Home Explore Help
Sign In
OpenWrt
/
openwrt
mirror of https://github.com/openwrt/openwrt.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: ebe1216c7c
Branches Tags
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 16 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.6.2
    13. 

  13. PKG_RELEASE:=2
    14. 

  14. 

  15. PKG_SOURCE_PROTO:=git
    16. 

  16. PKG_SOURCE_URL:=https://git.netfilter.org/iptables
    17. 

  17. PKG_SOURCE_VERSION:=c16bdec15137b241586310d0e61bc88cc3726004
    18. 

  18. PKG_MIRROR_HASH:=72e4bec94a56dd600097846c773e1074ff705e38f800ef221db646c064371a53
    19. 

  19. 

  20. PKG_FIXUP:=autoreconf
    21. 

  21. PKG_FLAGS:=nonshared
    22. 

  22. 

  23. PKG_INSTALL:=1
    24. 

  24. PKG_BUILD_PARALLEL:=1
    25. 

  25. PKG_LICENSE:=GPL-2.0
    26. 

  26. PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
    27. 

  27. 

  28. include $(INCLUDE_DIR)/package.mk
    29. 

  29. ifeq ($(DUMP),)
    30. 

  30.   -include $(LINUX_DIR)/.config
    31. 

  31.   include $(INCLUDE_DIR)/netfilter.mk
    32. 

  32.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
    33. 

  33. endif
    34. 

  34. 

  35. 

  36. define Package/iptables/Default
    37. 

  37.   SECTION:=net
    38. 

  38.   CATEGORY:=Network
    39. 

  39.   SUBMENU:=Firewall
    40. 

  40.   URL:=http://netfilter.org/
    41. 

  41. endef
    42. 

  42. 

  43. define Package/iptables/Module
    44. 

  44. $(call Package/iptables/Default)
    45. 

  45.   DEPENDS:=iptables $(1)
    46. 

  46. endef
    47. 

  47. 

  48. define Package/iptables
    49. 

  49. $(call Package/iptables/Default)
    50. 

  50.   TITLE:=IP firewall administration tool
    51. 

  51.   MENU:=1
    52. 

  52.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
    53. 

  53. endef
    54. 

  54. 

  55. define Package/iptables/config
    56. 

  56.   config IPTABLES_CONNLABEL
    57. 

  57. 	bool "Enable Connlabel support"
    58. 

  58. 	default n
    59. 

  59. 	help
    60. 

  60. 		This enable connlabel support in iptables.
    61. 

  61. 

  62.   config IPTABLES_NFTABLES
    63. 

  63. 	bool "Enable Nftables support"
    64. 

  64. 	default n
    65. 

  65. 	help
    66. 

  66. 		This enable nftables support in iptables.
    67. 

  67. endef
    68. 

  68. 

  69. define Package/iptables/description
    70. 

  70. IP firewall administration tool.
    71. 

  71. 

  72.  Matches:
    73. 

  73.   - icmp
    74. 

  74.   - tcp
    75. 

  75.   - udp
    76. 

  76.   - comment
    77. 

  77.   - conntrack
    78. 

  78.   - limit
    79. 

  79.   - mac
    80. 

  80.   - mark
    81. 

  81.   - multiport
    82. 

  82.   - set
    83. 

  83.   - state
    84. 

  84.   - time
    85. 

  85. 

  86.  Targets:
    87. 

  87.   - ACCEPT
    88. 

  88.   - CT
    89. 

  89.   - DNAT
    90. 

  90.   - DROP
    91. 

  91.   - REJECT
    92. 

  92.   - FLOWOFFLOAD
    93. 

  93.   - LOG
    94. 

  94.   - MARK
    95. 

  95.   - MASQUERADE
    96. 

  96.   - REDIRECT
    97. 

  97.   - SET
    98. 

  98.   - SNAT
    99. 

  99.   - TCPMSS
    100. 

  100. 

  101.  Tables:
    102. 

  102.   - filter
    103. 

  103.   - mangle
    104. 

  104.   - nat
    105. 

  105.   - raw
    106. 

  106. 

  107. endef
    108. 

  108. 

  109. define Package/iptables-mod-conntrack-extra
    110. 

  110. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
    111. 

  111.   TITLE:=Extra connection tracking extensions
    112. 

  112. endef
    113. 

  113. 

  114. define Package/iptables-mod-conntrack-extra/description
    115. 

  115. Extra iptables extensions for connection tracking.
    116. 

  116. 

  117.  Matches:
    118. 

  118.   - connbytes
    119. 

  119.   - connlimit
    120. 

  120.   - connmark
    121. 

  121.   - recent
    122. 

  122.   - helper
    123. 

  123. 

  124.  Targets:
    125. 

  125.   - CONNMARK
    126. 

  126. 

  127. endef
    128. 

  128. 

  129. define Package/iptables-mod-conntrack-label
    130. 

  130. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    131. 

  131.   TITLE:=Connection tracking labeling extension
    132. 

  132.   DEFAULT:=y if IPTABLES_CONNLABEL
    133. 

  133. endef
    134. 

  134. 

  135. define Package/iptables-mod-conntrack-label/description
    136. 

  136. Match and set label(s) on connection tracking entries
    137. 

  137. 

  138.  Matches:
    139. 

  139.   - connlabel
    140. 

  140. 

  141. endef
    142. 

  142. 

  143. define Package/iptables-mod-filter
    144. 

  144. $(call Package/iptables/Module, +kmod-ipt-filter)
    145. 

  145.   TITLE:=Content inspection extensions
    146. 

  146. endef
    147. 

  147. 

  148. define Package/iptables-mod-filter/description
    149. 

  149. iptables extensions for packet content inspection.
    150. 

  150. Includes support for:
    151. 

  151. 

  152.  Matches:
    153. 

  153.   - string
    154. 

  154. 

  155. endef
    156. 

  156. 

  157. define Package/iptables-mod-ipopt
    158. 

  158. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    159. 

  159.   TITLE:=IP/Packet option extensions
    160. 

  160. endef
    161. 

  161. 

  162. define Package/iptables-mod-ipopt/description
    163. 

  163. iptables extensions for matching/changing IP packet options.
    164. 

  164. 

  165.  Matches:
    166. 

  166.   - dscp
    167. 

  167.   - ecn
    168. 

  168.   - length
    169. 

  169.   - statistic
    170. 

  170.   - tcpmss
    171. 

  171.   - unclean
    172. 

  172.   - hl
    173. 

  173. 

  174.  Targets:
    175. 

  175.   - DSCP
    176. 

  176.   - CLASSIFY
    177. 

  177.   - ECN
    178. 

  178.   - HL
    179. 

  179. 

  180. endef
    181. 

  181. 

  182. define Package/iptables-mod-ipsec
    183. 

  183. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    184. 

  184.   TITLE:=IPsec extensions
    185. 

  185. endef
    186. 

  186. 

  187. define Package/iptables-mod-ipsec/description
    188. 

  188. iptables extensions for matching ipsec traffic.
    189. 

  189. 

  190.  Matches:
    191. 

  191.   - ah
    192. 

  192.   - esp
    193. 

  193.   - policy
    194. 

  194. 

  195. endef
    196. 

  196. 

  197. define Package/iptables-mod-nat-extra
    198. 

  198. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    199. 

  199.   TITLE:=Extra NAT extensions
    200. 

  200. endef
    201. 

  201. 

  202. define Package/iptables-mod-nat-extra/description
    203. 

  203. iptables extensions for extra NAT targets.
    204. 

  204. 

  205.  Targets:
    206. 

  206.   - MIRROR
    207. 

  207.   - NETMAP
    208. 

  208. endef
    209. 

  209. 

  210. define Package/iptables-mod-ulog
    211. 

  211. $(call Package/iptables/Module, +kmod-ipt-ulog)
    212. 

  212.   TITLE:=user-space packet logging
    213. 

  213. endef
    214. 

  214. 

  215. define Package/iptables-mod-ulog/description
    216. 

  216. iptables extensions for user-space packet logging.
    217. 

  217. 

  218.  Targets:
    219. 

  219.   - ULOG
    220. 

  220. 

  221. endef
    222. 

  222. 

  223. define Package/iptables-mod-nflog
    224. 

  224. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    225. 

  225.   TITLE:=Netfilter NFLOG target
    226. 

  226. endef
    227. 

  227. 

  228. define Package/iptables-mod-nflog/description
    229. 

  229.  iptables extension for user-space logging via NFNETLINK.
    230. 

  230. 

  231.  Includes:
    232. 

  232.   - libxt_NFLOG
    233. 

  233. 

  234. endef
    235. 

  235. 

  236. define Package/iptables-mod-trace
    237. 

  237. $(call Package/iptables/Module, +kmod-ipt-debug)
    238. 

  238.   TITLE:=Netfilter TRACE target
    239. 

  239. endef
    240. 

  240. 

  241. define Package/iptables-mod-trace/description
    242. 

  242.  iptables extension for TRACE target
    243. 

  243. 

  244.  Includes:
    245. 

  245.   - libxt_TRACE
    246. 

  246. 

  247. endef
    248. 

  248. 

  249. 

  250. define Package/iptables-mod-nfqueue
    251. 

  251. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    252. 

  252.   TITLE:=Netfilter NFQUEUE target
    253. 

  253. endef
    254. 

  254. 

  255. define Package/iptables-mod-nfqueue/description
    256. 

  256.  iptables extension for user-space queuing via NFNETLINK.
    257. 

  257. 

  258.  Includes:
    259. 

  259.   - libxt_NFQUEUE
    260. 

  260. 

  261. endef
    262. 

  262. 

  263. define Package/iptables-mod-hashlimit
    264. 

  264. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    265. 

  265.   TITLE:=hashlimit matching
    266. 

  266. endef
    267. 

  267. 

  268. define Package/iptables-mod-hashlimit/description
    269. 

  269. iptables extensions for hashlimit matching
    270. 

  270. 

  271.  Matches:
    272. 

  272.   - hashlimit
    273. 

  273. 

  274. endef
    275. 

  275. 

  276. define Package/iptables-mod-rpfilter
    277. 

  277. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    278. 

  278.   TITLE:=rpfilter iptables extension
    279. 

  279. endef
    280. 

  280. 

  281. define Package/iptables-mod-rpfilter/description
    282. 

  282. iptables extensions for reverse path filter test on a packet
    283. 

  283. 

  284.  Matches:
    285. 

  285.   - rpfilter
    286. 

  286. 

  287. endef
    288. 

  288. 

  289. define Package/iptables-mod-iprange
    290. 

  290. $(call Package/iptables/Module, +kmod-ipt-iprange)
    291. 

  291.   TITLE:=IP range extension
    292. 

  292. endef
    293. 

  293. 

  294. define Package/iptables-mod-iprange/description
    295. 

  295. iptables extensions for matching ip ranges.
    296. 

  296. 

  297.  Matches:
    298. 

  298.   - iprange
    299. 

  299. 

  300. endef
    301. 

  301. 

  302. define Package/iptables-mod-cluster
    303. 

  303. $(call Package/iptables/Module, +kmod-ipt-cluster)
    304. 

  304.   TITLE:=Match cluster extension
    305. 

  305. endef
    306. 

  306. 

  307. define Package/iptables-mod-cluster/description
    308. 

  308. iptables extensions for matching cluster.
    309. 

  309. 

  310.  Netfilter (IPv4/IPv6) module for matching cluster
    311. 

  311.  This option allows you to build work-load-sharing clusters of
    312. 

  312.  network servers/stateful firewalls without having a dedicated
    313. 

  313.  load-balancing router/server/switch. Basically, this match returns
    314. 

  314.  true when the packet must be handled by this cluster node. Thus,
    315. 

  315.  all nodes see all packets and this match decides which node handles
    316. 

  316.  what packets. The work-load sharing algorithm is based on source
    317. 

  317.  address hashing.
    318. 

  318. 

  319.  This module is usable for ipv4 and ipv6.
    320. 

  320. 

  321.  If you select it, it enables kmod-ipt-cluster.
    322. 

  322. 

  323.  see `iptables -m cluster --help` for more information.
    324. 

  324. endef
    325. 

  325. 

  326. define Package/iptables-mod-clusterip
    327. 

  327. $(call Package/iptables/Module, +kmod-ipt-clusterip)
    328. 

  328.   TITLE:=Clusterip extension
    329. 

  329. endef
    330. 

  330. 

  331. define Package/iptables-mod-clusterip/description
    332. 

  332. iptables extensions for CLUSTERIP.
    333. 

  333.  The CLUSTERIP target allows you to build load-balancing clusters of
    334. 

  334.  network servers without having a dedicated load-balancing
    335. 

  335.  router/server/switch.
    336. 

  336. 

  337.  If you select it, it enables kmod-ipt-clusterip.
    338. 

  338. 

  339.  see `iptables -j CLUSTERIP --help` for more information.
    340. 

  340. endef
    341. 

  341. 

  342. define Package/iptables-mod-extra
    343. 

  343. $(call Package/iptables/Module, +kmod-ipt-extra)
    344. 

  344.   TITLE:=Other extra iptables extensions
    345. 

  345. endef
    346. 

  346. 

  347. define Package/iptables-mod-extra/description
    348. 

  348. Other extra iptables extensions.
    349. 

  349. 

  350.  Matches:
    351. 

  351.   - addrtype
    352. 

  352.   - condition
    353. 

  353.   - owner
    354. 

  354.   - pkttype
    355. 

  355.   - quota
    356. 

  356. 

  357. endef
    358. 

  358. 

  359. define Package/iptables-mod-physdev
    360. 

  360. $(call Package/iptables/Module, +kmod-ipt-physdev)
    361. 

  361.   TITLE:=physdev iptables extension
    362. 

  362. endef
    363. 

  363. 

  364. define Package/iptables-mod-physdev/description
    365. 

  365. The iptables physdev match.
    366. 

  366. endef
    367. 

  367. 

  368. define Package/iptables-mod-led
    369. 

  369. $(call Package/iptables/Module, +kmod-ipt-led)
    370. 

  370.   TITLE:=LED trigger iptables extension
    371. 

  371. endef
    372. 

  372. 

  373. define Package/iptables-mod-led/description
    374. 

  374. iptables extension for triggering a LED.
    375. 

  375. 

  376.  Targets:
    377. 

  377.   - LED
    378. 

  378. 

  379. endef
    380. 

  380. 

  381. define Package/iptables-mod-tproxy
    382. 

  382. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    383. 

  383.   TITLE:=Transparent proxy iptables extensions
    384. 

  384. endef
    385. 

  385. 

  386. define Package/iptables-mod-tproxy/description
    387. 

  387. Transparent proxy iptables extensions.
    388. 

  388. 

  389.  Matches:
    390. 

  390.   - socket
    391. 

  391. 

  392.  Targets:
    393. 

  393.   - TPROXY
    394. 

  394. 

  395. endef
    396. 

  396. 

  397. define Package/iptables-mod-tee
    398. 

  398. $(call Package/iptables/Module, +kmod-ipt-tee)
    399. 

  399.   TITLE:=TEE iptables extensions
    400. 

  400. endef
    401. 

  401. 

  402. define Package/iptables-mod-tee/description
    403. 

  403. TEE iptables extensions.
    404. 

  404. 

  405.  Targets:
    406. 

  406.   - TEE
    407. 

  407. 

  408. endef
    409. 

  409. 

  410. define Package/iptables-mod-u32
    411. 

  411. $(call Package/iptables/Module, +kmod-ipt-u32)
    412. 

  412.   TITLE:=U32 iptables extensions
    413. 

  413. endef
    414. 

  414. 

  415. define Package/iptables-mod-u32/description
    416. 

  416. U32 iptables extensions.
    417. 

  417. 

  418.  Matches:
    419. 

  419.   - u32
    420. 

  420. 

  421. endef
    422. 

  422. 

  423. define Package/iptables-mod-checksum
    424. 

  424. $(call Package/iptables/Module, +kmod-ipt-checksum)
    425. 

  425.   TITLE:=IP CHECKSUM target extension
    426. 

  426. endef
    427. 

  427. 

  428. define Package/iptables-mod-checksum/description
    429. 

  429. iptables extension for the CHECKSUM calculation target
    430. 

  430. endef
    431. 

  431. 

  432. define Package/ip6tables
    433. 

  433. $(call Package/iptables/Default)
    434. 

  434.   DEPENDS:=@IPV6 +kmod-ip6tables +iptables
    435. 

  435.   CATEGORY:=Network
    436. 

  436.   TITLE:=IPv6 firewall administration tool
    437. 

  437.   MENU:=1
    438. 

  438. endef
    439. 

  439. 

  440. 

  441. define Package/ip6tables-extra
    442. 

  442. $(call Package/iptables/Default)
    443. 

  443.   DEPENDS:=ip6tables +kmod-ip6tables-extra
    444. 

  444.   TITLE:=IPv6 header matching modules
    445. 

  445. endef
    446. 

  446. 

  447. define Package/ip6tables-mod-extra/description
    448. 

  448. iptables header matching modules for IPv6
    449. 

  449. endef
    450. 

  450. 

  451. define Package/ip6tables-mod-nat
    452. 

  452. $(call Package/iptables/Default)
    453. 

  453.   DEPENDS:=ip6tables +kmod-ipt-nat6
    454. 

  454.   TITLE:=IPv6 NAT extensions
    455. 

  455. endef
    456. 

  456. 

  457. define Package/ip6tables-mod-nat/description
    458. 

  458. iptables extensions for IPv6-NAT targets.
    459. 

  459. endef
    460. 

  460. 

  461. define Package/libiptc
    462. 

  462. $(call Package/iptables/Default)
    463. 

  463.   SECTION:=libs
    464. 

  464.   CATEGORY:=Libraries
    465. 

  465.   DEPENDS:=+libip4tc +libip6tc +libxtables
    466. 

  466.   ABI_VERSION:=$(PKG_VERSION)
    467. 

  467.   TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
    468. 

  468. endef
    469. 

  469. 

  470. define Package/libip4tc
    471. 

  471. $(call Package/iptables/Default)
    472. 

  472.   SECTION:=libs
    473. 

  473.   CATEGORY:=Libraries
    474. 

  474.   TITLE:=IPv4 firewall - shared libiptc library
    475. 

  475.   ABI_VERSION:=$(PKG_VERSION)
    476. 

  476.   DEPENDS:=+libxtables
    477. 

  477. endef
    478. 

  478. 

  479. define Package/libip6tc
    480. 

  480. $(call Package/iptables/Default)
    481. 

  481.   SECTION:=libs
    482. 

  482.   CATEGORY:=Libraries
    483. 

  483.   TITLE:=IPv6 firewall - shared libiptc library
    484. 

  484.   ABI_VERSION:=$(PKG_VERSION)
    485. 

  485.   DEPENDS:=+libxtables
    486. 

  486. endef
    487. 

  487. 

  488. define Package/libxtables
    489. 

  489.  $(call Package/iptables/Default)
    490. 

  490.  SECTION:=libs
    491. 

  491.  CATEGORY:=Libraries
    492. 

  492.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    493. 

  493.  ABI_VERSION:=$(PKG_VERSION)
    494. 

  494.  DEPENDS:= \
    495. 

  495. 	+IPTABLES_CONNLABEL:libnetfilter-conntrack \
    496. 

  496. 	+IPTABLES_NFTABLES:libnftnl
    497. 

  497. endef
    498. 

  498. 

  499. TARGET_CPPFLAGS := \
    500. 

  500. 	-I$(PKG_BUILD_DIR)/include \
    501. 

  501. 	-I$(LINUX_DIR)/user_headers/include \
    502. 

  502. 	$(TARGET_CPPFLAGS)
    503. 

  503. 

  504. TARGET_CFLAGS += \
    505. 

  505. 	-I$(PKG_BUILD_DIR)/include \
    506. 

  506. 	-I$(LINUX_DIR)/user_headers/include \
    507. 

  507. 	-ffunction-sections -fdata-sections \
    508. 

  508. 	-DNO_LEGACY
    509. 

  509. 

  510. TARGET_LDFLAGS += \
    511. 

  511. 	-Wl,--gc-sections
    512. 

  512. 

  513. CONFIGURE_ARGS += \
    514. 

  514. 	--enable-shared \
    515. 

  515. 	--enable-static \
    516. 

  516. 	--enable-devel \
    517. 

  517. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    518. 

  518. 	--with-xtlibdir=/usr/lib/iptables \
    519. 

  519. 	--with-xt-lock-name=/var/run/xtables.lock \
    520. 

  520. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    521. 

  521. 	$(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
    522. 

  522. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    523. 

  523. 

  524. MAKE_FLAGS := \
    525. 

  525. 	$(TARGET_CONFIGURE_OPTS) \
    526. 

  526. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    527. 

  527. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    528. 

  528. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    529. 

  529. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    530. 

  530. 

  531. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    532. 

  532.   define Build/Configure/rebuild
    533. 

  533. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    534. 

  534. 	rm -f $(PKG_BUILD_DIR)/.config_*
    535. 

  535. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    536. 

  536. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    537. 

  537.   endef
    538. 

  538. endif
    539. 

  539. 

  540. define Build/Configure
    541. 

  541. $(Build/Configure/rebuild)
    542. 

  542. $(Build/Configure/Default)
    543. 

  543. endef
    544. 

  544. 

  545. define Build/InstallDev
    546. 

  546. 	$(INSTALL_DIR) $(1)/usr/include
    547. 

  547. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    548. 

  548. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    549. 

  549. 

  550. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    551. 

  551. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    552. 

  552. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    553. 

  553. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    554. 

  554. 	$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
    555. 

  555. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    556. 

  556. 

  557. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    558. 

  558. 	$(INSTALL_DIR) $(1)/usr/lib
    559. 

  559. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    560. 

  560. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    561. 

  561. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    562. 

  562. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    563. 

  563. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    564. 

  564. 

  565. 	# XXX: needed by firewall3
    566. 

  566. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    567. 

  567. endef
    568. 

  568. 

  569. define Package/iptables/install
    570. 

  570. 	$(INSTALL_DIR) $(1)/usr/sbin
    571. 

  571. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
    572. 

  572. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
    573. 

  573. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    574. 

  574. endef
    575. 

  575. 

  576. define Package/ip6tables/install
    577. 

  577. 	$(INSTALL_DIR) $(1)/usr/sbin
    578. 

  578. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
    579. 

  579. endef
    580. 

  580. 

  581. define Package/libiptc/install
    582. 

  582. 	$(INSTALL_DIR) $(1)/usr/lib
    583. 

  583. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
    584. 

  584. endef
    585. 

  585. 

  586. define Package/libip4tc/install
    587. 

  587. 	$(INSTALL_DIR) $(1)/usr/lib
    588. 

  588. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
    589. 

  589. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    590. 

  590. endef
    591. 

  591. 

  592. define Package/libip6tc/install
    593. 

  593. 	$(INSTALL_DIR) $(1)/usr/lib
    594. 

  594. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
    595. 

  595. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    596. 

  596. endef
    597. 

  597. 

  598. define Package/libxtables/install
    599. 

  599. 	$(INSTALL_DIR) $(1)/usr/lib
    600. 

  600. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    601. 

  601. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    602. 

  602. endef
    603. 

  603. 

  604. define BuildPlugin
    605. 

  605.   define Package/$(1)/install
    606. 

  606. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    607. 

  607. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    608. 

  608. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    609. 

  609. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    610. 

  610. 		fi; \
    611. 

  611. 	done
    612. 

  612. 	$(3)
    613. 

  613.   endef
    614. 

  614. 

  615.   $$(eval $$(call BuildPackage,$(1)))
    616. 

  616. endef
    617. 

  617. 

  618. $(eval $(call BuildPackage,iptables))
    619. 

  619. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    620. 

  620. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    621. 

  621. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    622. 

  622. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    623. 

  623. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    624. 

  624. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    625. 

  625. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    626. 

  626. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    627. 

  627. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    628. 

  628. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    629. 

  629. $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
    630. 

  630. $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
    631. 

  631. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    632. 

  632. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    633. 

  633. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    634. 

  634. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    635. 

  635. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    636. 

  636. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    637. 

  637. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    638. 

  638. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    639. 

  639. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    640. 

  640. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    641. 

  641. $(eval $(call BuildPackage,ip6tables))
    642. 

  642. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    643. 

  643. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    644. 

  644. $(eval $(call BuildPackage,libiptc))
    645. 

  645. $(eval $(call BuildPackage,libip4tc))
    646. 

  646. $(eval $(call BuildPackage,libip6tc))
    647. 

  647. $(eval $(call BuildPackage,libxtables))
    648.