Home Explore Help
Register Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: b993b68b6c
Branches Tags
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 17 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.8.7
    13. 

  13. PKG_RELEASE:=1
    14. 

  14. 

  15. PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
    16. 

  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
    17. 

  17. PKG_HASH:=c109c96bb04998cd44156622d36f8e04b140701ec60531a10668cfdff5e8d8f0
    18. 

  18. 

  19. PKG_FIXUP:=autoreconf
    20. 

  20. PKG_FLAGS:=nonshared
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_PARALLEL:=1
    24. 

  24. PKG_LICENSE:=GPL-2.0
    25. 

  25. PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
    26. 

  26. 

  27. include $(INCLUDE_DIR)/package.mk
    28. 

  28. ifeq ($(DUMP),)
    29. 

  29.   -include $(LINUX_DIR)/.config
    30. 

  30.   include $(INCLUDE_DIR)/netfilter.mk
    31. 

  31.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
    32. 

  32. endif
    33. 

  33. 

  34. 

  35. define Package/iptables/Default
    36. 

  36.   SECTION:=net
    37. 

  37.   CATEGORY:=Network
    38. 

  38.   SUBMENU:=Firewall
    39. 

  39.   URL:=https://netfilter.org/
    40. 

  40. endef
    41. 

  41. 

  42. define Package/iptables/Module
    43. 

  43. $(call Package/iptables/Default)
    44. 

  44.   DEPENDS:=iptables $(1)
    45. 

  45. endef
    46. 

  46. 

  47. define Package/iptables
    48. 

  48. $(call Package/iptables/Default)
    49. 

  49.   TITLE:=IP firewall administration tool
    50. 

  50.   MENU:=1
    51. 

  51.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
    52. 

  52. endef
    53. 

  53. 

  54. define Package/iptables/config
    55. 

  55.   config IPTABLES_CONNLABEL
    56. 

  56. 	bool "Enable Connlabel support"
    57. 

  57. 	default n
    58. 

  58. 	help
    59. 

  59. 		This enable connlabel support in iptables.
    60. 

  60. 

  61.   config IPTABLES_NFTABLES
    62. 

  62. 	bool "Enable Nftables support"
    63. 

  63. 	default n
    64. 

  64. 	help
    65. 

  65. 		This enable nftables support in iptables.
    66. 

  66. endef
    67. 

  67. 

  68. define Package/iptables/description
    69. 

  69. IP firewall administration tool.
    70. 

  70. 

  71.  Matches:
    72. 

  72.   - icmp
    73. 

  73.   - tcp
    74. 

  74.   - udp
    75. 

  75.   - comment
    76. 

  76.   - conntrack
    77. 

  77.   - limit
    78. 

  78.   - mac
    79. 

  79.   - mark
    80. 

  80.   - multiport
    81. 

  81.   - set
    82. 

  82.   - state
    83. 

  83.   - time
    84. 

  84. 

  85.  Targets:
    86. 

  86.   - ACCEPT
    87. 

  87.   - CT
    88. 

  88.   - DNAT
    89. 

  89.   - DROP
    90. 

  90.   - REJECT
    91. 

  91.   - FLOWOFFLOAD
    92. 

  92.   - LOG
    93. 

  93.   - MARK
    94. 

  94.   - MASQUERADE
    95. 

  95.   - REDIRECT
    96. 

  96.   - SET
    97. 

  97.   - SNAT
    98. 

  98.   - TCPMSS
    99. 

  99. 

  100.  Tables:
    101. 

  101.   - filter
    102. 

  102.   - mangle
    103. 

  103.   - nat
    104. 

  104.   - raw
    105. 

  105. 

  106. endef
    107. 

  107. 

  108. define Package/iptables-nft
    109. 

  109. $(call Package/iptables/Default)
    110. 

  110.   TITLE:=IP firewall administration tool nft
    111. 

  111.   DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-nft
    112. 

  112. endef
    113. 

  113. 

  114. define Package/iptables-nft/description
    115. 

  115. Extra iptables nftables nft binaries.
    116. 

  116.   iptables-nft
    117. 

  117.   iptables-nft-restore
    118. 

  118.   iptables-nft-save
    119. 

  119.   iptables-translate
    120. 

  120.   iptables-restore-translate
    121. 

  121. endef
    122. 

  122. 

  123. define Package/iptables-mod-conntrack-extra
    124. 

  124. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
    125. 

  125.   TITLE:=Extra connection tracking extensions
    126. 

  126. endef
    127. 

  127. 

  128. define Package/iptables-mod-conntrack-extra/description
    129. 

  129. Extra iptables extensions for connection tracking.
    130. 

  130. 

  131.  Matches:
    132. 

  132.   - connbytes
    133. 

  133.   - connlimit
    134. 

  134.   - connmark
    135. 

  135.   - recent
    136. 

  136.   - helper
    137. 

  137. 

  138.  Targets:
    139. 

  139.   - CONNMARK
    140. 

  140. 

  141. endef
    142. 

  142. 

  143. define Package/iptables-mod-conntrack-label
    144. 

  144. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    145. 

  145.   TITLE:=Connection tracking labeling extension
    146. 

  146.   DEFAULT:=y if IPTABLES_CONNLABEL
    147. 

  147. endef
    148. 

  148. 

  149. define Package/iptables-mod-conntrack-label/description
    150. 

  150. Match and set label(s) on connection tracking entries
    151. 

  151. 

  152.  Matches:
    153. 

  153.   - connlabel
    154. 

  154. 

  155. endef
    156. 

  156. 

  157. define Package/iptables-mod-filter
    158. 

  158. $(call Package/iptables/Module, +kmod-ipt-filter)
    159. 

  159.   TITLE:=Content inspection extensions
    160. 

  160. endef
    161. 

  161. 

  162. define Package/iptables-mod-filter/description
    163. 

  163. iptables extensions for packet content inspection.
    164. 

  164. Includes support for:
    165. 

  165. 

  166.  Matches:
    167. 

  167.   - string
    168. 

  168.   - bpf
    169. 

  169. 

  170. endef
    171. 

  171. 

  172. define Package/iptables-mod-ipopt
    173. 

  173. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    174. 

  174.   TITLE:=IP/Packet option extensions
    175. 

  175. endef
    176. 

  176. 

  177. define Package/iptables-mod-ipopt/description
    178. 

  178. iptables extensions for matching/changing IP packet options.
    179. 

  179. 

  180.  Matches:
    181. 

  181.   - dscp
    182. 

  182.   - ecn
    183. 

  183.   - length
    184. 

  184.   - statistic
    185. 

  185.   - tcpmss
    186. 

  186.   - unclean
    187. 

  187.   - hl
    188. 

  188. 

  189.  Targets:
    190. 

  190.   - DSCP
    191. 

  191.   - CLASSIFY
    192. 

  192.   - ECN
    193. 

  193.   - HL
    194. 

  194. 

  195. endef
    196. 

  196. 

  197. define Package/iptables-mod-ipsec
    198. 

  198. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    199. 

  199.   TITLE:=IPsec extensions
    200. 

  200. endef
    201. 

  201. 

  202. define Package/iptables-mod-ipsec/description
    203. 

  203. iptables extensions for matching ipsec traffic.
    204. 

  204. 

  205.  Matches:
    206. 

  206.   - ah
    207. 

  207.   - esp
    208. 

  208.   - policy
    209. 

  209. 

  210. endef
    211. 

  211. 

  212. define Package/iptables-mod-nat-extra
    213. 

  213. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    214. 

  214.   TITLE:=Extra NAT extensions
    215. 

  215. endef
    216. 

  216. 

  217. define Package/iptables-mod-nat-extra/description
    218. 

  218. iptables extensions for extra NAT targets.
    219. 

  219. 

  220.  Targets:
    221. 

  221.   - MIRROR
    222. 

  222.   - NETMAP
    223. 

  223. endef
    224. 

  224. 

  225. define Package/iptables-mod-ulog
    226. 

  226. $(call Package/iptables/Module, +kmod-ipt-ulog)
    227. 

  227.   TITLE:=user-space packet logging
    228. 

  228. endef
    229. 

  229. 

  230. define Package/iptables-mod-ulog/description
    231. 

  231. iptables extensions for user-space packet logging.
    232. 

  232. 

  233.  Targets:
    234. 

  234.   - ULOG
    235. 

  235. 

  236. endef
    237. 

  237. 

  238. define Package/iptables-mod-nflog
    239. 

  239. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    240. 

  240.   TITLE:=Netfilter NFLOG target
    241. 

  241. endef
    242. 

  242. 

  243. define Package/iptables-mod-nflog/description
    244. 

  244.  iptables extension for user-space logging via NFNETLINK.
    245. 

  245. 

  246.  Includes:
    247. 

  247.   - libxt_NFLOG
    248. 

  248. 

  249. endef
    250. 

  250. 

  251. define Package/iptables-mod-trace
    252. 

  252. $(call Package/iptables/Module, +kmod-ipt-debug)
    253. 

  253.   TITLE:=Netfilter TRACE target
    254. 

  254. endef
    255. 

  255. 

  256. define Package/iptables-mod-trace/description
    257. 

  257.  iptables extension for TRACE target
    258. 

  258. 

  259.  Includes:
    260. 

  260.   - libxt_TRACE
    261. 

  261. 

  262. endef
    263. 

  263. 

  264. 

  265. define Package/iptables-mod-nfqueue
    266. 

  266. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    267. 

  267.   TITLE:=Netfilter NFQUEUE target
    268. 

  268. endef
    269. 

  269. 

  270. define Package/iptables-mod-nfqueue/description
    271. 

  271.  iptables extension for user-space queuing via NFNETLINK.
    272. 

  272. 

  273.  Includes:
    274. 

  274.   - libxt_NFQUEUE
    275. 

  275. 

  276. endef
    277. 

  277. 

  278. define Package/iptables-mod-hashlimit
    279. 

  279. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    280. 

  280.   TITLE:=hashlimit matching
    281. 

  281. endef
    282. 

  282. 

  283. define Package/iptables-mod-hashlimit/description
    284. 

  284. iptables extensions for hashlimit matching
    285. 

  285. 

  286.  Matches:
    287. 

  287.   - hashlimit
    288. 

  288. 

  289. endef
    290. 

  290. 

  291. define Package/iptables-mod-rpfilter
    292. 

  292. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    293. 

  293.   TITLE:=rpfilter iptables extension
    294. 

  294. endef
    295. 

  295. 

  296. define Package/iptables-mod-rpfilter/description
    297. 

  297. iptables extensions for reverse path filter test on a packet
    298. 

  298. 

  299.  Matches:
    300. 

  300.   - rpfilter
    301. 

  301. 

  302. endef
    303. 

  303. 

  304. define Package/iptables-mod-iprange
    305. 

  305. $(call Package/iptables/Module, +kmod-ipt-iprange)
    306. 

  306.   TITLE:=IP range extension
    307. 

  307. endef
    308. 

  308. 

  309. define Package/iptables-mod-iprange/description
    310. 

  310. iptables extensions for matching ip ranges.
    311. 

  311. 

  312.  Matches:
    313. 

  313.   - iprange
    314. 

  314. 

  315. endef
    316. 

  316. 

  317. define Package/iptables-mod-cluster
    318. 

  318. $(call Package/iptables/Module, +kmod-ipt-cluster)
    319. 

  319.   TITLE:=Match cluster extension
    320. 

  320. endef
    321. 

  321. 

  322. define Package/iptables-mod-cluster/description
    323. 

  323. iptables extensions for matching cluster.
    324. 

  324. 

  325.  Netfilter (IPv4/IPv6) module for matching cluster
    326. 

  326.  This option allows you to build work-load-sharing clusters of
    327. 

  327.  network servers/stateful firewalls without having a dedicated
    328. 

  328.  load-balancing router/server/switch. Basically, this match returns
    329. 

  329.  true when the packet must be handled by this cluster node. Thus,
    330. 

  330.  all nodes see all packets and this match decides which node handles
    331. 

  331.  what packets. The work-load sharing algorithm is based on source
    332. 

  332.  address hashing.
    333. 

  333. 

  334.  This module is usable for ipv4 and ipv6.
    335. 

  335. 

  336.  If you select it, it enables kmod-ipt-cluster.
    337. 

  337. 

  338.  see `iptables -m cluster --help` for more information.
    339. 

  339. endef
    340. 

  340. 

  341. define Package/iptables-mod-clusterip
    342. 

  342. $(call Package/iptables/Module, +kmod-ipt-clusterip)
    343. 

  343.   TITLE:=Clusterip extension
    344. 

  344. endef
    345. 

  345. 

  346. define Package/iptables-mod-clusterip/description
    347. 

  347. iptables extensions for CLUSTERIP.
    348. 

  348.  The CLUSTERIP target allows you to build load-balancing clusters of
    349. 

  349.  network servers without having a dedicated load-balancing
    350. 

  350.  router/server/switch.
    351. 

  351. 

  352.  If you select it, it enables kmod-ipt-clusterip.
    353. 

  353. 

  354.  see `iptables -j CLUSTERIP --help` for more information.
    355. 

  355. endef
    356. 

  356. 

  357. define Package/iptables-mod-extra
    358. 

  358. $(call Package/iptables/Module, +kmod-ipt-extra)
    359. 

  359.   TITLE:=Other extra iptables extensions
    360. 

  360. endef
    361. 

  361. 

  362. define Package/iptables-mod-extra/description
    363. 

  363. Other extra iptables extensions.
    364. 

  364. 

  365.  Matches:
    366. 

  366.   - addrtype
    367. 

  367.   - condition
    368. 

  368.   - owner
    369. 

  369.   - pkttype
    370. 

  370.   - quota
    371. 

  371. 

  372. endef
    373. 

  373. 

  374. define Package/iptables-mod-physdev
    375. 

  375. $(call Package/iptables/Module, +kmod-ipt-physdev)
    376. 

  376.   TITLE:=physdev iptables extension
    377. 

  377. endef
    378. 

  378. 

  379. define Package/iptables-mod-physdev/description
    380. 

  380. The iptables physdev match.
    381. 

  381. endef
    382. 

  382. 

  383. define Package/iptables-mod-led
    384. 

  384. $(call Package/iptables/Module, +kmod-ipt-led)
    385. 

  385.   TITLE:=LED trigger iptables extension
    386. 

  386. endef
    387. 

  387. 

  388. define Package/iptables-mod-led/description
    389. 

  389. iptables extension for triggering a LED.
    390. 

  390. 

  391.  Targets:
    392. 

  392.   - LED
    393. 

  393. 

  394. endef
    395. 

  395. 

  396. define Package/iptables-mod-tproxy
    397. 

  397. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    398. 

  398.   TITLE:=Transparent proxy iptables extensions
    399. 

  399. endef
    400. 

  400. 

  401. define Package/iptables-mod-tproxy/description
    402. 

  402. Transparent proxy iptables extensions.
    403. 

  403. 

  404.  Matches:
    405. 

  405.   - socket
    406. 

  406. 

  407.  Targets:
    408. 

  408.   - TPROXY
    409. 

  409. 

  410. endef
    411. 

  411. 

  412. define Package/iptables-mod-tee
    413. 

  413. $(call Package/iptables/Module, +kmod-ipt-tee)
    414. 

  414.   TITLE:=TEE iptables extensions
    415. 

  415. endef
    416. 

  416. 

  417. define Package/iptables-mod-tee/description
    418. 

  418. TEE iptables extensions.
    419. 

  419. 

  420.  Targets:
    421. 

  421.   - TEE
    422. 

  422. 

  423. endef
    424. 

  424. 

  425. define Package/iptables-mod-u32
    426. 

  426. $(call Package/iptables/Module, +kmod-ipt-u32)
    427. 

  427.   TITLE:=U32 iptables extensions
    428. 

  428. endef
    429. 

  429. 

  430. define Package/iptables-mod-u32/description
    431. 

  431. U32 iptables extensions.
    432. 

  432. 

  433.  Matches:
    434. 

  434.   - u32
    435. 

  435. 

  436. endef
    437. 

  437. 

  438. define Package/iptables-mod-checksum
    439. 

  439. $(call Package/iptables/Module, +kmod-ipt-checksum)
    440. 

  440.   TITLE:=IP CHECKSUM target extension
    441. 

  441. endef
    442. 

  442. 

  443. define Package/iptables-mod-checksum/description
    444. 

  444. iptables extension for the CHECKSUM calculation target
    445. 

  445. endef
    446. 

  446. 

  447. define Package/ip6tables
    448. 

  448. $(call Package/iptables/Default)
    449. 

  449.   DEPENDS:=@IPV6 +kmod-ip6tables +iptables
    450. 

  450.   CATEGORY:=Network
    451. 

  451.   TITLE:=IPv6 firewall administration tool
    452. 

  452.   MENU:=1
    453. 

  453. endef
    454. 

  454. 

  455. define Package/ip6tables-nft
    456. 

  456. $(call Package/iptables/Default)
    457. 

  457.   DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-nft
    458. 

  458.   TITLE:=IP firewall administration tool nft
    459. 

  459. endef
    460. 

  460. 

  461. define Package/ip6tables-nft/description
    462. 

  462. Extra ip6tables nftables nft binaries.
    463. 

  463.   iptables-nft
    464. 

  464.   iptables-nft-restore
    465. 

  465.   iptables-nft-save
    466. 

  466.   iptables-translate
    467. 

  467.   iptables-restore-translate
    468. 

  468. endef
    469. 

  469. 

  470. define Package/ip6tables-extra
    471. 

  471. $(call Package/iptables/Default)
    472. 

  472.   DEPENDS:=ip6tables +kmod-ip6tables-extra
    473. 

  473.   TITLE:=IPv6 header matching modules
    474. 

  474. endef
    475. 

  475. 

  476. define Package/ip6tables-mod-extra/description
    477. 

  477. iptables header matching modules for IPv6
    478. 

  478. endef
    479. 

  479. 

  480. define Package/ip6tables-mod-nat
    481. 

  481. $(call Package/iptables/Default)
    482. 

  482.   DEPENDS:=ip6tables +kmod-ipt-nat6
    483. 

  483.   TITLE:=IPv6 NAT extensions
    484. 

  484. endef
    485. 

  485. 

  486. define Package/ip6tables-mod-nat/description
    487. 

  487. iptables extensions for IPv6-NAT targets.
    488. 

  488. endef
    489. 

  489. 

  490. define Package/libip4tc
    491. 

  491. $(call Package/iptables/Default)
    492. 

  492.   SECTION:=libs
    493. 

  493.   CATEGORY:=Libraries
    494. 

  494.   TITLE:=IPv4 firewall - shared libiptc library
    495. 

  495.   ABI_VERSION:=2
    496. 

  496.   DEPENDS:=+libxtables
    497. 

  497. endef
    498. 

  498. 

  499. define Package/libip6tc
    500. 

  500. $(call Package/iptables/Default)
    501. 

  501.   SECTION:=libs
    502. 

  502.   CATEGORY:=Libraries
    503. 

  503.   TITLE:=IPv6 firewall - shared libiptc library
    504. 

  504.   ABI_VERSION:=2
    505. 

  505.   DEPENDS:=+libxtables
    506. 

  506. endef
    507. 

  507. 

  508. define Package/libxtables
    509. 

  509.  $(call Package/iptables/Default)
    510. 

  510.  SECTION:=libs
    511. 

  511.  CATEGORY:=Libraries
    512. 

  512.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    513. 

  513.  ABI_VERSION:=12
    514. 

  514.  DEPENDS:= \
    515. 

  515. 	+IPTABLES_CONNLABEL:libnetfilter-conntrack \
    516. 

  516. 	+IPTABLES_NFTABLES:libnftnl
    517. 

  517. endef
    518. 

  518. 

  519. define Package/libxtables-nft
    520. 

  520.  $(call Package/iptables/Default)
    521. 

  521.  SECTION:=libs
    522. 

  522.  CATEGORY:=Libraries
    523. 

  523.  TITLE:=IPv4/IPv6 firewall - shared xtables nft library
    524. 

  524.  ABI_VERSION:=12
    525. 

  525.  DEPENDS:=libxtables
    526. 

  526. endef
    527. 

  527. 

  528. TARGET_CPPFLAGS := \
    529. 

  529. 	-I$(PKG_BUILD_DIR)/include \
    530. 

  530. 	-I$(LINUX_DIR)/user_headers/include \
    531. 

  531. 	$(TARGET_CPPFLAGS)
    532. 

  532. 

  533. TARGET_CFLAGS += \
    534. 

  534. 	-I$(PKG_BUILD_DIR)/include \
    535. 

  535. 	-I$(LINUX_DIR)/user_headers/include \
    536. 

  536. 	-ffunction-sections -fdata-sections \
    537. 

  537. 	-DNO_LEGACY
    538. 

  538. 

  539. TARGET_LDFLAGS += \
    540. 

  540. 	-Wl,--gc-sections
    541. 

  541. 

  542. CONFIGURE_ARGS += \
    543. 

  543. 	--enable-shared \
    544. 

  544. 	--enable-static \
    545. 

  545. 	--enable-devel \
    546. 

  546. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    547. 

  547. 	--with-xtlibdir=/usr/lib/iptables \
    548. 

  548. 	--with-xt-lock-name=/var/run/xtables.lock \
    549. 

  549. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    550. 

  550. 	$(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
    551. 

  551. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    552. 

  552. 

  553. MAKE_FLAGS := \
    554. 

  554. 	$(TARGET_CONFIGURE_OPTS) \
    555. 

  555. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    556. 

  556. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    557. 

  557. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    558. 

  558. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    559. 

  559. 

  560. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    561. 

  561.   define Build/Configure/rebuild
    562. 

  562. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    563. 

  563. 	rm -f $(PKG_BUILD_DIR)/.config_*
    564. 

  564. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    565. 

  565. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    566. 

  566.   endef
    567. 

  567. endif
    568. 

  568. 

  569. define Build/Configure
    570. 

  570. $(Build/Configure/rebuild)
    571. 

  571. $(Build/Configure/Default)
    572. 

  572. endef
    573. 

  573. 

  574. define Build/InstallDev
    575. 

  575. 	$(INSTALL_DIR) $(1)/usr/include
    576. 

  576. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    577. 

  577. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    578. 

  578. 

  579. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    580. 

  580. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    581. 

  581. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    582. 

  582. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    583. 

  583. 	$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
    584. 

  584. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    585. 

  585. 

  586. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    587. 

  587. 	$(INSTALL_DIR) $(1)/usr/lib
    588. 

  588. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    589. 

  589. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    590. 

  590. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    591. 

  591. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    592. 

  592. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    593. 

  593. 

  594. 	# XXX: needed by firewall3
    595. 

  595. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    596. 

  596. endef
    597. 

  597. 

  598. define Package/iptables/install
    599. 

  599. 	$(INSTALL_DIR) $(1)/usr/sbin
    600. 

  600. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
    601. 

  601. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
    602. 

  602. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    603. 

  603. endef
    604. 

  604. 

  605. define Package/iptables-nft/install
    606. 

  606. 	$(INSTALL_DIR) $(1)/usr/sbin
    607. 

  607. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
    608. 

  608. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
    609. 

  609. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
    610. 

  610. endef
    611. 

  611. 

  612. define Package/ip6tables/install
    613. 

  613. 	$(INSTALL_DIR) $(1)/usr/sbin
    614. 

  614. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
    615. 

  615. endef
    616. 

  616. 

  617. define Package/ip6tables-nft/install
    618. 

  618. 	$(INSTALL_DIR) $(1)/usr/sbin
    619. 

  619. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
    620. 

  620. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
    621. 

  621. endef
    622. 

  622. 

  623. define Package/libip4tc/install
    624. 

  624. 	$(INSTALL_DIR) $(1)/usr/lib
    625. 

  625. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
    626. 

  626. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    627. 

  627. endef
    628. 

  628. 

  629. define Package/libip6tc/install
    630. 

  630. 	$(INSTALL_DIR) $(1)/usr/lib
    631. 

  631. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
    632. 

  632. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    633. 

  633. endef
    634. 

  634. 

  635. define Package/libxtables/install
    636. 

  636. 	$(INSTALL_DIR) $(1)/usr/lib
    637. 

  637. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
    638. 

  638. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    639. 

  639. endef
    640. 

  640. 

  641. define Package/libxtables-nft/install
    642. 

  642. 	$(INSTALL_DIR) $(1)/usr/lib
    643. 

  643. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
    644. 

  644. endef
    645. 

  645. 

  646. define BuildPlugin
    647. 

  647.   define Package/$(1)/install
    648. 

  648. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    649. 

  649. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    650. 

  650. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    651. 

  651. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    652. 

  652. 		fi; \
    653. 

  653. 	done
    654. 

  654. 	$(3)
    655. 

  655.   endef
    656. 

  656. 

  657.   $$(eval $$(call BuildPackage,$(1)))
    658. 

  658. endef
    659. 

  659. 

  660. $(eval $(call BuildPackage,libxtables))
    661. 

  661. $(eval $(call BuildPackage,libxtables-nft))
    662. 

  662. $(eval $(call BuildPackage,libip4tc))
    663. 

  663. $(eval $(call BuildPackage,libip6tc))
    664. 

  664. $(eval $(call BuildPackage,iptables))
    665. 

  665. $(eval $(call BuildPackage,iptables-nft))
    666. 

  666. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    667. 

  667. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    668. 

  668. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    669. 

  669. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    670. 

  670. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    671. 

  671. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    672. 

  672. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    673. 

  673. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    674. 

  674. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    675. 

  675. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    676. 

  676. $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
    677. 

  677. $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
    678. 

  678. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    679. 

  679. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    680. 

  680. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    681. 

  681. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    682. 

  682. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    683. 

  683. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    684. 

  684. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    685. 

  685. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    686. 

  686. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    687. 

  687. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    688. 

  688. $(eval $(call BuildPackage,ip6tables))
    689. 

  689. $(eval $(call BuildPackage,ip6tables-nft))
    690. 

  690. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    691. 

  691. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    692. 

  692.