra connection tracking extensions
    109. 

  109. endef
    110. 

  110. 

  111. define Package/iptables-mod-conntrack-extra/description
    112. 

  112. Extra iptables extensions for connection tracking.
    113. 

  113. 

  114.  Matches:
    115. 

  115.   - connbytes
    116. 

  116.   - connlimit
    117. 

  117.   - connmark
    118. 

  118.   - recent
    119. 

  119.   - helper
    120. 

  120. 

  121.  Targets:
    122. 

  122.   - CONNMARK
    123. 

  123. 

  124. endef
    125. 

  125. 

  126. define Package/iptables-mod-filter
    127. 

  127. $(call Package/iptables/Module, +kmod-ipt-filter)
    128. 

  128.   TITLE:=Content inspection extensions
    129. 

  129. endef
    130. 

  130. 

  131. define Package/iptables-mod-filter/description
    132. 

  132. iptables extensions for packet content inspection.
    133. 

  133. Includes support for:
    134. 

  134. 

  135.  Matches:
    136. 

  136.   - string
    137. 

  137. 

  138. endef
    139. 

  139. 

  140. define Package/iptables-mod-ipopt
    141. 

  141. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    142. 

  142.   TITLE:=IP/Packet option extensions
    143. 

  143. endef
    144. 

  144. 

  145. define Package/iptables-mod-ipopt/description
    146. 

  146. iptables extensions for matching/changing IP packet options.
    147. 

  147. 

  148.  Matches:
    149. 

  149.   - dscp
    150. 

  150.   - ecn
    151. 

  151.   - length
    152. 

  152.   - statistic
    153. 

  153.   - tcpmss
    154. 

  154.   - unclean
    155. 

  155.   - hl
    156. 

  156. 

  157.  Targets:
    158. 

  158.   - DSCP
    159. 

  159.   - CLASSIFY
    160. 

  160.   - ECN
    161. 

  161.   - HL
    162. 

  162. 

  163. endef
    164. 

  164. 

  165. define Package/iptables-mod-ipsec
    166. 

  166. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    167. 

  167.   TITLE:=IPsec extensions
    168. 

  168. endef
    169. 

  169. 

  170. define Package/iptables-mod-ipsec/description
    171. 

  171. iptables extensions for matching ipsec traffic.
    172. 

  172. 

  173.  Matches:
    174. 

  174.   - ah
    175. 

  175.   - esp
    176. 

  176.   - policy
    177. 

  177. 

  178. endef
    179. 

  179. 

  180. define Package/iptables-mod-nat-extra
    181. 

  181. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    182. 

  182.   TITLE:=Extra NAT extensions
    183. 

  183. endef
    184. 

  184. 

  185. define Package/iptables-mod-nat-extra/description
    186. 

  186. iptables extensions for extra NAT targets.
    187. 

  187. 

  188.  Targets:
    189. 

  189.   - MIRROR
    190. 

  190.   - NETMAP
    191. 

  191. endef
    192. 

  192. 

  193. define Package/iptables-mod-ulog
    194. 

  194. $(call Package/iptables/Module, +kmod-ipt-ulog)
    195. 

  195.   TITLE:=user-space packet logging
    196. 

  196. endef
    197. 

  197. 

  198. define Package/iptables-mod-ulog/description
    199. 

  199. iptables extensions for user-space packet logging.
    200. 

  200. 

  201.  Targets:
    202. 

  202.   - ULOG
    203. 

  203. 

  204. endef
    205. 

  205. 

  206. define Package/iptables-mod-nflog
    207. 

  207. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    208. 

  208.   TITLE:=Netfilter NFLOG target
    209. 

  209. endef
    210. 

  210. 

  211. define Package/iptables-mod-nflog/description
    212. 

  212.  iptables extension for user-space logging via NFNETLINK.
    213. 

  213. 

  214.  Includes:
    215. 

  215.   - libxt_NFLOG
    216. 

  216. 

  217. endef
    218. 

  218. 

  219. define Package/iptables-mod-nfqueue
    220. 

  220. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    221. 

  221.   TITLE:=Netfilter NFQUEUE target
    222. 

  222. endef
    223. 

  223. 

  224. define Package/iptables-mod-nfqueue/description
    225. 

  225.  iptables extension for user-space queuing via NFNETLINK.
    226. 

  226. 

  227.  Includes:
    228. 

  228.   - libxt_NFQUEUE
    229. 

  229. 

  230. endef
    231. 

  231. 

  232. define Package/iptables-mod-hashlimit
    233. 

  233. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    234. 

  234.   TITLE:=hashlimit matching
    235. 

  235. endef
    236. 

  236. 

  237. define Package/iptables-mod-hashlimit/description
    238. 

  238. iptables extensions for hashlimit matching
    239. 

  239. 

  240.  Matches:
    241. 

  241.   - hashlimit
    242. 

  242. 

  243. endef
    244. 

  244. 

  245. define Package/iptables-mod-rpfilter
    246. 

  246. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    247. 

  247.   TITLE:=rpfilter iptables extension
    248. 

  248. endef
    249. 

  249. 

  250. define Package/iptables-mod-rpfilter/description
    251. 

  251. iptables extensions for reverse path filter test on a packet
    252. 

  252. 

  253.  Matches:
    254. 

  254.   - rpfilter
    255. 

  255. 

  256. endef
    257. 

  257. 

  258. define Package/iptables-mod-iprange
    259. 

  259. $(call Package/iptables/Module, +kmod-ipt-iprange)
    260. 

  260.   TITLE:=IP range extension
    261. 

  261. endef
    262. 

  262. 

  263. define Package/iptables-mod-iprange/description
    264. 

  264. iptables extensions for matching ip ranges.
    265. 

  265. 

  266.  Matches:
    267. 

  267.   - iprange
    268. 

  268. 

  269. endef
    270. 

  270. 

  271. define Package/iptables-mod-cluster
    272. 

  272. $(call Package/iptables/Module, +kmod-ipt-cluster)
    273. 

  273.   TITLE:=Match cluster extension
    274. 

  274. endef
    275. 

  275. 

  276. define Package/iptables-mod-cluster/description
    277. 

  277. iptables extensions for matching cluster.
    278. 

  278. 

  279.  Netfilter (IPv4/IPv6) module for matching cluster
    280. 

  280.  This option allows you to build work-load-sharing clusters of
    281. 

  281.  network servers/stateful firewalls without having a dedicated
    282. 

  282.  load-balancing router/server/switch. Basically, this match returns
    283. 

  283.  true when the packet must be handled by this cluster node. Thus,
    284. 

  284.  all nodes see all packets and this match decides which node handles
    285. 

  285.  what packets. The work-load sharing algorithm is based on source
    286. 

  286.  address hashing.
    287. 

  287. 

  288.  This module is usable for ipv4 and ipv6.
    289. 

  289. 

  290.  If you select it, it enables kmod-ipt-cluster.
    291. 

  291. 

  292.  see `iptables -m cluster --help` for more information.
    293. 

  293. endef
    294. 

  294. 

  295. define Package/iptables-mod-clusterip
    296. 

  296. $(call Package/iptables/Module, +kmod-ipt-clusterip)
    297. 

  297.   TITLE:=Clusterip extension
    298. 

  298. endef
    299. 

  299. 

  300. define Package/iptables-mod-clusterip/description
    301. 

  301. iptables extensions for CLUSTERIP.
    302. 

  302.  The CLUSTERIP target allows you to build load-balancing clusters of
    303. 

  303.  network servers without having a dedicated load-balancing
    304. 

  304.  router/server/switch.
    305. 

  305. 

  306.  If you select it, it enables kmod-ipt-clusterip.
    307. 

  307. 

  308.  see `iptables -j CLUSTERIP --help` for more information.
    309. 

  309. endef
    310. 

  310. 

  311. define Package/iptables-mod-extra
    312. 

  312. $(call Package/iptables/Module, +kmod-ipt-extra)
    313. 

  313.   TITLE:=Other extra iptables extensions
    314. 

  314. endef
    315. 

  315. 

  316. define Package/iptables-mod-extra/description
    317. 

  317. Other extra iptables extensions.
    318. 

  318. 

  319.  Matches:
    320. 

  320.   - addrtype
    321. 

  321.   - condition
    322. 

  322.   - owner
    323. 

  323.   - physdev (if ebtables is enabled)
    324. 

  324.   - pkttype
    325. 

  325.   - quota
    326. 

  326. 

  327. endef
    328. 

  328. 

  329. define Package/iptables-mod-led
    330. 

  330. $(call Package/iptables/Module, +kmod-ipt-led)
    331. 

  331.   TITLE:=LED trigger iptables extension
    332. 

  332. endef
    333. 

  333. 

  334. define Package/iptables-mod-led/description
    335. 

  335. iptables extension for triggering a LED.
    336. 

  336. 

  337.  Targets:
    338. 

  338.   - LED
    339. 

  339. 

  340. endef
    341. 

  341. 

  342. define Package/iptables-mod-tproxy
    343. 

  343. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    344. 

  344.   TITLE:=Transparent proxy iptables extensions
    345. 

  345. endef
    346. 

  346. 

  347. define Package/iptables-mod-tproxy/description
    348. 

  348. Transparent proxy iptables extensions.
    349. 

  349. 

  350.  Matches:
    351. 

  351.   - socket
    352. 

  352. 

  353.  Targets:
    354. 

  354.   - TPROXY
    355. 

  355. 

  356. endef
    357. 

  357. 

  358. define Package/iptables-mod-tee
    359. 

  359. $(call Package/iptables/Module, +kmod-ipt-tee)
    360. 

  360.   TITLE:=TEE iptables extensions
    361. 

  361. endef
    362. 

  362. 

  363. define Package/iptables-mod-tee/description
    364. 

  364. TEE iptables extensions.
    365. 

  365. 

  366.  Targets:
    367. 

  367.   - TEE
    368. 

  368. 

  369. endef
    370. 

  370. 

  371. define Package/iptables-mod-u32
    372. 

  372. $(call Package/iptables/Module, +kmod-ipt-u32)
    373. 

  373.   TITLE:=U32 iptables extensions
    374. 

  374. endef
    375. 

  375. 

  376. define Package/iptables-mod-u32/description
    377. 

  377. U32 iptables extensions.
    378. 

  378. 

  379.  Matches:
    380. 

  380.   - u32
    381. 

  381. 

  382. endef
    383. 

  383. 

  384. define Package/ip6tables
    385. 

  385. $(call Package/iptables/Default)
    386. 

  386.   DEPENDS:=@IPV6 +kmod-ip6tables +iptables
    387. 

  387.   CATEGORY:=Network
    388. 

  388.   TITLE:=IPv6 firewall administration tool
    389. 

  389.   MENU:=1
    390. 

  390. endef
    391. 

  391. 

  392. 

  393. define Package/ip6tables-extra
    394. 

  394. $(call Package/iptables/Default)
    395. 

  395.   DEPENDS:=ip6tables +kmod-ip6tables-extra
    396. 

  396.   TITLE:=IPv6 header matching modules
    397. 

  397. endef
    398. 

  398. 

  399. define Package/ip6tables-mod-extra/description
    400. 

  400. iptables header matching modules for IPv6
    401. 

  401. endef
    402. 

  402. 

  403. define Package/ip6tables-mod-nat
    404. 

  404. $(call Package/iptables/Default)
    405. 

  405.   DEPENDS:=ip6tables +kmod-ipt-nat6
    406. 

  406.   TITLE:=IPv6 NAT extensions
    407. 

  407. endef
    408. 

  408. 

  409. define Package/ip6tables-mod-nat/description
    410. 

  410. iptables extensions for IPv6-NAT targets.
    411. 

  411. endef
    412. 

  412. 

  413. define Package/libiptc
    414. 

  414. $(call Package/iptables/Default)
    415. 

  415.   SECTION:=libs
    416. 

  416.   CATEGORY:=Libraries
    417. 

  417.   DEPENDS:=+libip4tc +libip6tc +libxtables
    418. 

  418.   ABI_VERSION:=$(PKG_VERSION)
    419. 

  419.   TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
    420. 

  420. endef
    421. 

  421. 

  422. define Package/libip4tc
    423. 

  423. $(call Package/iptables/Default)
    424. 

  424.   SECTION:=libs
    425. 

  425.   CATEGORY:=Libraries
    426. 

  426.   TITLE:=IPv4 firewall - shared libiptc library
    427. 

  427.   ABI_VERSION:=$(PKG_VERSION)
    428. 

  428.   DEPENDS:=+libxtables
    429. 

  429. endef
    430. 

  430. 

  431. define Package/libip6tc
    432. 

  432. $(call Package/iptables/Default)
    433. 

  433.   SECTION:=libs
    434. 

  434.   CATEGORY:=Libraries
    435. 

  435.   TITLE:=IPv6 firewall - shared libiptc library
    436. 

  436.   ABI_VERSION:=$(PKG_VERSION)
    437. 

  437.   DEPENDS:=+libxtables
    438. 

  438. endef
    439. 

  439. 

  440. define Package/libxtables
    441. 

  441.  $(call Package/iptables/Default)
    442. 

  442.  SECTION:=libs
    443. 

  443.  CATEGORY:=Libraries
    444. 

  444.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    445. 

  445.  ABI_VERSION:=$(PKG_VERSION)
    446. 

  446.  DEPENDS:= \
    447. 

  447. 	+IPTABLES_CONNLABEL:libnetfilter-conntrack \
    448. 

  448. 	+IPTABLES_NFTABLES:libnftnl
    449. 

  449. endef
    450. 

  450. 

  451. TARGET_CPPFLAGS := \
    452. 

  452. 	-I$(PKG_BUILD_DIR)/include \
    453. 

  453. 	-I$(LINUX_DIR)/user_headers/include \
    454. 

  454. 	$(TARGET_CPPFLAGS)
    455. 

  455. 

  456. TARGET_CFLAGS += \
    457. 

  457. 	-I$(PKG_BUILD_DIR)/include \
    458. 

  458. 	-I$(LINUX_DIR)/user_headers/include \
    459. 

  459. 	-ffunction-sections -fdata-sections \
    460. 

  460. 	-DNO_LEGACY
    461. 

  461. 

  462. TARGET_LDFLAGS += \
    463. 

  463. 	-Wl,--gc-sections
    464. 

  464. 

  465. CONFIGURE_ARGS += \
    466. 

  466. 	--enable-shared \
    467. 

  467. 	--enable-static \
    468. 

  468. 	--enable-devel \
    469. 

  469. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    470. 

  470. 	--with-xtlibdir=/usr/lib/iptables \
    471. 

  471. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    472. 

  472. 	$(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
    473. 

  473. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    474. 

  474. 

  475. MAKE_FLAGS := \
    476. 

  476. 	$(TARGET_CONFIGURE_OPTS) \
    477. 

  477. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    478. 

  478. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    479. 

  479. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    480. 

  480. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    481. 

  481. 

  482. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    483. 

  483.   define Build/Configure/rebuild
    484. 

  484. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    485. 

  485. 	rm -f $(PKG_BUILD_DIR)/.config_*
    486. 

  486. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    487. 

  487. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    488. 

  488.   endef
    489. 

  489. endif
    490. 

  490. 

  491. define Build/Configure
    492. 

  492. $(Build/Configure/rebuild)
    493. 

  493. $(Build/Configure/Default)
    494. 

  494. endef
    495. 

  495. 

  496. define Build/InstallDev
    497. 

  497. 	$(INSTALL_DIR) $(1)/usr/include
    498. 

  498. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    499. 

  499. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    500. 

  500. 

  501. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    502. 

  502. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    503. 

  503. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    504. 

  504. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    505. 

  505. 	$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
    506. 

  506. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    507. 

  507. 

  508. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    509. 

  509. 	$(INSTALL_DIR) $(1)/usr/lib
    510. 

  510. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    511. 

  511. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    512. 

  512. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    513. 

  513. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    514. 

  514. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    515. 

  515. 

  516. 	# XXX: needed by firewall3
    517. 

  517. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    518. 

  518. endef
    519. 

  519. 

  520. define Package/iptables/install
    521. 

  521. 	$(INSTALL_DIR) $(1)/usr/sbin
    522. 

  522. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
    523. 

  523. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
    524. 

  524. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    525. 

  525. endef
    526. 

  526. 

  527. define Package/ip6tables/install
    528. 

  528. 	$(INSTALL_DIR) $(1)/usr/sbin
    529. 

  529. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
    530. 

  530. endef
    531. 

  531. 

  532. define Package/libiptc/install
    533. 

  533. 	$(INSTALL_DIR) $(1)/usr/lib
    534. 

  534. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
    535. 

  535. endef
    536. 

  536. 

  537. define Package/libip4tc/install
    538. 

  538. 	$(INSTALL_DIR) $(1)/usr/lib
    539. 

  539. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
    540. 

  540. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    541. 

  541. endef
    542. 

  542. 

  543. define Package/libip6tc/install
    544. 

  544. 	$(INSTALL_DIR) $(1)/usr/lib
    545. 

  545. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
    546. 

  546. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    547. 

  547. endef
    548. 

  548. 

  549. define Package/libxtables/install
    550. 

  550. 	$(INSTALL_DIR) $(1)/usr/lib
    551. 

  551. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    552. 

  552. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    553. 

  553. endef
    554. 

  554. 

  555. define BuildPlugin
    556. 

  556.   define Package/$(1)/install
    557. 

  557. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    558. 

  558. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    559. 

  559. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    560. 

  560. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    561. 

  561. 		fi; \
    562. 

  562. 	done
    563. 

  563. 	$(3)
    564. 

  564.   endef
    565. 

  565. 

  566.   $$(eval $$(call BuildPackage,$(1)))
    567. 

  567. endef
    568. 

  568. 

  569. $(eval $(call BuildPackage,iptables))
    570. 

  570. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    571. 

  571. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    572. 

  572. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    573. 

  573. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    574. 

  574. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    575. 

  575. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    576. 

  576. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    577. 

  577. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    578. 

  578. $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
    579. 

  579. $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
    580. 

  580. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    581. 

  581. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    582. 

  582. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    583. 

  583. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    584. 

  584. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    585. 

  585. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    586. 

  586. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    587. 

  587. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    588. 

  588. $(eval $(call BuildPackage,ip6tables))
    589. 

  589. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    590. 

  590. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    591. 

  591. $(eval $(call BuildPackage,libiptc))
    592. 

  592. $(eval $(call BuildPackage,libip4tc))
    593. 

  593. $(eval $(call BuildPackage,libip6tc))
    594. 

  594. $(eval $(call BuildPackage,libxtables))
    595.