Главная Обзор Помощь
Вход
OpenWrt
/
openwrt
зеркало из https://github.com/openwrt/openwrt.git
2
0
Ответвить 0
Файлы Задачи 0 Вики
Ветка: main
Ветки Метки
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 20 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.8.10
    13. 

  13. PKG_RELEASE:=3
    14. 

  14. 

  15. PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
    16. 

  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
    17. 

  17. PKG_HASH:=5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c
    18. 

  18. 

  19. PKG_FIXUP:=autoreconf
    20. 

  20. PKG_FLAGS:=nonshared
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_FLAGS:=gc-sections no-lto
    24. 

  24. PKG_BUILD_PARALLEL:=1
    25. 

  25. PKG_LICENSE:=GPL-2.0
    26. 

  26. PKG_CPE_ID:=cpe:/a:netfilter:iptables
    27. 

  27. 

  28. include $(INCLUDE_DIR)/package.mk
    29. 

  29. ifeq ($(DUMP),)
    30. 

  30.   -include $(LINUX_DIR)/.config
    31. 

  31.   include $(INCLUDE_DIR)/netfilter.mk
    32. 

  32.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
    33. 

  33. endif
    34. 

  34. 

  35. 

  36. define Package/iptables/Default
    37. 

  37.   SECTION:=net
    38. 

  38.   CATEGORY:=Network
    39. 

  39.   SUBMENU:=Firewall
    40. 

  40.   URL:=https://netfilter.org/
    41. 

  41. endef
    42. 

  42. 

  43. define Package/iptables/Module
    44. 

  44. $(call Package/iptables/Default)
    45. 

  45.   DEPENDS:=+libxtables $(1)
    46. 

  46. endef
    47. 

  47. 

  48. define Package/xtables-legacy
    49. 

  49. $(call Package/iptables/Default)
    50. 

  50.   TITLE:=IP firewall administration tool
    51. 

  51.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
    52. 

  52. endef
    53. 

  53. 

  54. define Package/iptables-zz-legacy
    55. 

  55. $(call Package/iptables/Default)
    56. 

  56.   TITLE:=IP firewall administration tool
    57. 

  57.   DEPENDS+= +xtables-legacy
    58. 

  58.   PROVIDES:=iptables iptables-legacy
    59. 

  59.   ALTERNATIVES:=\
    60. 

  60.     200:/usr/sbin/iptables:xtables-legacy-multi \
    61. 

  61.     200:/usr/sbin/iptables-restore:xtables-legacy-multi \
    62. 

  62.     200:/usr/sbin/iptables-save:xtables-legacy-multi \
    63. 

  63.     200:/usr/sbin/iptables-legacy:xtables-legacy-multi \
    64. 

  64.     200:/usr/sbin/iptables-legacy-restore:xtables-legacy-multi \
    65. 

  65.     200:/usr/sbin/iptables-legacy-save:xtables-legacy-multi
    66. 

  66. endef
    67. 

  67. 

  68. define Package/iptables-zz-legacy/description
    69. 

  69. IP firewall administration tool.
    70. 

  70. 

  71.  Matches:
    72. 

  72.   - icmp
    73. 

  73.   - tcp
    74. 

  74.   - udp
    75. 

  75.   - comment
    76. 

  76.   - conntrack
    77. 

  77.   - limit
    78. 

  78.   - mac
    79. 

  79.   - mark
    80. 

  80.   - multiport
    81. 

  81.   - set
    82. 

  82.   - state
    83. 

  83.   - time
    84. 

  84. 

  85.  Targets:
    86. 

  86.   - ACCEPT
    87. 

  87.   - CT
    88. 

  88.   - DNAT
    89. 

  89.   - DROP
    90. 

  90.   - REJECT
    91. 

  91.   - FLOWOFFLOAD
    92. 

  92.   - LOG
    93. 

  93.   - MARK
    94. 

  94.   - MASQUERADE
    95. 

  95.   - REDIRECT
    96. 

  96.   - SET
    97. 

  97.   - SNAT
    98. 

  98.   - TCPMSS
    99. 

  99. 

  100.  Tables:
    101. 

  101.   - filter
    102. 

  102.   - mangle
    103. 

  103.   - nat
    104. 

  104.   - raw
    105. 

  105. 

  106. endef
    107. 

  107. 

  108. define Package/xtables-nft
    109. 

  109. $(call Package/iptables/Default)
    110. 

  110.   TITLE:=IP firewall administration tool nft
    111. 

  111.   DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
    112. 

  112. endef
    113. 

  113. 

  114. define Package/arptables-nft
    115. 

  115. $(call Package/iptables/Default)
    116. 

  116.   DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
    117. 

  117.   TITLE:=ARP firewall administration tool nft
    118. 

  118.   PROVIDES:=arptables
    119. 

  119.   ALTERNATIVES:=\
    120. 

  120.     300:/usr/sbin/arptables:xtables-nft-multi \
    121. 

  121.     300:/usr/sbin/arptables-restore:xtables-nft-multi \
    122. 

  122.     300:/usr/sbin/arptables-save:xtables-nft-multi \
    123. 

  123.     300:/usr/sbin/arptables-nft:xtables-nft-multi \
    124. 

  124.     300:/usr/sbin/arptables-nft-restore:xtables-nft-multi \
    125. 

  125.     300:/usr/sbin/arptables-nft-save:xtables-nft-multi
    126. 

  126. endef
    127. 

  127. 

  128. define Package/ebtables-nft
    129. 

  129. $(call Package/iptables/Default)
    130. 

  130.   DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
    131. 

  131.   TITLE:=Bridge firewall administration tool nft
    132. 

  132.   PROVIDES:=ebtables
    133. 

  133.   ALTERNATIVES:=\
    134. 

  134.     300:/usr/sbin/ebtables:xtables-nft-multi \
    135. 

  135.     300:/usr/sbin/ebtables-restore:xtables-nft-multi \
    136. 

  136.     300:/usr/sbin/ebtables-save:xtables-nft-multi \
    137. 

  137.     300:/usr/sbin/ebtables-nft:xtables-nft-multi \
    138. 

  138.     300:/usr/sbin/ebtables-nft-restore:xtables-nft-multi \
    139. 

  139.     300:/usr/sbin/ebtables-nft-save:xtables-nft-multi
    140. 

  140. endef
    141. 

  141. 

  142. define Package/iptables-nft
    143. 

  143. $(call Package/iptables/Default)
    144. 

  144.   TITLE:=IP firewall administration tool nft
    145. 

  145.   DEPENDS:=+kmod-ipt-core +xtables-nft
    146. 

  146.   PROVIDES:=iptables
    147. 

  147.   DEFAULT_VARIANT:=1
    148. 

  148.   ALTERNATIVES:=\
    149. 

  149.     300:/usr/sbin/iptables:xtables-nft-multi \
    150. 

  150.     300:/usr/sbin/iptables-restore:xtables-nft-multi \
    151. 

  151.     300:/usr/sbin/iptables-save:xtables-nft-multi \
    152. 

  152.     300:/usr/sbin/iptables-nft:xtables-nft-multi \
    153. 

  153.     300:/usr/sbin/iptables-nft-restore:xtables-nft-multi \
    154. 

  154.     300:/usr/sbin/iptables-nft-save:xtables-nft-multi \
    155. 

  155.     300:/usr/sbin/iptables-restore-translate:xtables-nft-multi \
    156. 

  156.     300:/usr/sbin/iptables-translate:xtables-nft-multi
    157. 

  157. endef
    158. 

  158. 

  159. define Package/iptables-nft/description
    160. 

  160. Extra iptables nftables nft binaries.
    161. 

  161.   iptables-nft
    162. 

  162.   iptables-nft-restore
    163. 

  163.   iptables-nft-save
    164. 

  164.   iptables-translate
    165. 

  165.   iptables-restore-translate
    166. 

  166. endef
    167. 

  167. 

  168. define Package/iptables-mod-conntrack-extra
    169. 

  169. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
    170. 

  170.   TITLE:=Extra connection tracking extensions
    171. 

  171. endef
    172. 

  172. 

  173. define Package/iptables-mod-conntrack-extra/description
    174. 

  174. Extra iptables extensions for connection tracking.
    175. 

  175. 

  176.  Matches:
    177. 

  177.   - connbytes
    178. 

  178.   - connlimit
    179. 

  179.   - connmark
    180. 

  180.   - recent
    181. 

  181.   - helper
    182. 

  182. 

  183.  Targets:
    184. 

  184.   - CONNMARK
    185. 

  185. 

  186. endef
    187. 

  187. 

  188. define Package/iptables-mod-conntrack-label
    189. 

  189. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    190. 

  190.   TITLE:=Connection tracking labeling extension
    191. 

  191.   DEFAULT:=y if IPTABLES_CONNLABEL
    192. 

  192. endef
    193. 

  193. 

  194. define Package/iptables-mod-conntrack-label/description
    195. 

  195. Match and set label(s) on connection tracking entries
    196. 

  196. 

  197.  Matches:
    198. 

  198.   - connlabel
    199. 

  199. 

  200. endef
    201. 

  201. 

  202. define Package/iptables-mod-filter
    203. 

  203. $(call Package/iptables/Module, +kmod-ipt-filter)
    204. 

  204.   TITLE:=Content inspection extensions
    205. 

  205. endef
    206. 

  206. 

  207. define Package/iptables-mod-filter/description
    208. 

  208. iptables extensions for packet content inspection.
    209. 

  209. Includes support for:
    210. 

  210. 

  211.  Matches:
    212. 

  212.   - string
    213. 

  213.   - bpf
    214. 

  214. 

  215. endef
    216. 

  216. 

  217. define Package/iptables-mod-ipopt
    218. 

  218. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    219. 

  219.   TITLE:=IP/Packet option extensions
    220. 

  220. endef
    221. 

  221. 

  222. define Package/iptables-mod-ipopt/description
    223. 

  223. iptables extensions for matching/changing IP packet options.
    224. 

  224. 

  225.  Matches:
    226. 

  226.   - dscp
    227. 

  227.   - ecn
    228. 

  228.   - length
    229. 

  229.   - statistic
    230. 

  230.   - tcpmss
    231. 

  231.   - unclean
    232. 

  232.   - hl
    233. 

  233. 

  234.  Targets:
    235. 

  235.   - DSCP
    236. 

  236.   - CLASSIFY
    237. 

  237.   - ECN
    238. 

  238.   - HL
    239. 

  239. 

  240. endef
    241. 

  241. 

  242. define Package/iptables-mod-ipsec
    243. 

  243. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    244. 

  244.   TITLE:=IPsec extensions
    245. 

  245. endef
    246. 

  246. 

  247. define Package/iptables-mod-ipsec/description
    248. 

  248. iptables extensions for matching ipsec traffic.
    249. 

  249. 

  250.  Matches:
    251. 

  251.   - ah
    252. 

  252.   - esp
    253. 

  253.   - policy
    254. 

  254. 

  255. endef
    256. 

  256. 

  257. define Package/iptables-mod-nat-extra
    258. 

  258. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    259. 

  259.   TITLE:=Extra NAT extensions
    260. 

  260. endef
    261. 

  261. 

  262. define Package/iptables-mod-nat-extra/description
    263. 

  263. iptables extensions for extra NAT targets.
    264. 

  264. 

  265.  Targets:
    266. 

  266.   - MIRROR
    267. 

  267.   - NETMAP
    268. 

  268. endef
    269. 

  269. 

  270. define Package/iptables-mod-nflog
    271. 

  271. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    272. 

  272.   TITLE:=Netfilter NFLOG target
    273. 

  273. endef
    274. 

  274. 

  275. define Package/iptables-mod-nflog/description
    276. 

  276.  iptables extension for user-space logging via NFNETLINK.
    277. 

  277. 

  278.  Includes:
    279. 

  279.   - libxt_NFLOG
    280. 

  280. 

  281. endef
    282. 

  282. 

  283. define Package/iptables-mod-trace
    284. 

  284. $(call Package/iptables/Module, +kmod-ipt-debug)
    285. 

  285.   TITLE:=Netfilter TRACE target
    286. 

  286. endef
    287. 

  287. 

  288. define Package/iptables-mod-trace/description
    289. 

  289.  iptables extension for TRACE target
    290. 

  290. 

  291.  Includes:
    292. 

  292.   - libxt_TRACE
    293. 

  293. 

  294. endef
    295. 

  295. 

  296. 

  297. define Package/iptables-mod-nfqueue
    298. 

  298. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    299. 

  299.   TITLE:=Netfilter NFQUEUE target
    300. 

  300. endef
    301. 

  301. 

  302. define Package/iptables-mod-nfqueue/description
    303. 

  303.  iptables extension for user-space queuing via NFNETLINK.
    304. 

  304. 

  305.  Includes:
    306. 

  306.   - libxt_NFQUEUE
    307. 

  307. 

  308. endef
    309. 

  309. 

  310. define Package/iptables-mod-hashlimit
    311. 

  311. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    312. 

  312.   TITLE:=hashlimit matching
    313. 

  313. endef
    314. 

  314. 

  315. define Package/iptables-mod-hashlimit/description
    316. 

  316. iptables extensions for hashlimit matching
    317. 

  317. 

  318.  Matches:
    319. 

  319.   - hashlimit
    320. 

  320. 

  321. endef
    322. 

  322. 

  323. define Package/iptables-mod-rpfilter
    324. 

  324. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    325. 

  325.   TITLE:=rpfilter iptables extension
    326. 

  326. endef
    327. 

  327. 

  328. define Package/iptables-mod-rpfilter/description
    329. 

  329. iptables extensions for reverse path filter test on a packet
    330. 

  330. 

  331.  Matches:
    332. 

  332.   - rpfilter
    333. 

  333. 

  334. endef
    335. 

  335. 

  336. define Package/iptables-mod-iprange
    337. 

  337. $(call Package/iptables/Module, +kmod-ipt-iprange)
    338. 

  338.   TITLE:=IP range extension
    339. 

  339. endef
    340. 

  340. 

  341. define Package/iptables-mod-iprange/description
    342. 

  342. iptables extensions for matching ip ranges.
    343. 

  343. 

  344.  Matches:
    345. 

  345.   - iprange
    346. 

  346. 

  347. endef
    348. 

  348. 

  349. define Package/iptables-mod-cluster
    350. 

  350. $(call Package/iptables/Module, +kmod-ipt-cluster)
    351. 

  351.   TITLE:=Match cluster extension
    352. 

  352. endef
    353. 

  353. 

  354. define Package/iptables-mod-cluster/description
    355. 

  355. iptables extensions for matching cluster.
    356. 

  356. 

  357.  Netfilter (IPv4/IPv6) module for matching cluster
    358. 

  358.  This option allows you to build work-load-sharing clusters of
    359. 

  359.  network servers/stateful firewalls without having a dedicated
    360. 

  360.  load-balancing router/server/switch. Basically, this match returns
    361. 

  361.  true when the packet must be handled by this cluster node. Thus,
    362. 

  362.  all nodes see all packets and this match decides which node handles
    363. 

  363.  what packets. The work-load sharing algorithm is based on source
    364. 

  364.  address hashing.
    365. 

  365. 

  366.  This module is usable for ipv4 and ipv6.
    367. 

  367. 

  368.  If you select it, it enables kmod-ipt-cluster.
    369. 

  369. 

  370.  see `iptables -m cluster --help` for more information.
    371. 

  371. endef
    372. 

  372. 

  373. define Package/iptables-mod-extra
    374. 

  374. $(call Package/iptables/Module, +kmod-ipt-extra)
    375. 

  375.   TITLE:=Other extra iptables extensions
    376. 

  376. endef
    377. 

  377. 

  378. define Package/iptables-mod-extra/description
    379. 

  379. Other extra iptables extensions.
    380. 

  380. 

  381.  Matches:
    382. 

  382.   - addrtype
    383. 

  383.   - condition
    384. 

  384.   - owner
    385. 

  385.   - pkttype
    386. 

  386.   - quota
    387. 

  387. 

  388. endef
    389. 

  389. 

  390. define Package/iptables-mod-physdev
    391. 

  391. $(call Package/iptables/Module, +kmod-ipt-physdev)
    392. 

  392.   TITLE:=physdev iptables extension
    393. 

  393. endef
    394. 

  394. 

  395. define Package/iptables-mod-physdev/description
    396. 

  396. The iptables physdev match.
    397. 

  397. endef
    398. 

  398. 

  399. define Package/iptables-mod-led
    400. 

  400. $(call Package/iptables/Module, +kmod-ipt-led)
    401. 

  401.   TITLE:=LED trigger iptables extension
    402. 

  402. endef
    403. 

  403. 

  404. define Package/iptables-mod-led/description
    405. 

  405. iptables extension for triggering a LED.
    406. 

  406. 

  407.  Targets:
    408. 

  408.   - LED
    409. 

  409. 

  410. endef
    411. 

  411. 

  412. define Package/iptables-mod-socket
    413. 

  413. $(call Package/iptables/Module, +kmod-ipt-socket)
    414. 

  414.   TITLE:=Socket match iptables extensions
    415. 

  415. endef
    416. 

  416. 

  417. define Package/iptables-mod-socket/description
    418. 

  418. Socket match iptables extensions.
    419. 

  419. 

  420.  Matches:
    421. 

  421.   - socket
    422. 

  422. 

  423. endef
    424. 

  424. 

  425. define Package/iptables-mod-tproxy
    426. 

  426. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    427. 

  427.   TITLE:=Transparent proxy iptables extensions
    428. 

  428. endef
    429. 

  429. 

  430. define Package/iptables-mod-tproxy/description
    431. 

  431. Transparent proxy iptables extensions.
    432. 

  432. 

  433.  Targets:
    434. 

  434.   - TPROXY
    435. 

  435. 

  436. endef
    437. 

  437. 

  438. define Package/iptables-mod-tee
    439. 

  439. $(call Package/iptables/Module, +kmod-ipt-tee)
    440. 

  440.   TITLE:=TEE iptables extensions
    441. 

  441. endef
    442. 

  442. 

  443. define Package/iptables-mod-tee/description
    444. 

  444. TEE iptables extensions.
    445. 

  445. 

  446.  Targets:
    447. 

  447.   - TEE
    448. 

  448. 

  449. endef
    450. 

  450. 

  451. define Package/iptables-mod-u32
    452. 

  452. $(call Package/iptables/Module, +kmod-ipt-u32)
    453. 

  453.   TITLE:=U32 iptables extensions
    454. 

  454. endef
    455. 

  455. 

  456. define Package/iptables-mod-u32/description
    457. 

  457. U32 iptables extensions.
    458. 

  458. 

  459.  Matches:
    460. 

  460.   - u32
    461. 

  461. 

  462. endef
    463. 

  463. 

  464. define Package/iptables-mod-checksum
    465. 

  465. $(call Package/iptables/Module, +kmod-ipt-checksum)
    466. 

  466.   TITLE:=IP CHECKSUM target extension
    467. 

  467. endef
    468. 

  468. 

  469. define Package/iptables-mod-checksum/description
    470. 

  470. iptables extension for the CHECKSUM calculation target
    471. 

  471. endef
    472. 

  472. 

  473. define Package/ip6tables-zz-legacy
    474. 

  474. $(call Package/iptables/Default)
    475. 

  475.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
    476. 

  476.   CATEGORY:=Network
    477. 

  477.   TITLE:=IPv6 firewall administration tool
    478. 

  478.   PROVIDES:=ip6tables ip6tables-legacy
    479. 

  479.   ALTERNATIVES:=\
    480. 

  480.     200:/usr/sbin/ip6tables:xtables-legacy-multi \
    481. 

  481.     200:/usr/sbin/ip6tables-restore:xtables-legacy-multi \
    482. 

  482.     200:/usr/sbin/ip6tables-save:xtables-legacy-multi \
    483. 

  483.     200:/usr/sbin/ip6tables-legacy:xtables-legacy-multi \
    484. 

  484.     200:/usr/sbin/ip6tables-legacy-restore:xtables-legacy-multi \
    485. 

  485.     200:/usr/sbin/ip6tables-legacy-save:xtables-legacy-multi
    486. 

  486. endef
    487. 

  487. 

  488. define Package/ip6tables-nft
    489. 

  489. $(call Package/iptables/Default)
    490. 

  490.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
    491. 

  491.   TITLE:=IP firewall administration tool nft
    492. 

  492.   PROVIDES:=ip6tables
    493. 

  493.   DEFAULT_VARIANT:=1
    494. 

  494.   ALTERNATIVES:=\
    495. 

  495.     300:/usr/sbin/ip6tables:xtables-nft-multi \
    496. 

  496.     300:/usr/sbin/ip6tables-restore:xtables-nft-multi \
    497. 

  497.     300:/usr/sbin/ip6tables-save:xtables-nft-multi \
    498. 

  498.     300:/usr/sbin/ip6tables-nft:xtables-nft-multi \
    499. 

  499.     300:/usr/sbin/ip6tables-nft-restore:xtables-nft-multi \
    500. 

  500.     300:/usr/sbin/ip6tables-nft-save:xtables-nft-multi \
    501. 

  501.     300:/usr/sbin/ip6tables-restore-translate:xtables-nft-multi \
    502. 

  502.     300:/usr/sbin/ip6tables-translate:xtables-nft-multi
    503. 

  503. endef
    504. 

  504. 

  505. define Package/ip6tables-nft/description
    506. 

  506. Extra ip6tables nftables nft binaries.
    507. 

  507.   ip6tables-nft
    508. 

  508.   ip6tables-nft-restore
    509. 

  509.   ip6tables-nft-save
    510. 

  510.   ip6tables-translate
    511. 

  511.   ip6tables-restore-translate
    512. 

  512. endef
    513. 

  513. 

  514. define Package/ip6tables-extra
    515. 

  515. $(call Package/iptables/Default)
    516. 

  516.   DEPENDS:=+libxtables +kmod-ip6tables-extra
    517. 

  517.   TITLE:=IPv6 header matching modules
    518. 

  518. endef
    519. 

  519. 

  520. define Package/ip6tables-extra/description
    521. 

  521. iptables header matching modules for IPv6
    522. 

  522. endef
    523. 

  523. 

  524. define Package/ip6tables-mod-nat
    525. 

  525. $(call Package/iptables/Default)
    526. 

  526.   DEPENDS:=+libxtables +kmod-ipt-nat6
    527. 

  527.   TITLE:=IPv6 NAT extensions
    528. 

  528. endef
    529. 

  529. 

  530. define Package/ip6tables-mod-nat/description
    531. 

  531. iptables extensions for IPv6-NAT targets.
    532. 

  532. endef
    533. 

  533. 

  534. define Package/libip4tc
    535. 

  535. $(call Package/iptables/Default)
    536. 

  536.   SECTION:=libs
    537. 

  537.   CATEGORY:=Libraries
    538. 

  538.   TITLE:=IPv4 firewall - shared libiptc library
    539. 

  539.   ABI_VERSION:=2
    540. 

  540. endef
    541. 

  541. 

  542. define Package/libip6tc
    543. 

  543. $(call Package/iptables/Default)
    544. 

  544.   SECTION:=libs
    545. 

  545.   CATEGORY:=Libraries
    546. 

  546.   TITLE:=IPv6 firewall - shared libiptc library
    547. 

  547.   ABI_VERSION:=2
    548. 

  548. endef
    549. 

  549. 

  550. define Package/libiptext
    551. 

  551.  $(call Package/iptables/Default)
    552. 

  552.  SECTION:=libs
    553. 

  553.  CATEGORY:=Libraries
    554. 

  554.  TITLE:=IPv4 firewall - shared libiptext library
    555. 

  555.  ABI_VERSION:=0
    556. 

  556.  DEPENDS:=+libxtables
    557. 

  557. endef
    558. 

  558. 

  559. define Package/libiptext6
    560. 

  560.  $(call Package/iptables/Default)
    561. 

  561.  SECTION:=libs
    562. 

  562.  CATEGORY:=Libraries
    563. 

  563.  TITLE:=IPv6 firewall - shared libiptext library
    564. 

  564.  ABI_VERSION:=0
    565. 

  565.  DEPENDS:=+libxtables
    566. 

  566. endef
    567. 

  567. 

  568. define Package/libiptext-nft
    569. 

  569.  $(call Package/iptables/Default)
    570. 

  570.  SECTION:=libs
    571. 

  571.  CATEGORY:=Libraries
    572. 

  572.  TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
    573. 

  573.  ABI_VERSION:=0
    574. 

  574.  DEPENDS:=+libxtables
    575. 

  575. endef
    576. 

  576. 

  577. define Package/libxtables
    578. 

  578.  $(call Package/iptables/Default)
    579. 

  579.  SECTION:=libs
    580. 

  580.  CATEGORY:=Libraries
    581. 

  581.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    582. 

  582.  MENU:=1
    583. 

  583.  ABI_VERSION:=12
    584. 

  584.  DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
    585. 

  585. endef
    586. 

  586. 

  587. define Package/libxtables/config
    588. 

  588.   config IPTABLES_CONNLABEL
    589. 

  589. 	bool "Enable Connlabel support"
    590. 

  590. 	default n
    591. 

  591. 	help
    592. 

  592. 		This enable connlabel support in iptables.
    593. 

  593. endef
    594. 

  594. 

  595. TARGET_CPPFLAGS := \
    596. 

  596. 	-I$(PKG_BUILD_DIR)/include \
    597. 

  597. 	-I$(LINUX_DIR)/user_headers/include \
    598. 

  598. 	$(TARGET_CPPFLAGS)
    599. 

  599. 

  600. TARGET_CFLAGS += \
    601. 

  601. 	-I$(PKG_BUILD_DIR)/include \
    602. 

  602. 	-I$(LINUX_DIR)/user_headers/include \
    603. 

  603. 	-DNO_LEGACY
    604. 

  604. 

  605. CONFIGURE_ARGS += \
    606. 

  606. 	--enable-shared \
    607. 

  607. 	--enable-static \
    608. 

  608. 	--enable-devel \
    609. 

  609. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    610. 

  610. 	--with-xtlibdir=/usr/lib/iptables \
    611. 

  611. 	--with-xt-lock-name=/var/run/xtables.lock \
    612. 

  612. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    613. 

  613. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    614. 

  614. 

  615. MAKE_FLAGS := \
    616. 

  616. 	$(TARGET_CONFIGURE_OPTS) \
    617. 

  617. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    618. 

  618. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    619. 

  619. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    620. 

  620. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    621. 

  621. 

  622. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    623. 

  623.   define Build/Configure/rebuild
    624. 

  624. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    625. 

  625. 	rm -f $(PKG_BUILD_DIR)/.config_*
    626. 

  626. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    627. 

  627. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    628. 

  628.   endef
    629. 

  629. endif
    630. 

  630. 

  631. define Build/Configure
    632. 

  632. $(Build/Configure/rebuild)
    633. 

  633. $(Build/Configure/Default)
    634. 

  634. endef
    635. 

  635. 

  636. define Build/InstallDev
    637. 

  637. 	$(INSTALL_DIR) $(1)/usr/include
    638. 

  638. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    639. 

  639. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    640. 

  640. 

  641. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    642. 

  642. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    643. 

  643. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    644. 

  644. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    645. 

  645. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    646. 

  646. 

  647. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    648. 

  648. 	$(INSTALL_DIR) $(1)/usr/lib
    649. 

  649. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    650. 

  650. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    651. 

  651. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    652. 

  652. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    653. 

  653. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    654. 

  654. 

  655. 	# XXX: needed by firewall3
    656. 

  656. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    657. 

  657. endef
    658. 

  658. 

  659. define Package/xtables-legacy/install
    660. 

  660. 	$(INSTALL_DIR) $(1)/usr/sbin
    661. 

  661. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
    662. 

  662. endef
    663. 

  663. 

  664. define Package/xtables-nft/install
    665. 

  665. 	$(INSTALL_DIR) $(1)/usr/sbin
    666. 

  666. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
    667. 

  667. endef
    668. 

  668. 

  669. define Package/arptables-nft/install
    670. 

  670. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    671. 

  671. 	$(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
    672. 

  672. endef
    673. 

  673. 

  674. define Package/ebtables-nft/install
    675. 

  675. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    676. 

  676. 	$(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
    677. 

  677. endef
    678. 

  678. 

  679. define Package/iptables-zz-legacy/install
    680. 

  680. 	true
    681. 

  681. endef
    682. 

  682. 

  683. define Package/iptables-nft/install
    684. 

  684. 	true
    685. 

  685. endef
    686. 

  686. 

  687. define Package/ip6tables-zz-legacy/install
    688. 

  688. 	true
    689. 

  689. endef
    690. 

  690. 

  691. define Package/ip6tables-nft/install
    692. 

  692. 	true
    693. 

  693. endef
    694. 

  694. 

  695. define Package/libip4tc/install
    696. 

  696. 	$(INSTALL_DIR) $(1)/usr/lib
    697. 

  697. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
    698. 

  698. endef
    699. 

  699. 

  700. define Package/libip6tc/install
    701. 

  701. 	$(INSTALL_DIR) $(1)/usr/lib
    702. 

  702. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
    703. 

  703. endef
    704. 

  704. 

  705. define Package/libiptext/install
    706. 

  706. 	$(INSTALL_DIR) $(1)/usr/lib
    707. 

  707. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    708. 

  708. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    709. 

  709. endef
    710. 

  710. 

  711. define Package/libiptext6/install
    712. 

  712. 	$(INSTALL_DIR) $(1)/usr/lib
    713. 

  713. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    714. 

  714. endef
    715. 

  715. 

  716. define Package/libiptext-nft/install
    717. 

  717. 	$(INSTALL_DIR) $(1)/usr/lib
    718. 

  718. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
    719. 

  719. endef
    720. 

  720. 

  721. define Package/libxtables/install
    722. 

  722. 	$(INSTALL_DIR) $(1)/usr/lib
    723. 

  723. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
    724. 

  724. endef
    725. 

  725. 

  726. define BuildPlugin
    727. 

  727.   define Package/$(1)/install
    728. 

  728. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    729. 

  729. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    730. 

  730. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    731. 

  731. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    732. 

  732. 		fi; \
    733. 

  733. 	done
    734. 

  734. 	$(3)
    735. 

  735.   endef
    736. 

  736. 

  737.   $$(eval $$(call BuildPackage,$(1)))
    738. 

  738. endef
    739. 

  739. 

  740. $(eval $(call BuildPackage,libxtables))
    741. 

  741. $(eval $(call BuildPackage,libip4tc))
    742. 

  742. $(eval $(call BuildPackage,libip6tc))
    743. 

  743. $(eval $(call BuildPackage,libiptext))
    744. 

  744. $(eval $(call BuildPackage,libiptext6))
    745. 

  745. $(eval $(call BuildPackage,libiptext-nft))
    746. 

  746. $(eval $(call BuildPackage,xtables-legacy))
    747. 

  747. $(eval $(call BuildPackage,xtables-nft))
    748. 

  748. $(eval $(call BuildPackage,arptables-nft))
    749. 

  749. $(eval $(call BuildPackage,ebtables-nft))
    750. 

  750. $(eval $(call BuildPackage,iptables-nft))
    751. 

  751. $(eval $(call BuildPackage,iptables-zz-legacy))
    752. 

  752. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    753. 

  753. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    754. 

  754. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    755. 

  755. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    756. 

  756. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    757. 

  757. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    758. 

  758. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    759. 

  759. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    760. 

  760. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    761. 

  761. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    762. 

  762. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    763. 

  763. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    764. 

  764. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    765. 

  765. $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
    766. 

  766. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    767. 

  767. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    768. 

  768. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    769. 

  769. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    770. 

  770. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    771. 

  771. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    772. 

  772. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    773. 

  773. $(eval $(call BuildPackage,ip6tables-nft))
    774. 

  774. $(eval $(call BuildPackage,ip6tables-zz-legacy))
    775. 

  775. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    776. 

  776. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    777. 

  777.