Главная Обзор Помощь
Регистрация Вход
OpenWrt
/
openwrt
зеркало из https://github.com/openwrt/openwrt.git
2
0
Ответвить 0
Файлы Задачи 0 Вики
Ветка: main
Ветки Метки
openwrt
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 20 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.8.10
    13. 

  13. PKG_RELEASE:=2
    14. 

  14. 

  15. PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
    16. 

  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
    17. 

  17. PKG_HASH:=5cc255c189356e317d070755ce9371eb63a1b783c34498fb8c30264f3cc59c9c
    18. 

  18. 

  19. PKG_FIXUP:=autoreconf
    20. 

  20. PKG_FLAGS:=nonshared
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_FLAGS:=gc-sections no-lto
    24. 

  24. PKG_BUILD_PARALLEL:=1
    25. 

  25. PKG_LICENSE:=GPL-2.0
    26. 

  26. PKG_CPE_ID:=cpe:/a:netfilter:iptables
    27. 

  27. 

  28. include $(INCLUDE_DIR)/package.mk
    29. 

  29. ifeq ($(DUMP),)
    30. 

  30.   -include $(LINUX_DIR)/.config
    31. 

  31.   include $(INCLUDE_DIR)/netfilter.mk
    32. 

  32.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
    33. 

  33. endif
    34. 

  34. 

  35. 

  36. define Package/iptables/Default
    37. 

  37.   SECTION:=net
    38. 

  38.   CATEGORY:=Network
    39. 

  39.   SUBMENU:=Firewall
    40. 

  40.   URL:=https://netfilter.org/
    41. 

  41. endef
    42. 

  42. 

  43. define Package/iptables/Module
    44. 

  44. $(call Package/iptables/Default)
    45. 

  45.   DEPENDS:=+libxtables $(1)
    46. 

  46. endef
    47. 

  47. 

  48. define Package/xtables-legacy
    49. 

  49. $(call Package/iptables/Default)
    50. 

  50.   TITLE:=IP firewall administration tool
    51. 

  51.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
    52. 

  52. endef
    53. 

  53. 

  54. define Package/iptables-zz-legacy
    55. 

  55. $(call Package/iptables/Default)
    56. 

  56.   TITLE:=IP firewall administration tool
    57. 

  57.   DEPENDS+= +xtables-legacy
    58. 

  58.   PROVIDES:=iptables iptables-legacy
    59. 

  59.   ALTERNATIVES:=\
    60. 

  60.     200:/usr/sbin/iptables:xtables-legacy-multi \
    61. 

  61.     200:/usr/sbin/iptables-restore:xtables-legacy-multi \
    62. 

  62.     200:/usr/sbin/iptables-save:xtables-legacy-multi \
    63. 

  63.     200:/usr/sbin/iptables-legacy:xtables-legacy-multi \
    64. 

  64.     200:/usr/sbin/iptables-legacy-restore:xtables-legacy-multi \
    65. 

  65.     200:/usr/sbin/iptables-legacy-save:xtables-legacy-multi
    66. 

  66. endef
    67. 

  67. 

  68. define Package/iptables-zz-legacy/description
    69. 

  69. IP firewall administration tool.
    70. 

  70. 

  71.  Matches:
    72. 

  72.   - icmp
    73. 

  73.   - tcp
    74. 

  74.   - udp
    75. 

  75.   - comment
    76. 

  76.   - conntrack
    77. 

  77.   - limit
    78. 

  78.   - mac
    79. 

  79.   - mark
    80. 

  80.   - multiport
    81. 

  81.   - set
    82. 

  82.   - state
    83. 

  83.   - time
    84. 

  84. 

  85.  Targets:
    86. 

  86.   - ACCEPT
    87. 

  87.   - CT
    88. 

  88.   - DNAT
    89. 

  89.   - DROP
    90. 

  90.   - REJECT
    91. 

  91.   - FLOWOFFLOAD
    92. 

  92.   - LOG
    93. 

  93.   - MARK
    94. 

  94.   - MASQUERADE
    95. 

  95.   - REDIRECT
    96. 

  96.   - SET
    97. 

  97.   - SNAT
    98. 

  98.   - TCPMSS
    99. 

  99. 

  100.  Tables:
    101. 

  101.   - filter
    102. 

  102.   - mangle
    103. 

  103.   - nat
    104. 

  104.   - raw
    105. 

  105. 

  106. endef
    107. 

  107. 

  108. define Package/xtables-nft
    109. 

  109. $(call Package/iptables/Default)
    110. 

  110.   TITLE:=IP firewall administration tool nft
    111. 

  111.   DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
    112. 

  112. endef
    113. 

  113. 

  114. define Package/arptables-nft
    115. 

  115. $(call Package/iptables/Default)
    116. 

  116.   DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
    117. 

  117.   TITLE:=ARP firewall administration tool nft
    118. 

  118.   PROVIDES:=arptables
    119. 

  119.   ALTERNATIVES:=\
    120. 

  120.     300:/usr/sbin/arptables:xtables-nft-multi \
    121. 

  121.     300:/usr/sbin/arptables-restore:xtables-nft-multi \
    122. 

  122.     300:/usr/sbin/arptables-save:xtables-nft-multi \
    123. 

  123.     300:/usr/sbin/arptables-nft:xtables-nft-multi \
    124. 

  124.     300:/usr/sbin/arptables-nft-restore:xtables-nft-multi \
    125. 

  125.     300:/usr/sbin/arptables-nft-save:xtables-nft-multi
    126. 

  126. endef
    127. 

  127. 

  128. define Package/ebtables-nft
    129. 

  129. $(call Package/iptables/Default)
    130. 

  130.   DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
    131. 

  131.   TITLE:=Bridge firewall administration tool nft
    132. 

  132.   PROVIDES:=ebtables
    133. 

  133.   ALTERNATIVES:=\
    134. 

  134.     300:/usr/sbin/ebtables:xtables-nft-multi \
    135. 

  135.     300:/usr/sbin/ebtables-restore:xtables-nft-multi \
    136. 

  136.     300:/usr/sbin/ebtables-save:xtables-nft-multi \
    137. 

  137.     300:/usr/sbin/ebtables-nft:xtables-nft-multi \
    138. 

  138.     300:/usr/sbin/ebtables-nft-restore:xtables-nft-multi \
    139. 

  139.     300:/usr/sbin/ebtables-nft-save:xtables-nft-multi
    140. 

  140. endef
    141. 

  141. 

  142. define Package/iptables-nft
    143. 

  143. $(call Package/iptables/Default)
    144. 

  144.   TITLE:=IP firewall administration tool nft
    145. 

  145.   DEPENDS:=+kmod-ipt-core +xtables-nft
    146. 

  146.   PROVIDES:=iptables
    147. 

  147.   ALTERNATIVES:=\
    148. 

  148.     300:/usr/sbin/iptables:xtables-nft-multi \
    149. 

  149.     300:/usr/sbin/iptables-restore:xtables-nft-multi \
    150. 

  150.     300:/usr/sbin/iptables-save:xtables-nft-multi \
    151. 

  151.     300:/usr/sbin/iptables-nft:xtables-nft-multi \
    152. 

  152.     300:/usr/sbin/iptables-nft-restore:xtables-nft-multi \
    153. 

  153.     300:/usr/sbin/iptables-nft-save:xtables-nft-multi \
    154. 

  154.     300:/usr/sbin/iptables-restore-translate:xtables-nft-multi \
    155. 

  155.     300:/usr/sbin/iptables-translate:xtables-nft-multi
    156. 

  156. endef
    157. 

  157. 

  158. define Package/iptables-nft/description
    159. 

  159. Extra iptables nftables nft binaries.
    160. 

  160.   iptables-nft
    161. 

  161.   iptables-nft-restore
    162. 

  162.   iptables-nft-save
    163. 

  163.   iptables-translate
    164. 

  164.   iptables-restore-translate
    165. 

  165. endef
    166. 

  166. 

  167. define Package/iptables-mod-conntrack-extra
    168. 

  168. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
    169. 

  169.   TITLE:=Extra connection tracking extensions
    170. 

  170. endef
    171. 

  171. 

  172. define Package/iptables-mod-conntrack-extra/description
    173. 

  173. Extra iptables extensions for connection tracking.
    174. 

  174. 

  175.  Matches:
    176. 

  176.   - connbytes
    177. 

  177.   - connlimit
    178. 

  178.   - connmark
    179. 

  179.   - recent
    180. 

  180.   - helper
    181. 

  181. 

  182.  Targets:
    183. 

  183.   - CONNMARK
    184. 

  184. 

  185. endef
    186. 

  186. 

  187. define Package/iptables-mod-conntrack-label
    188. 

  188. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    189. 

  189.   TITLE:=Connection tracking labeling extension
    190. 

  190.   DEFAULT:=y if IPTABLES_CONNLABEL
    191. 

  191. endef
    192. 

  192. 

  193. define Package/iptables-mod-conntrack-label/description
    194. 

  194. Match and set label(s) on connection tracking entries
    195. 

  195. 

  196.  Matches:
    197. 

  197.   - connlabel
    198. 

  198. 

  199. endef
    200. 

  200. 

  201. define Package/iptables-mod-filter
    202. 

  202. $(call Package/iptables/Module, +kmod-ipt-filter)
    203. 

  203.   TITLE:=Content inspection extensions
    204. 

  204. endef
    205. 

  205. 

  206. define Package/iptables-mod-filter/description
    207. 

  207. iptables extensions for packet content inspection.
    208. 

  208. Includes support for:
    209. 

  209. 

  210.  Matches:
    211. 

  211.   - string
    212. 

  212.   - bpf
    213. 

  213. 

  214. endef
    215. 

  215. 

  216. define Package/iptables-mod-ipopt
    217. 

  217. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    218. 

  218.   TITLE:=IP/Packet option extensions
    219. 

  219. endef
    220. 

  220. 

  221. define Package/iptables-mod-ipopt/description
    222. 

  222. iptables extensions for matching/changing IP packet options.
    223. 

  223. 

  224.  Matches:
    225. 

  225.   - dscp
    226. 

  226.   - ecn
    227. 

  227.   - length
    228. 

  228.   - statistic
    229. 

  229.   - tcpmss
    230. 

  230.   - unclean
    231. 

  231.   - hl
    232. 

  232. 

  233.  Targets:
    234. 

  234.   - DSCP
    235. 

  235.   - CLASSIFY
    236. 

  236.   - ECN
    237. 

  237.   - HL
    238. 

  238. 

  239. endef
    240. 

  240. 

  241. define Package/iptables-mod-ipsec
    242. 

  242. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    243. 

  243.   TITLE:=IPsec extensions
    244. 

  244. endef
    245. 

  245. 

  246. define Package/iptables-mod-ipsec/description
    247. 

  247. iptables extensions for matching ipsec traffic.
    248. 

  248. 

  249.  Matches:
    250. 

  250.   - ah
    251. 

  251.   - esp
    252. 

  252.   - policy
    253. 

  253. 

  254. endef
    255. 

  255. 

  256. define Package/iptables-mod-nat-extra
    257. 

  257. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    258. 

  258.   TITLE:=Extra NAT extensions
    259. 

  259. endef
    260. 

  260. 

  261. define Package/iptables-mod-nat-extra/description
    262. 

  262. iptables extensions for extra NAT targets.
    263. 

  263. 

  264.  Targets:
    265. 

  265.   - MIRROR
    266. 

  266.   - NETMAP
    267. 

  267. endef
    268. 

  268. 

  269. define Package/iptables-mod-nflog
    270. 

  270. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    271. 

  271.   TITLE:=Netfilter NFLOG target
    272. 

  272. endef
    273. 

  273. 

  274. define Package/iptables-mod-nflog/description
    275. 

  275.  iptables extension for user-space logging via NFNETLINK.
    276. 

  276. 

  277.  Includes:
    278. 

  278.   - libxt_NFLOG
    279. 

  279. 

  280. endef
    281. 

  281. 

  282. define Package/iptables-mod-trace
    283. 

  283. $(call Package/iptables/Module, +kmod-ipt-debug)
    284. 

  284.   TITLE:=Netfilter TRACE target
    285. 

  285. endef
    286. 

  286. 

  287. define Package/iptables-mod-trace/description
    288. 

  288.  iptables extension for TRACE target
    289. 

  289. 

  290.  Includes:
    291. 

  291.   - libxt_TRACE
    292. 

  292. 

  293. endef
    294. 

  294. 

  295. 

  296. define Package/iptables-mod-nfqueue
    297. 

  297. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    298. 

  298.   TITLE:=Netfilter NFQUEUE target
    299. 

  299. endef
    300. 

  300. 

  301. define Package/iptables-mod-nfqueue/description
    302. 

  302.  iptables extension for user-space queuing via NFNETLINK.
    303. 

  303. 

  304.  Includes:
    305. 

  305.   - libxt_NFQUEUE
    306. 

  306. 

  307. endef
    308. 

  308. 

  309. define Package/iptables-mod-hashlimit
    310. 

  310. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    311. 

  311.   TITLE:=hashlimit matching
    312. 

  312. endef
    313. 

  313. 

  314. define Package/iptables-mod-hashlimit/description
    315. 

  315. iptables extensions for hashlimit matching
    316. 

  316. 

  317.  Matches:
    318. 

  318.   - hashlimit
    319. 

  319. 

  320. endef
    321. 

  321. 

  322. define Package/iptables-mod-rpfilter
    323. 

  323. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    324. 

  324.   TITLE:=rpfilter iptables extension
    325. 

  325. endef
    326. 

  326. 

  327. define Package/iptables-mod-rpfilter/description
    328. 

  328. iptables extensions for reverse path filter test on a packet
    329. 

  329. 

  330.  Matches:
    331. 

  331.   - rpfilter
    332. 

  332. 

  333. endef
    334. 

  334. 

  335. define Package/iptables-mod-iprange
    336. 

  336. $(call Package/iptables/Module, +kmod-ipt-iprange)
    337. 

  337.   TITLE:=IP range extension
    338. 

  338. endef
    339. 

  339. 

  340. define Package/iptables-mod-iprange/description
    341. 

  341. iptables extensions for matching ip ranges.
    342. 

  342. 

  343.  Matches:
    344. 

  344.   - iprange
    345. 

  345. 

  346. endef
    347. 

  347. 

  348. define Package/iptables-mod-cluster
    349. 

  349. $(call Package/iptables/Module, +kmod-ipt-cluster)
    350. 

  350.   TITLE:=Match cluster extension
    351. 

  351. endef
    352. 

  352. 

  353. define Package/iptables-mod-cluster/description
    354. 

  354. iptables extensions for matching cluster.
    355. 

  355. 

  356.  Netfilter (IPv4/IPv6) module for matching cluster
    357. 

  357.  This option allows you to build work-load-sharing clusters of
    358. 

  358.  network servers/stateful firewalls without having a dedicated
    359. 

  359.  load-balancing router/server/switch. Basically, this match returns
    360. 

  360.  true when the packet must be handled by this cluster node. Thus,
    361. 

  361.  all nodes see all packets and this match decides which node handles
    362. 

  362.  what packets. The work-load sharing algorithm is based on source
    363. 

  363.  address hashing.
    364. 

  364. 

  365.  This module is usable for ipv4 and ipv6.
    366. 

  366. 

  367.  If you select it, it enables kmod-ipt-cluster.
    368. 

  368. 

  369.  see `iptables -m cluster --help` for more information.
    370. 

  370. endef
    371. 

  371. 

  372. define Package/iptables-mod-extra
    373. 

  373. $(call Package/iptables/Module, +kmod-ipt-extra)
    374. 

  374.   TITLE:=Other extra iptables extensions
    375. 

  375. endef
    376. 

  376. 

  377. define Package/iptables-mod-extra/description
    378. 

  378. Other extra iptables extensions.
    379. 

  379. 

  380.  Matches:
    381. 

  381.   - addrtype
    382. 

  382.   - condition
    383. 

  383.   - owner
    384. 

  384.   - pkttype
    385. 

  385.   - quota
    386. 

  386. 

  387. endef
    388. 

  388. 

  389. define Package/iptables-mod-physdev
    390. 

  390. $(call Package/iptables/Module, +kmod-ipt-physdev)
    391. 

  391.   TITLE:=physdev iptables extension
    392. 

  392. endef
    393. 

  393. 

  394. define Package/iptables-mod-physdev/description
    395. 

  395. The iptables physdev match.
    396. 

  396. endef
    397. 

  397. 

  398. define Package/iptables-mod-led
    399. 

  399. $(call Package/iptables/Module, +kmod-ipt-led)
    400. 

  400.   TITLE:=LED trigger iptables extension
    401. 

  401. endef
    402. 

  402. 

  403. define Package/iptables-mod-led/description
    404. 

  404. iptables extension for triggering a LED.
    405. 

  405. 

  406.  Targets:
    407. 

  407.   - LED
    408. 

  408. 

  409. endef
    410. 

  410. 

  411. define Package/iptables-mod-socket
    412. 

  412. $(call Package/iptables/Module, +kmod-ipt-socket)
    413. 

  413.   TITLE:=Socket match iptables extensions
    414. 

  414. endef
    415. 

  415. 

  416. define Package/iptables-mod-socket/description
    417. 

  417. Socket match iptables extensions.
    418. 

  418. 

  419.  Matches:
    420. 

  420.   - socket
    421. 

  421. 

  422. endef
    423. 

  423. 

  424. define Package/iptables-mod-tproxy
    425. 

  425. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    426. 

  426.   TITLE:=Transparent proxy iptables extensions
    427. 

  427. endef
    428. 

  428. 

  429. define Package/iptables-mod-tproxy/description
    430. 

  430. Transparent proxy iptables extensions.
    431. 

  431. 

  432.  Targets:
    433. 

  433.   - TPROXY
    434. 

  434. 

  435. endef
    436. 

  436. 

  437. define Package/iptables-mod-tee
    438. 

  438. $(call Package/iptables/Module, +kmod-ipt-tee)
    439. 

  439.   TITLE:=TEE iptables extensions
    440. 

  440. endef
    441. 

  441. 

  442. define Package/iptables-mod-tee/description
    443. 

  443. TEE iptables extensions.
    444. 

  444. 

  445.  Targets:
    446. 

  446.   - TEE
    447. 

  447. 

  448. endef
    449. 

  449. 

  450. define Package/iptables-mod-u32
    451. 

  451. $(call Package/iptables/Module, +kmod-ipt-u32)
    452. 

  452.   TITLE:=U32 iptables extensions
    453. 

  453. endef
    454. 

  454. 

  455. define Package/iptables-mod-u32/description
    456. 

  456. U32 iptables extensions.
    457. 

  457. 

  458.  Matches:
    459. 

  459.   - u32
    460. 

  460. 

  461. endef
    462. 

  462. 

  463. define Package/iptables-mod-checksum
    464. 

  464. $(call Package/iptables/Module, +kmod-ipt-checksum)
    465. 

  465.   TITLE:=IP CHECKSUM target extension
    466. 

  466. endef
    467. 

  467. 

  468. define Package/iptables-mod-checksum/description
    469. 

  469. iptables extension for the CHECKSUM calculation target
    470. 

  470. endef
    471. 

  471. 

  472. define Package/ip6tables-zz-legacy
    473. 

  473. $(call Package/iptables/Default)
    474. 

  474.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
    475. 

  475.   CATEGORY:=Network
    476. 

  476.   TITLE:=IPv6 firewall administration tool
    477. 

  477.   PROVIDES:=ip6tables ip6tables-legacy
    478. 

  478.   ALTERNATIVES:=\
    479. 

  479.     200:/usr/sbin/ip6tables:xtables-legacy-multi \
    480. 

  480.     200:/usr/sbin/ip6tables-restore:xtables-legacy-multi \
    481. 

  481.     200:/usr/sbin/ip6tables-save:xtables-legacy-multi \
    482. 

  482.     200:/usr/sbin/ip6tables-legacy:xtables-legacy-multi \
    483. 

  483.     200:/usr/sbin/ip6tables-legacy-restore:xtables-legacy-multi \
    484. 

  484.     200:/usr/sbin/ip6tables-legacy-save:xtables-legacy-multi
    485. 

  485. endef
    486. 

  486. 

  487. define Package/ip6tables-nft
    488. 

  488. $(call Package/iptables/Default)
    489. 

  489.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
    490. 

  490.   TITLE:=IP firewall administration tool nft
    491. 

  491.   PROVIDES:=ip6tables
    492. 

  492.   ALTERNATIVES:=\
    493. 

  493.     300:/usr/sbin/ip6tables:xtables-nft-multi \
    494. 

  494.     300:/usr/sbin/ip6tables-restore:xtables-nft-multi \
    495. 

  495.     300:/usr/sbin/ip6tables-save:xtables-nft-multi \
    496. 

  496.     300:/usr/sbin/ip6tables-nft:xtables-nft-multi \
    497. 

  497.     300:/usr/sbin/ip6tables-nft-restore:xtables-nft-multi \
    498. 

  498.     300:/usr/sbin/ip6tables-nft-save:xtables-nft-multi \
    499. 

  499.     300:/usr/sbin/ip6tables-restore-translate:xtables-nft-multi \
    500. 

  500.     300:/usr/sbin/ip6tables-translate:xtables-nft-multi
    501. 

  501. endef
    502. 

  502. 

  503. define Package/ip6tables-nft/description
    504. 

  504. Extra ip6tables nftables nft binaries.
    505. 

  505.   ip6tables-nft
    506. 

  506.   ip6tables-nft-restore
    507. 

  507.   ip6tables-nft-save
    508. 

  508.   ip6tables-translate
    509. 

  509.   ip6tables-restore-translate
    510. 

  510. endef
    511. 

  511. 

  512. define Package/ip6tables-extra
    513. 

  513. $(call Package/iptables/Default)
    514. 

  514.   DEPENDS:=+libxtables +kmod-ip6tables-extra
    515. 

  515.   TITLE:=IPv6 header matching modules
    516. 

  516. endef
    517. 

  517. 

  518. define Package/ip6tables-extra/description
    519. 

  519. iptables header matching modules for IPv6
    520. 

  520. endef
    521. 

  521. 

  522. define Package/ip6tables-mod-nat
    523. 

  523. $(call Package/iptables/Default)
    524. 

  524.   DEPENDS:=+libxtables +kmod-ipt-nat6
    525. 

  525.   TITLE:=IPv6 NAT extensions
    526. 

  526. endef
    527. 

  527. 

  528. define Package/ip6tables-mod-nat/description
    529. 

  529. iptables extensions for IPv6-NAT targets.
    530. 

  530. endef
    531. 

  531. 

  532. define Package/libip4tc
    533. 

  533. $(call Package/iptables/Default)
    534. 

  534.   SECTION:=libs
    535. 

  535.   CATEGORY:=Libraries
    536. 

  536.   TITLE:=IPv4 firewall - shared libiptc library
    537. 

  537.   ABI_VERSION:=2
    538. 

  538. endef
    539. 

  539. 

  540. define Package/libip6tc
    541. 

  541. $(call Package/iptables/Default)
    542. 

  542.   SECTION:=libs
    543. 

  543.   CATEGORY:=Libraries
    544. 

  544.   TITLE:=IPv6 firewall - shared libiptc library
    545. 

  545.   ABI_VERSION:=2
    546. 

  546. endef
    547. 

  547. 

  548. define Package/libiptext
    549. 

  549.  $(call Package/iptables/Default)
    550. 

  550.  SECTION:=libs
    551. 

  551.  CATEGORY:=Libraries
    552. 

  552.  TITLE:=IPv4 firewall - shared libiptext library
    553. 

  553.  ABI_VERSION:=0
    554. 

  554.  DEPENDS:=+libxtables
    555. 

  555. endef
    556. 

  556. 

  557. define Package/libiptext6
    558. 

  558.  $(call Package/iptables/Default)
    559. 

  559.  SECTION:=libs
    560. 

  560.  CATEGORY:=Libraries
    561. 

  561.  TITLE:=IPv6 firewall - shared libiptext library
    562. 

  562.  ABI_VERSION:=0
    563. 

  563.  DEPENDS:=+libxtables
    564. 

  564. endef
    565. 

  565. 

  566. define Package/libiptext-nft
    567. 

  567.  $(call Package/iptables/Default)
    568. 

  568.  SECTION:=libs
    569. 

  569.  CATEGORY:=Libraries
    570. 

  570.  TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
    571. 

  571.  ABI_VERSION:=0
    572. 

  572.  DEPENDS:=+libxtables
    573. 

  573. endef
    574. 

  574. 

  575. define Package/libxtables
    576. 

  576.  $(call Package/iptables/Default)
    577. 

  577.  SECTION:=libs
    578. 

  578.  CATEGORY:=Libraries
    579. 

  579.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    580. 

  580.  MENU:=1
    581. 

  581.  ABI_VERSION:=12
    582. 

  582.  DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
    583. 

  583. endef
    584. 

  584. 

  585. define Package/libxtables/config
    586. 

  586.   config IPTABLES_CONNLABEL
    587. 

  587. 	bool "Enable Connlabel support"
    588. 

  588. 	default n
    589. 

  589. 	help
    590. 

  590. 		This enable connlabel support in iptables.
    591. 

  591. endef
    592. 

  592. 

  593. TARGET_CPPFLAGS := \
    594. 

  594. 	-I$(PKG_BUILD_DIR)/include \
    595. 

  595. 	-I$(LINUX_DIR)/user_headers/include \
    596. 

  596. 	$(TARGET_CPPFLAGS)
    597. 

  597. 

  598. TARGET_CFLAGS += \
    599. 

  599. 	-I$(PKG_BUILD_DIR)/include \
    600. 

  600. 	-I$(LINUX_DIR)/user_headers/include \
    601. 

  601. 	-DNO_LEGACY
    602. 

  602. 

  603. CONFIGURE_ARGS += \
    604. 

  604. 	--enable-shared \
    605. 

  605. 	--enable-static \
    606. 

  606. 	--enable-devel \
    607. 

  607. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    608. 

  608. 	--with-xtlibdir=/usr/lib/iptables \
    609. 

  609. 	--with-xt-lock-name=/var/run/xtables.lock \
    610. 

  610. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    611. 

  611. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    612. 

  612. 

  613. MAKE_FLAGS := \
    614. 

  614. 	$(TARGET_CONFIGURE_OPTS) \
    615. 

  615. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    616. 

  616. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    617. 

  617. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    618. 

  618. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    619. 

  619. 

  620. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    621. 

  621.   define Build/Configure/rebuild
    622. 

  622. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    623. 

  623. 	rm -f $(PKG_BUILD_DIR)/.config_*
    624. 

  624. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    625. 

  625. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    626. 

  626.   endef
    627. 

  627. endif
    628. 

  628. 

  629. define Build/Configure
    630. 

  630. $(Build/Configure/rebuild)
    631. 

  631. $(Build/Configure/Default)
    632. 

  632. endef
    633. 

  633. 

  634. define Build/InstallDev
    635. 

  635. 	$(INSTALL_DIR) $(1)/usr/include
    636. 

  636. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    637. 

  637. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    638. 

  638. 

  639. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    640. 

  640. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    641. 

  641. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    642. 

  642. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    643. 

  643. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    644. 

  644. 

  645. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    646. 

  646. 	$(INSTALL_DIR) $(1)/usr/lib
    647. 

  647. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    648. 

  648. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    649. 

  649. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    650. 

  650. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    651. 

  651. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    652. 

  652. 

  653. 	# XXX: needed by firewall3
    654. 

  654. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    655. 

  655. endef
    656. 

  656. 

  657. define Package/xtables-legacy/install
    658. 

  658. 	$(INSTALL_DIR) $(1)/usr/sbin
    659. 

  659. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
    660. 

  660. endef
    661. 

  661. 

  662. define Package/xtables-nft/install
    663. 

  663. 	$(INSTALL_DIR) $(1)/usr/sbin
    664. 

  664. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
    665. 

  665. endef
    666. 

  666. 

  667. define Package/arptables-nft/install
    668. 

  668. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    669. 

  669. 	$(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
    670. 

  670. endef
    671. 

  671. 

  672. define Package/ebtables-nft/install
    673. 

  673. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    674. 

  674. 	$(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
    675. 

  675. endef
    676. 

  676. 

  677. define Package/iptables-zz-legacy/install
    678. 

  678. 	true
    679. 

  679. endef
    680. 

  680. 

  681. define Package/iptables-nft/install
    682. 

  682. 	true
    683. 

  683. endef
    684. 

  684. 

  685. define Package/ip6tables-zz-legacy/install
    686. 

  686. 	true
    687. 

  687. endef
    688. 

  688. 

  689. define Package/ip6tables-nft/install
    690. 

  690. 	true
    691. 

  691. endef
    692. 

  692. 

  693. define Package/libip4tc/install
    694. 

  694. 	$(INSTALL_DIR) $(1)/usr/lib
    695. 

  695. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
    696. 

  696. endef
    697. 

  697. 

  698. define Package/libip6tc/install
    699. 

  699. 	$(INSTALL_DIR) $(1)/usr/lib
    700. 

  700. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
    701. 

  701. endef
    702. 

  702. 

  703. define Package/libiptext/install
    704. 

  704. 	$(INSTALL_DIR) $(1)/usr/lib
    705. 

  705. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    706. 

  706. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    707. 

  707. endef
    708. 

  708. 

  709. define Package/libiptext6/install
    710. 

  710. 	$(INSTALL_DIR) $(1)/usr/lib
    711. 

  711. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    712. 

  712. endef
    713. 

  713. 

  714. define Package/libiptext-nft/install
    715. 

  715. 	$(INSTALL_DIR) $(1)/usr/lib
    716. 

  716. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
    717. 

  717. endef
    718. 

  718. 

  719. define Package/libxtables/install
    720. 

  720. 	$(INSTALL_DIR) $(1)/usr/lib
    721. 

  721. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
    722. 

  722. endef
    723. 

  723. 

  724. define BuildPlugin
    725. 

  725.   define Package/$(1)/install
    726. 

  726. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    727. 

  727. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    728. 

  728. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    729. 

  729. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    730. 

  730. 		fi; \
    731. 

  731. 	done
    732. 

  732. 	$(3)
    733. 

  733.   endef
    734. 

  734. 

  735.   $$(eval $$(call BuildPackage,$(1)))
    736. 

  736. endef
    737. 

  737. 

  738. $(eval $(call BuildPackage,libxtables))
    739. 

  739. $(eval $(call BuildPackage,libip4tc))
    740. 

  740. $(eval $(call BuildPackage,libip6tc))
    741. 

  741. $(eval $(call BuildPackage,libiptext))
    742. 

  742. $(eval $(call BuildPackage,libiptext6))
    743. 

  743. $(eval $(call BuildPackage,libiptext-nft))
    744. 

  744. $(eval $(call BuildPackage,xtables-legacy))
    745. 

  745. $(eval $(call BuildPackage,xtables-nft))
    746. 

  746. $(eval $(call BuildPackage,arptables-nft))
    747. 

  747. $(eval $(call BuildPackage,ebtables-nft))
    748. 

  748. $(eval $(call BuildPackage,iptables-nft))
    749. 

  749. $(eval $(call BuildPackage,iptables-zz-legacy))
    750. 

  750. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    751. 

  751. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    752. 

  752. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    753. 

  753. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    754. 

  754. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    755. 

  755. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    756. 

  756. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    757. 

  757. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    758. 

  758. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    759. 

  759. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    760. 

  760. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    761. 

  761. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    762. 

  762. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    763. 

  763. $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
    764. 

  764. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    765. 

  765. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    766. 

  766. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    767. 

  767. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    768. 

  768. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    769. 

  769. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    770. 

  770. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    771. 

  771. $(eval $(call BuildPackage,ip6tables-nft))
    772. 

  772. $(eval $(call BuildPackage,ip6tables-zz-legacy))
    773. 

  773. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    774. 

  774. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    775. 

  775.