Ana Sayfa Keşfet Yardım
Üye Ol Giriş Yap
OpenWrt
/
openwrt
şunun yansıması https://github.com/openwrt/openwrt.git
2
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Dal: iremap
Dallar Biçim İmleri
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 20 KB
Kalıcı Bağlantı Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.8.10
    13. 

  13. PKG_RELEASE:=1
    14. 

  14. 

  15. PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
    16. 

  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
    17. 

  17. PKG_HASH:=5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c
    18. 

  18. 

  19. PKG_FIXUP:=autoreconf
    20. 

  20. PKG_FLAGS:=nonshared
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_FLAGS:=gc-sections no-lto
    24. 

  24. PKG_BUILD_PARALLEL:=1
    25. 

  25. PKG_LICENSE:=GPL-2.0
    26. 

  26. PKG_CPE_ID:=cpe:/a:netfilter:iptables
    27. 

  27. 

  28. include $(INCLUDE_DIR)/package.mk
    29. 

  29. ifeq ($(DUMP),)
    30. 

  30.   -include $(LINUX_DIR)/.config
    31. 

  31.   include $(INCLUDE_DIR)/netfilter.mk
    32. 

  32.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
    33. 

  33. endif
    34. 

  34. 

  35. 

  36. define Package/iptables/Default
    37. 

  37.   SECTION:=net
    38. 

  38.   CATEGORY:=Network
    39. 

  39.   SUBMENU:=Firewall
    40. 

  40.   URL:=https://netfilter.org/
    41. 

  41. endef
    42. 

  42. 

  43. define Package/iptables/Module
    44. 

  44. $(call Package/iptables/Default)
    45. 

  45.   DEPENDS:=+libxtables $(1)
    46. 

  46. endef
    47. 

  47. 

  48. define Package/xtables-legacy
    49. 

  49. $(call Package/iptables/Default)
    50. 

  50.   TITLE:=IP firewall administration tool
    51. 

  51.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
    52. 

  52. endef
    53. 

  53. 

  54. define Package/iptables-zz-legacy
    55. 

  55. $(call Package/iptables/Default)
    56. 

  56.   TITLE:=IP firewall administration tool
    57. 

  57.   DEPENDS+= +xtables-legacy
    58. 

  58.   PROVIDES:=iptables iptables-legacy
    59. 

  59.   ALTERNATIVES:=\
    60. 

  60.     200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
    61. 

  61.     200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
    62. 

  62.     200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
    63. 

  63. endef
    64. 

  64. 

  65. define Package/iptables-zz-legacy/description
    66. 

  66. IP firewall administration tool.
    67. 

  67. 

  68.  Matches:
    69. 

  69.   - icmp
    70. 

  70.   - tcp
    71. 

  71.   - udp
    72. 

  72.   - comment
    73. 

  73.   - conntrack
    74. 

  74.   - limit
    75. 

  75.   - mac
    76. 

  76.   - mark
    77. 

  77.   - multiport
    78. 

  78.   - set
    79. 

  79.   - state
    80. 

  80.   - time
    81. 

  81. 

  82.  Targets:
    83. 

  83.   - ACCEPT
    84. 

  84.   - CT
    85. 

  85.   - DNAT
    86. 

  86.   - DROP
    87. 

  87.   - REJECT
    88. 

  88.   - FLOWOFFLOAD
    89. 

  89.   - LOG
    90. 

  90.   - MARK
    91. 

  91.   - MASQUERADE
    92. 

  92.   - REDIRECT
    93. 

  93.   - SET
    94. 

  94.   - SNAT
    95. 

  95.   - TCPMSS
    96. 

  96. 

  97.  Tables:
    98. 

  98.   - filter
    99. 

  99.   - mangle
    100. 

  100.   - nat
    101. 

  101.   - raw
    102. 

  102. 

  103. endef
    104. 

  104. 

  105. define Package/xtables-nft
    106. 

  106. $(call Package/iptables/Default)
    107. 

  107.   TITLE:=IP firewall administration tool nft
    108. 

  108.   DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
    109. 

  109. endef
    110. 

  110. 

  111. define Package/arptables-nft
    112. 

  112. $(call Package/iptables/Default)
    113. 

  113.   DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
    114. 

  114.   TITLE:=ARP firewall administration tool nft
    115. 

  115.   PROVIDES:=arptables
    116. 

  116.   ALTERNATIVES:=\
    117. 

  117.     300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \
    118. 

  118.     300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \
    119. 

  119.     300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi
    120. 

  120. endef
    121. 

  121. 

  122. define Package/ebtables-nft
    123. 

  123. $(call Package/iptables/Default)
    124. 

  124.   DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
    125. 

  125.   TITLE:=Bridge firewall administration tool nft
    126. 

  126.   PROVIDES:=ebtables
    127. 

  127.   ALTERNATIVES:=\
    128. 

  128.     300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \
    129. 

  129.     300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \
    130. 

  130.     300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi
    131. 

  131. endef
    132. 

  132. 

  133. define Package/iptables-nft
    134. 

  134. $(call Package/iptables/Default)
    135. 

  135.   TITLE:=IP firewall administration tool nft
    136. 

  136.   DEPENDS:=+kmod-ipt-core +xtables-nft
    137. 

  137.   PROVIDES:=iptables
    138. 

  138.   ALTERNATIVES:=\
    139. 

  139.     300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
    140. 

  140.     300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
    141. 

  141.     300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
    142. 

  142. endef
    143. 

  143. 

  144. define Package/iptables-nft/description
    145. 

  145. Extra iptables nftables nft binaries.
    146. 

  146.   iptables-nft
    147. 

  147.   iptables-nft-restore
    148. 

  148.   iptables-nft-save
    149. 

  149.   iptables-translate
    150. 

  150.   iptables-restore-translate
    151. 

  151. endef
    152. 

  152. 

  153. define Package/iptables-mod-conntrack-extra
    154. 

  154. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
    155. 

  155.   TITLE:=Extra connection tracking extensions
    156. 

  156. endef
    157. 

  157. 

  158. define Package/iptables-mod-conntrack-extra/description
    159. 

  159. Extra iptables extensions for connection tracking.
    160. 

  160. 

  161.  Matches:
    162. 

  162.   - connbytes
    163. 

  163.   - connlimit
    164. 

  164.   - connmark
    165. 

  165.   - recent
    166. 

  166.   - helper
    167. 

  167. 

  168.  Targets:
    169. 

  169.   - CONNMARK
    170. 

  170. 

  171. endef
    172. 

  172. 

  173. define Package/iptables-mod-conntrack-label
    174. 

  174. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    175. 

  175.   TITLE:=Connection tracking labeling extension
    176. 

  176.   DEFAULT:=y if IPTABLES_CONNLABEL
    177. 

  177. endef
    178. 

  178. 

  179. define Package/iptables-mod-conntrack-label/description
    180. 

  180. Match and set label(s) on connection tracking entries
    181. 

  181. 

  182.  Matches:
    183. 

  183.   - connlabel
    184. 

  184. 

  185. endef
    186. 

  186. 

  187. define Package/iptables-mod-filter
    188. 

  188. $(call Package/iptables/Module, +kmod-ipt-filter)
    189. 

  189.   TITLE:=Content inspection extensions
    190. 

  190. endef
    191. 

  191. 

  192. define Package/iptables-mod-filter/description
    193. 

  193. iptables extensions for packet content inspection.
    194. 

  194. Includes support for:
    195. 

  195. 

  196.  Matches:
    197. 

  197.   - string
    198. 

  198.   - bpf
    199. 

  199. 

  200. endef
    201. 

  201. 

  202. define Package/iptables-mod-ipopt
    203. 

  203. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    204. 

  204.   TITLE:=IP/Packet option extensions
    205. 

  205. endef
    206. 

  206. 

  207. define Package/iptables-mod-ipopt/description
    208. 

  208. iptables extensions for matching/changing IP packet options.
    209. 

  209. 

  210.  Matches:
    211. 

  211.   - dscp
    212. 

  212.   - ecn
    213. 

  213.   - length
    214. 

  214.   - statistic
    215. 

  215.   - tcpmss
    216. 

  216.   - unclean
    217. 

  217.   - hl
    218. 

  218. 

  219.  Targets:
    220. 

  220.   - DSCP
    221. 

  221.   - CLASSIFY
    222. 

  222.   - ECN
    223. 

  223.   - HL
    224. 

  224. 

  225. endef
    226. 

  226. 

  227. define Package/iptables-mod-ipsec
    228. 

  228. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    229. 

  229.   TITLE:=IPsec extensions
    230. 

  230. endef
    231. 

  231. 

  232. define Package/iptables-mod-ipsec/description
    233. 

  233. iptables extensions for matching ipsec traffic.
    234. 

  234. 

  235.  Matches:
    236. 

  236.   - ah
    237. 

  237.   - esp
    238. 

  238.   - policy
    239. 

  239. 

  240. endef
    241. 

  241. 

  242. define Package/iptables-mod-nat-extra
    243. 

  243. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    244. 

  244.   TITLE:=Extra NAT extensions
    245. 

  245. endef
    246. 

  246. 

  247. define Package/iptables-mod-nat-extra/description
    248. 

  248. iptables extensions for extra NAT targets.
    249. 

  249. 

  250.  Targets:
    251. 

  251.   - MIRROR
    252. 

  252.   - NETMAP
    253. 

  253. endef
    254. 

  254. 

  255. define Package/iptables-mod-nflog
    256. 

  256. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    257. 

  257.   TITLE:=Netfilter NFLOG target
    258. 

  258. endef
    259. 

  259. 

  260. define Package/iptables-mod-nflog/description
    261. 

  261.  iptables extension for user-space logging via NFNETLINK.
    262. 

  262. 

  263.  Includes:
    264. 

  264.   - libxt_NFLOG
    265. 

  265. 

  266. endef
    267. 

  267. 

  268. define Package/iptables-mod-trace
    269. 

  269. $(call Package/iptables/Module, +kmod-ipt-debug)
    270. 

  270.   TITLE:=Netfilter TRACE target
    271. 

  271. endef
    272. 

  272. 

  273. define Package/iptables-mod-trace/description
    274. 

  274.  iptables extension for TRACE target
    275. 

  275. 

  276.  Includes:
    277. 

  277.   - libxt_TRACE
    278. 

  278. 

  279. endef
    280. 

  280. 

  281. 

  282. define Package/iptables-mod-nfqueue
    283. 

  283. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    284. 

  284.   TITLE:=Netfilter NFQUEUE target
    285. 

  285. endef
    286. 

  286. 

  287. define Package/iptables-mod-nfqueue/description
    288. 

  288.  iptables extension for user-space queuing via NFNETLINK.
    289. 

  289. 

  290.  Includes:
    291. 

  291.   - libxt_NFQUEUE
    292. 

  292. 

  293. endef
    294. 

  294. 

  295. define Package/iptables-mod-hashlimit
    296. 

  296. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    297. 

  297.   TITLE:=hashlimit matching
    298. 

  298. endef
    299. 

  299. 

  300. define Package/iptables-mod-hashlimit/description
    301. 

  301. iptables extensions for hashlimit matching
    302. 

  302. 

  303.  Matches:
    304. 

  304.   - hashlimit
    305. 

  305. 

  306. endef
    307. 

  307. 

  308. define Package/iptables-mod-rpfilter
    309. 

  309. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    310. 

  310.   TITLE:=rpfilter iptables extension
    311. 

  311. endef
    312. 

  312. 

  313. define Package/iptables-mod-rpfilter/description
    314. 

  314. iptables extensions for reverse path filter test on a packet
    315. 

  315. 

  316.  Matches:
    317. 

  317.   - rpfilter
    318. 

  318. 

  319. endef
    320. 

  320. 

  321. define Package/iptables-mod-iprange
    322. 

  322. $(call Package/iptables/Module, +kmod-ipt-iprange)
    323. 

  323.   TITLE:=IP range extension
    324. 

  324. endef
    325. 

  325. 

  326. define Package/iptables-mod-iprange/description
    327. 

  327. iptables extensions for matching ip ranges.
    328. 

  328. 

  329.  Matches:
    330. 

  330.   - iprange
    331. 

  331. 

  332. endef
    333. 

  333. 

  334. define Package/iptables-mod-cluster
    335. 

  335. $(call Package/iptables/Module, +kmod-ipt-cluster)
    336. 

  336.   TITLE:=Match cluster extension
    337. 

  337. endef
    338. 

  338. 

  339. define Package/iptables-mod-cluster/description
    340. 

  340. iptables extensions for matching cluster.
    341. 

  341. 

  342.  Netfilter (IPv4/IPv6) module for matching cluster
    343. 

  343.  This option allows you to build work-load-sharing clusters of
    344. 

  344.  network servers/stateful firewalls without having a dedicated
    345. 

  345.  load-balancing router/server/switch. Basically, this match returns
    346. 

  346.  true when the packet must be handled by this cluster node. Thus,
    347. 

  347.  all nodes see all packets and this match decides which node handles
    348. 

  348.  what packets. The work-load sharing algorithm is based on source
    349. 

  349.  address hashing.
    350. 

  350. 

  351.  This module is usable for ipv4 and ipv6.
    352. 

  352. 

  353.  If you select it, it enables kmod-ipt-cluster.
    354. 

  354. 

  355.  see `iptables -m cluster --help` for more information.
    356. 

  356. endef
    357. 

  357. 

  358. define Package/iptables-mod-extra
    359. 

  359. $(call Package/iptables/Module, +kmod-ipt-extra)
    360. 

  360.   TITLE:=Other extra iptables extensions
    361. 

  361. endef
    362. 

  362. 

  363. define Package/iptables-mod-extra/description
    364. 

  364. Other extra iptables extensions.
    365. 

  365. 

  366.  Matches:
    367. 

  367.   - addrtype
    368. 

  368.   - condition
    369. 

  369.   - owner
    370. 

  370.   - pkttype
    371. 

  371.   - quota
    372. 

  372. 

  373. endef
    374. 

  374. 

  375. define Package/iptables-mod-physdev
    376. 

  376. $(call Package/iptables/Module, +kmod-ipt-physdev)
    377. 

  377.   TITLE:=physdev iptables extension
    378. 

  378. endef
    379. 

  379. 

  380. define Package/iptables-mod-physdev/description
    381. 

  381. The iptables physdev match.
    382. 

  382. endef
    383. 

  383. 

  384. define Package/iptables-mod-led
    385. 

  385. $(call Package/iptables/Module, +kmod-ipt-led)
    386. 

  386.   TITLE:=LED trigger iptables extension
    387. 

  387. endef
    388. 

  388. 

  389. define Package/iptables-mod-led/description
    390. 

  390. iptables extension for triggering a LED.
    391. 

  391. 

  392.  Targets:
    393. 

  393.   - LED
    394. 

  394. 

  395. endef
    396. 

  396. 

  397. define Package/iptables-mod-socket
    398. 

  398. $(call Package/iptables/Module, +kmod-ipt-socket)
    399. 

  399.   TITLE:=Socket match iptables extensions
    400. 

  400. endef
    401. 

  401. 

  402. define Package/iptables-mod-socket/description
    403. 

  403. Socket match iptables extensions.
    404. 

  404. 

  405.  Matches:
    406. 

  406.   - socket
    407. 

  407. 

  408. endef
    409. 

  409. 

  410. define Package/iptables-mod-tproxy
    411. 

  411. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    412. 

  412.   TITLE:=Transparent proxy iptables extensions
    413. 

  413. endef
    414. 

  414. 

  415. define Package/iptables-mod-tproxy/description
    416. 

  416. Transparent proxy iptables extensions.
    417. 

  417. 

  418.  Targets:
    419. 

  419.   - TPROXY
    420. 

  420. 

  421. endef
    422. 

  422. 

  423. define Package/iptables-mod-tee
    424. 

  424. $(call Package/iptables/Module, +kmod-ipt-tee)
    425. 

  425.   TITLE:=TEE iptables extensions
    426. 

  426. endef
    427. 

  427. 

  428. define Package/iptables-mod-tee/description
    429. 

  429. TEE iptables extensions.
    430. 

  430. 

  431.  Targets:
    432. 

  432.   - TEE
    433. 

  433. 

  434. endef
    435. 

  435. 

  436. define Package/iptables-mod-u32
    437. 

  437. $(call Package/iptables/Module, +kmod-ipt-u32)
    438. 

  438.   TITLE:=U32 iptables extensions
    439. 

  439. endef
    440. 

  440. 

  441. define Package/iptables-mod-u32/description
    442. 

  442. U32 iptables extensions.
    443. 

  443. 

  444.  Matches:
    445. 

  445.   - u32
    446. 

  446. 

  447. endef
    448. 

  448. 

  449. define Package/iptables-mod-checksum
    450. 

  450. $(call Package/iptables/Module, +kmod-ipt-checksum)
    451. 

  451.   TITLE:=IP CHECKSUM target extension
    452. 

  452. endef
    453. 

  453. 

  454. define Package/iptables-mod-checksum/description
    455. 

  455. iptables extension for the CHECKSUM calculation target
    456. 

  456. endef
    457. 

  457. 

  458. define Package/ip6tables-zz-legacy
    459. 

  459. $(call Package/iptables/Default)
    460. 

  460.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
    461. 

  461.   CATEGORY:=Network
    462. 

  462.   TITLE:=IPv6 firewall administration tool
    463. 

  463.   PROVIDES:=ip6tables ip6tables-legacy
    464. 

  464.   ALTERNATIVES:=\
    465. 

  465.     200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
    466. 

  466.     200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
    467. 

  467.     200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
    468. 

  468. endef
    469. 

  469. 

  470. define Package/ip6tables-nft
    471. 

  471. $(call Package/iptables/Default)
    472. 

  472.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
    473. 

  473.   TITLE:=IP firewall administration tool nft
    474. 

  474.   PROVIDES:=ip6tables
    475. 

  475.   ALTERNATIVES:=\
    476. 

  476.     300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
    477. 

  477.     300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
    478. 

  478.     300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
    479. 

  479. endef
    480. 

  480. 

  481. define Package/ip6tables-nft/description
    482. 

  482. Extra ip6tables nftables nft binaries.
    483. 

  483.   ip6tables-nft
    484. 

  484.   ip6tables-nft-restore
    485. 

  485.   ip6tables-nft-save
    486. 

  486.   ip6tables-translate
    487. 

  487.   ip6tables-restore-translate
    488. 

  488. endef
    489. 

  489. 

  490. define Package/ip6tables-extra
    491. 

  491. $(call Package/iptables/Default)
    492. 

  492.   DEPENDS:=+libxtables +kmod-ip6tables-extra
    493. 

  493.   TITLE:=IPv6 header matching modules
    494. 

  494. endef
    495. 

  495. 

  496. define Package/ip6tables-extra/description
    497. 

  497. iptables header matching modules for IPv6
    498. 

  498. endef
    499. 

  499. 

  500. define Package/ip6tables-mod-nat
    501. 

  501. $(call Package/iptables/Default)
    502. 

  502.   DEPENDS:=+libxtables +kmod-ipt-nat6
    503. 

  503.   TITLE:=IPv6 NAT extensions
    504. 

  504. endef
    505. 

  505. 

  506. define Package/ip6tables-mod-nat/description
    507. 

  507. iptables extensions for IPv6-NAT targets.
    508. 

  508. endef
    509. 

  509. 

  510. define Package/libip4tc
    511. 

  511. $(call Package/iptables/Default)
    512. 

  512.   SECTION:=libs
    513. 

  513.   CATEGORY:=Libraries
    514. 

  514.   TITLE:=IPv4 firewall - shared libiptc library
    515. 

  515.   ABI_VERSION:=2
    516. 

  516. endef
    517. 

  517. 

  518. define Package/libip6tc
    519. 

  519. $(call Package/iptables/Default)
    520. 

  520.   SECTION:=libs
    521. 

  521.   CATEGORY:=Libraries
    522. 

  522.   TITLE:=IPv6 firewall - shared libiptc library
    523. 

  523.   ABI_VERSION:=2
    524. 

  524. endef
    525. 

  525. 

  526. define Package/libiptext
    527. 

  527.  $(call Package/iptables/Default)
    528. 

  528.  SECTION:=libs
    529. 

  529.  CATEGORY:=Libraries
    530. 

  530.  TITLE:=IPv4 firewall - shared libiptext library
    531. 

  531.  ABI_VERSION:=0
    532. 

  532.  DEPENDS:=+libxtables
    533. 

  533. endef
    534. 

  534. 

  535. define Package/libiptext6
    536. 

  536.  $(call Package/iptables/Default)
    537. 

  537.  SECTION:=libs
    538. 

  538.  CATEGORY:=Libraries
    539. 

  539.  TITLE:=IPv6 firewall - shared libiptext library
    540. 

  540.  ABI_VERSION:=0
    541. 

  541.  DEPENDS:=+libxtables
    542. 

  542. endef
    543. 

  543. 

  544. define Package/libiptext-nft
    545. 

  545.  $(call Package/iptables/Default)
    546. 

  546.  SECTION:=libs
    547. 

  547.  CATEGORY:=Libraries
    548. 

  548.  TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
    549. 

  549.  ABI_VERSION:=0
    550. 

  550.  DEPENDS:=+libxtables
    551. 

  551. endef
    552. 

  552. 

  553. define Package/libxtables
    554. 

  554.  $(call Package/iptables/Default)
    555. 

  555.  SECTION:=libs
    556. 

  556.  CATEGORY:=Libraries
    557. 

  557.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    558. 

  558.  MENU:=1
    559. 

  559.  ABI_VERSION:=12
    560. 

  560.  DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
    561. 

  561. endef
    562. 

  562. 

  563. define Package/libxtables/config
    564. 

  564.   config IPTABLES_CONNLABEL
    565. 

  565. 	bool "Enable Connlabel support"
    566. 

  566. 	default n
    567. 

  567. 	help
    568. 

  568. 		This enable connlabel support in iptables.
    569. 

  569. endef
    570. 

  570. 

  571. TARGET_CPPFLAGS := \
    572. 

  572. 	-I$(PKG_BUILD_DIR)/include \
    573. 

  573. 	-I$(LINUX_DIR)/user_headers/include \
    574. 

  574. 	$(TARGET_CPPFLAGS)
    575. 

  575. 

  576. TARGET_CFLAGS += \
    577. 

  577. 	-I$(PKG_BUILD_DIR)/include \
    578. 

  578. 	-I$(LINUX_DIR)/user_headers/include \
    579. 

  579. 	-DNO_LEGACY
    580. 

  580. 

  581. CONFIGURE_ARGS += \
    582. 

  582. 	--enable-shared \
    583. 

  583. 	--enable-static \
    584. 

  584. 	--enable-devel \
    585. 

  585. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    586. 

  586. 	--with-xtlibdir=/usr/lib/iptables \
    587. 

  587. 	--with-xt-lock-name=/var/run/xtables.lock \
    588. 

  588. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    589. 

  589. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    590. 

  590. 

  591. MAKE_FLAGS := \
    592. 

  592. 	$(TARGET_CONFIGURE_OPTS) \
    593. 

  593. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    594. 

  594. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    595. 

  595. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    596. 

  596. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    597. 

  597. 

  598. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    599. 

  599.   define Build/Configure/rebuild
    600. 

  600. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    601. 

  601. 	rm -f $(PKG_BUILD_DIR)/.config_*
    602. 

  602. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    603. 

  603. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    604. 

  604.   endef
    605. 

  605. endif
    606. 

  606. 

  607. define Build/Configure
    608. 

  608. $(Build/Configure/rebuild)
    609. 

  609. $(Build/Configure/Default)
    610. 

  610. endef
    611. 

  611. 

  612. define Build/InstallDev
    613. 

  613. 	$(INSTALL_DIR) $(1)/usr/include
    614. 

  614. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    615. 

  615. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    616. 

  616. 

  617. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    618. 

  618. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    619. 

  619. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    620. 

  620. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    621. 

  621. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    622. 

  622. 

  623. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    624. 

  624. 	$(INSTALL_DIR) $(1)/usr/lib
    625. 

  625. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    626. 

  626. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    627. 

  627. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    628. 

  628. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    629. 

  629. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    630. 

  630. 

  631. 	# XXX: needed by firewall3
    632. 

  632. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    633. 

  633. endef
    634. 

  634. 

  635. define Package/xtables-legacy/install
    636. 

  636. 	$(INSTALL_DIR) $(1)/usr/sbin
    637. 

  637. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
    638. 

  638. endef
    639. 

  639. 

  640. define Package/iptables-zz-legacy/install
    641. 

  641. 	$(INSTALL_DIR) $(1)/usr/sbin
    642. 

  642. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
    643. 

  643. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    644. 

  644. endef
    645. 

  645. 

  646. define Package/xtables-nft/install
    647. 

  647. 	$(INSTALL_DIR) $(1)/usr/sbin
    648. 

  648. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
    649. 

  649. endef
    650. 

  650. 

  651. define Package/arptables-nft/install
    652. 

  652. 	$(INSTALL_DIR) $(1)/usr/sbin
    653. 

  653. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/
    654. 

  654. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    655. 

  655. 	$(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
    656. 

  656. endef
    657. 

  657. 

  658. define Package/ebtables-nft/install
    659. 

  659. 	$(INSTALL_DIR) $(1)/usr/sbin
    660. 

  660. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/
    661. 

  661. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    662. 

  662. 	$(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
    663. 

  663. endef
    664. 

  664. 

  665. define Package/iptables-nft/install
    666. 

  666. 	$(INSTALL_DIR) $(1)/usr/sbin
    667. 

  667. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
    668. 

  668. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
    669. 

  669. endef
    670. 

  670. 

  671. define Package/ip6tables-zz-legacy/install
    672. 

  672. 	$(INSTALL_DIR) $(1)/usr/sbin
    673. 

  673. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
    674. 

  674. endef
    675. 

  675. 

  676. define Package/ip6tables-nft/install
    677. 

  677. 	$(INSTALL_DIR) $(1)/usr/sbin
    678. 

  678. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
    679. 

  679. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
    680. 

  680. endef
    681. 

  681. 

  682. define Package/libip4tc/install
    683. 

  683. 	$(INSTALL_DIR) $(1)/usr/lib
    684. 

  684. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
    685. 

  685. endef
    686. 

  686. 

  687. define Package/libip6tc/install
    688. 

  688. 	$(INSTALL_DIR) $(1)/usr/lib
    689. 

  689. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
    690. 

  690. endef
    691. 

  691. 

  692. define Package/libiptext/install
    693. 

  693. 	$(INSTALL_DIR) $(1)/usr/lib
    694. 

  694. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    695. 

  695. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    696. 

  696. endef
    697. 

  697. 

  698. define Package/libiptext6/install
    699. 

  699. 	$(INSTALL_DIR) $(1)/usr/lib
    700. 

  700. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    701. 

  701. endef
    702. 

  702. 

  703. define Package/libiptext-nft/install
    704. 

  704. 	$(INSTALL_DIR) $(1)/usr/lib
    705. 

  705. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
    706. 

  706. endef
    707. 

  707. 

  708. define Package/libxtables/install
    709. 

  709. 	$(INSTALL_DIR) $(1)/usr/lib
    710. 

  710. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
    711. 

  711. endef
    712. 

  712. 

  713. define BuildPlugin
    714. 

  714.   define Package/$(1)/install
    715. 

  715. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    716. 

  716. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    717. 

  717. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    718. 

  718. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    719. 

  719. 		fi; \
    720. 

  720. 	done
    721. 

  721. 	$(3)
    722. 

  722.   endef
    723. 

  723. 

  724.   $$(eval $$(call BuildPackage,$(1)))
    725. 

  725. endef
    726. 

  726. 

  727. $(eval $(call BuildPackage,libxtables))
    728. 

  728. $(eval $(call BuildPackage,libip4tc))
    729. 

  729. $(eval $(call BuildPackage,libip6tc))
    730. 

  730. $(eval $(call BuildPackage,libiptext))
    731. 

  731. $(eval $(call BuildPackage,libiptext6))
    732. 

  732. $(eval $(call BuildPackage,libiptext-nft))
    733. 

  733. $(eval $(call BuildPackage,xtables-legacy))
    734. 

  734. $(eval $(call BuildPackage,xtables-nft))
    735. 

  735. $(eval $(call BuildPackage,arptables-nft))
    736. 

  736. $(eval $(call BuildPackage,ebtables-nft))
    737. 

  737. $(eval $(call BuildPackage,iptables-nft))
    738. 

  738. $(eval $(call BuildPackage,iptables-zz-legacy))
    739. 

  739. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    740. 

  740. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    741. 

  741. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    742. 

  742. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    743. 

  743. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    744. 

  744. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    745. 

  745. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    746. 

  746. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    747. 

  747. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    748. 

  748. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    749. 

  749. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    750. 

  750. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    751. 

  751. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    752. 

  752. $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
    753. 

  753. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    754. 

  754. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    755. 

  755. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    756. 

  756. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    757. 

  757. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    758. 

  758. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    759. 

  759. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    760. 

  760. $(eval $(call BuildPackage,ip6tables-nft))
    761. 

  761. $(eval $(call BuildPackage,ip6tables-zz-legacy))
    762. 

  762. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    763. 

  763. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    764. 

  764.