Makefile 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707
  1. #
  2. # Copyright (C) 2006-2016 OpenWrt.org
  3. #
  4. # This is free software, licensed under the GNU General Public License v2.
  5. # See /LICENSE for more information.
  6. #
  7. include $(TOPDIR)/rules.mk
  8. include $(INCLUDE_DIR)/kernel.mk
  9. PKG_NAME:=iptables
  10. PKG_VERSION:=1.8.2
  11. PKG_RELEASE:=2
  12. PKG_SOURCE_PROTO:=git
  13. PKG_SOURCE_URL:=https://git.netfilter.org/iptables
  14. PKG_SOURCE_VERSION:=bba6bc692b0e6137e13881a1f398c134822e9f83
  15. PKG_MIRROR_HASH:=23a61d2a23fc0d587029690ef2564625d78fba4b2d90117edaf5b9eaf55bb7f9
  16. PKG_FIXUP:=autoreconf
  17. PKG_FLAGS:=nonshared
  18. PKG_INSTALL:=1
  19. PKG_BUILD_PARALLEL:=1
  20. PKG_LICENSE:=GPL-2.0
  21. PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
  22. include $(INCLUDE_DIR)/package.mk
  23. ifeq ($(DUMP),)
  24. -include $(LINUX_DIR)/.config
  25. include $(INCLUDE_DIR)/netfilter.mk
  26. STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
  27. endif
  28. define Package/iptables/Default
  29. SECTION:=net
  30. CATEGORY:=Network
  31. SUBMENU:=Firewall
  32. URL:=http://netfilter.org/
  33. endef
  34. define Package/iptables/Module
  35. $(call Package/iptables/Default)
  36. DEPENDS:=iptables $(1)
  37. endef
  38. define Package/iptables
  39. $(call Package/iptables/Default)
  40. TITLE:=IP firewall administration tool
  41. MENU:=1
  42. DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
  43. endef
  44. define Package/iptables/config
  45. config IPTABLES_CONNLABEL
  46. bool "Enable Connlabel support"
  47. default n
  48. help
  49. This enable connlabel support in iptables.
  50. config IPTABLES_NFTABLES
  51. bool "Enable Nftables support"
  52. default n
  53. help
  54. This enable nftables support in iptables.
  55. endef
  56. define Package/iptables/description
  57. IP firewall administration tool.
  58. Matches:
  59. - icmp
  60. - tcp
  61. - udp
  62. - comment
  63. - conntrack
  64. - limit
  65. - mac
  66. - mark
  67. - multiport
  68. - set
  69. - state
  70. - time
  71. Targets:
  72. - ACCEPT
  73. - CT
  74. - DNAT
  75. - DROP
  76. - REJECT
  77. - FLOWOFFLOAD
  78. - LOG
  79. - MARK
  80. - MASQUERADE
  81. - REDIRECT
  82. - SET
  83. - SNAT
  84. - TCPMSS
  85. Tables:
  86. - filter
  87. - mangle
  88. - nat
  89. - raw
  90. endef
  91. define Package/iptables-nft
  92. $(call Package/iptables/Default)
  93. TITLE:=IP firewall administration tool nft
  94. DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-nft
  95. endef
  96. define Package/iptables-nft/description
  97. Extra iptables nftables nft binaries.
  98. iptables-nft
  99. iptables-nft-restore
  100. iptables-nft-save
  101. iptables-translate
  102. iptables-restore-translate
  103. endef
  104. define Package/iptables-mod-conntrack-extra
  105. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra +kmod-ipt-raw)
  106. TITLE:=Extra connection tracking extensions
  107. endef
  108. define Package/iptables-mod-conntrack-extra/description
  109. Extra iptables extensions for connection tracking.
  110. Matches:
  111. - connbytes
  112. - connlimit
  113. - connmark
  114. - recent
  115. - helper
  116. Targets:
  117. - CONNMARK
  118. endef
  119. define Package/iptables-mod-conntrack-label
  120. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
  121. TITLE:=Connection tracking labeling extension
  122. DEFAULT:=y if IPTABLES_CONNLABEL
  123. endef
  124. define Package/iptables-mod-conntrack-label/description
  125. Match and set label(s) on connection tracking entries
  126. Matches:
  127. - connlabel
  128. endef
  129. define Package/iptables-mod-filter
  130. $(call Package/iptables/Module, +kmod-ipt-filter)
  131. TITLE:=Content inspection extensions
  132. endef
  133. define Package/iptables-mod-filter/description
  134. iptables extensions for packet content inspection.
  135. Includes support for:
  136. Matches:
  137. - string
  138. - bpf
  139. endef
  140. define Package/iptables-mod-ipopt
  141. $(call Package/iptables/Module, +kmod-ipt-ipopt)
  142. TITLE:=IP/Packet option extensions
  143. endef
  144. define Package/iptables-mod-ipopt/description
  145. iptables extensions for matching/changing IP packet options.
  146. Matches:
  147. - dscp
  148. - ecn
  149. - length
  150. - statistic
  151. - tcpmss
  152. - unclean
  153. - hl
  154. Targets:
  155. - DSCP
  156. - CLASSIFY
  157. - ECN
  158. - HL
  159. endef
  160. define Package/iptables-mod-ipsec
  161. $(call Package/iptables/Module, +kmod-ipt-ipsec)
  162. TITLE:=IPsec extensions
  163. endef
  164. define Package/iptables-mod-ipsec/description
  165. iptables extensions for matching ipsec traffic.
  166. Matches:
  167. - ah
  168. - esp
  169. - policy
  170. endef
  171. define Package/iptables-mod-nat-extra
  172. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
  173. TITLE:=Extra NAT extensions
  174. endef
  175. define Package/iptables-mod-nat-extra/description
  176. iptables extensions for extra NAT targets.
  177. Targets:
  178. - MIRROR
  179. - NETMAP
  180. endef
  181. define Package/iptables-mod-ulog
  182. $(call Package/iptables/Module, +kmod-ipt-ulog)
  183. TITLE:=user-space packet logging
  184. endef
  185. define Package/iptables-mod-ulog/description
  186. iptables extensions for user-space packet logging.
  187. Targets:
  188. - ULOG
  189. endef
  190. define Package/iptables-mod-nflog
  191. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
  192. TITLE:=Netfilter NFLOG target
  193. endef
  194. define Package/iptables-mod-nflog/description
  195. iptables extension for user-space logging via NFNETLINK.
  196. Includes:
  197. - libxt_NFLOG
  198. endef
  199. define Package/iptables-mod-trace
  200. $(call Package/iptables/Module, +kmod-ipt-debug)
  201. TITLE:=Netfilter TRACE target
  202. endef
  203. define Package/iptables-mod-trace/description
  204. iptables extension for TRACE target
  205. Includes:
  206. - libxt_TRACE
  207. endef
  208. define Package/iptables-mod-nfqueue
  209. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
  210. TITLE:=Netfilter NFQUEUE target
  211. endef
  212. define Package/iptables-mod-nfqueue/description
  213. iptables extension for user-space queuing via NFNETLINK.
  214. Includes:
  215. - libxt_NFQUEUE
  216. endef
  217. define Package/iptables-mod-hashlimit
  218. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
  219. TITLE:=hashlimit matching
  220. endef
  221. define Package/iptables-mod-hashlimit/description
  222. iptables extensions for hashlimit matching
  223. Matches:
  224. - hashlimit
  225. endef
  226. define Package/iptables-mod-rpfilter
  227. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
  228. TITLE:=rpfilter iptables extension
  229. endef
  230. define Package/iptables-mod-rpfilter/description
  231. iptables extensions for reverse path filter test on a packet
  232. Matches:
  233. - rpfilter
  234. endef
  235. define Package/iptables-mod-iprange
  236. $(call Package/iptables/Module, +kmod-ipt-iprange)
  237. TITLE:=IP range extension
  238. endef
  239. define Package/iptables-mod-iprange/description
  240. iptables extensions for matching ip ranges.
  241. Matches:
  242. - iprange
  243. endef
  244. define Package/iptables-mod-cluster
  245. $(call Package/iptables/Module, +kmod-ipt-cluster)
  246. TITLE:=Match cluster extension
  247. endef
  248. define Package/iptables-mod-cluster/description
  249. iptables extensions for matching cluster.
  250. Netfilter (IPv4/IPv6) module for matching cluster
  251. This option allows you to build work-load-sharing clusters of
  252. network servers/stateful firewalls without having a dedicated
  253. load-balancing router/server/switch. Basically, this match returns
  254. true when the packet must be handled by this cluster node. Thus,
  255. all nodes see all packets and this match decides which node handles
  256. what packets. The work-load sharing algorithm is based on source
  257. address hashing.
  258. This module is usable for ipv4 and ipv6.
  259. If you select it, it enables kmod-ipt-cluster.
  260. see `iptables -m cluster --help` for more information.
  261. endef
  262. define Package/iptables-mod-clusterip
  263. $(call Package/iptables/Module, +kmod-ipt-clusterip)
  264. TITLE:=Clusterip extension
  265. endef
  266. define Package/iptables-mod-clusterip/description
  267. iptables extensions for CLUSTERIP.
  268. The CLUSTERIP target allows you to build load-balancing clusters of
  269. network servers without having a dedicated load-balancing
  270. router/server/switch.
  271. If you select it, it enables kmod-ipt-clusterip.
  272. see `iptables -j CLUSTERIP --help` for more information.
  273. endef
  274. define Package/iptables-mod-extra
  275. $(call Package/iptables/Module, +kmod-ipt-extra)
  276. TITLE:=Other extra iptables extensions
  277. endef
  278. define Package/iptables-mod-extra/description
  279. Other extra iptables extensions.
  280. Matches:
  281. - addrtype
  282. - condition
  283. - owner
  284. - pkttype
  285. - quota
  286. endef
  287. define Package/iptables-mod-physdev
  288. $(call Package/iptables/Module, +kmod-ipt-physdev)
  289. TITLE:=physdev iptables extension
  290. endef
  291. define Package/iptables-mod-physdev/description
  292. The iptables physdev match.
  293. endef
  294. define Package/iptables-mod-led
  295. $(call Package/iptables/Module, +kmod-ipt-led)
  296. TITLE:=LED trigger iptables extension
  297. endef
  298. define Package/iptables-mod-led/description
  299. iptables extension for triggering a LED.
  300. Targets:
  301. - LED
  302. endef
  303. define Package/iptables-mod-tproxy
  304. $(call Package/iptables/Module, +kmod-ipt-tproxy)
  305. TITLE:=Transparent proxy iptables extensions
  306. endef
  307. define Package/iptables-mod-tproxy/description
  308. Transparent proxy iptables extensions.
  309. Matches:
  310. - socket
  311. Targets:
  312. - TPROXY
  313. endef
  314. define Package/iptables-mod-tee
  315. $(call Package/iptables/Module, +kmod-ipt-tee)
  316. TITLE:=TEE iptables extensions
  317. endef
  318. define Package/iptables-mod-tee/description
  319. TEE iptables extensions.
  320. Targets:
  321. - TEE
  322. endef
  323. define Package/iptables-mod-u32
  324. $(call Package/iptables/Module, +kmod-ipt-u32)
  325. TITLE:=U32 iptables extensions
  326. endef
  327. define Package/iptables-mod-u32/description
  328. U32 iptables extensions.
  329. Matches:
  330. - u32
  331. endef
  332. define Package/iptables-mod-checksum
  333. $(call Package/iptables/Module, +kmod-ipt-checksum)
  334. TITLE:=IP CHECKSUM target extension
  335. endef
  336. define Package/iptables-mod-checksum/description
  337. iptables extension for the CHECKSUM calculation target
  338. endef
  339. define Package/ip6tables
  340. $(call Package/iptables/Default)
  341. DEPENDS:=@IPV6 +kmod-ip6tables +iptables
  342. CATEGORY:=Network
  343. TITLE:=IPv6 firewall administration tool
  344. MENU:=1
  345. endef
  346. define Package/ip6tables-nft
  347. $(call Package/iptables/Default)
  348. DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-nft
  349. TITLE:=IP firewall administration tool nft
  350. endef
  351. define Package/ip6tables-nft/description
  352. Extra ip6tables nftables nft binaries.
  353. iptables-nft
  354. iptables-nft-restore
  355. iptables-nft-save
  356. iptables-translate
  357. iptables-restore-translate
  358. endef
  359. define Package/ip6tables-extra
  360. $(call Package/iptables/Default)
  361. DEPENDS:=ip6tables +kmod-ip6tables-extra
  362. TITLE:=IPv6 header matching modules
  363. endef
  364. define Package/ip6tables-mod-extra/description
  365. iptables header matching modules for IPv6
  366. endef
  367. define Package/ip6tables-mod-nat
  368. $(call Package/iptables/Default)
  369. DEPENDS:=ip6tables +kmod-ipt-nat6
  370. TITLE:=IPv6 NAT extensions
  371. endef
  372. define Package/ip6tables-mod-nat/description
  373. iptables extensions for IPv6-NAT targets.
  374. endef
  375. define Package/libiptc
  376. $(call Package/iptables/Default)
  377. SECTION:=libs
  378. CATEGORY:=Libraries
  379. DEPENDS:=+libip4tc +libip6tc +libxtables
  380. ABI_VERSION:=$(PKG_VERSION)
  381. TITLE:=IPv4/IPv6 firewall - shared libiptc library (nf compatibility stub)
  382. endef
  383. define Package/libip4tc
  384. $(call Package/iptables/Default)
  385. SECTION:=libs
  386. CATEGORY:=Libraries
  387. TITLE:=IPv4 firewall - shared libiptc library
  388. ABI_VERSION:=$(PKG_VERSION)
  389. DEPENDS:=+libxtables
  390. endef
  391. define Package/libip6tc
  392. $(call Package/iptables/Default)
  393. SECTION:=libs
  394. CATEGORY:=Libraries
  395. TITLE:=IPv6 firewall - shared libiptc library
  396. ABI_VERSION:=$(PKG_VERSION)
  397. DEPENDS:=+libxtables
  398. endef
  399. define Package/libxtables
  400. $(call Package/iptables/Default)
  401. SECTION:=libs
  402. CATEGORY:=Libraries
  403. TITLE:=IPv4/IPv6 firewall - shared xtables library
  404. ABI_VERSION:=$(PKG_VERSION)
  405. DEPENDS:= \
  406. +IPTABLES_CONNLABEL:libnetfilter-conntrack \
  407. +IPTABLES_NFTABLES:libnftnl
  408. endef
  409. define Package/libxtables-nft
  410. $(call Package/iptables/Default)
  411. SECTION:=libs
  412. CATEGORY:=Libraries
  413. TITLE:=IPv4/IPv6 firewall - shared xtables nft library
  414. ABI_VERSION:=$(PKG_VERSION)
  415. DEPENDS:=libxtables
  416. endef
  417. TARGET_CPPFLAGS := \
  418. -I$(PKG_BUILD_DIR)/include \
  419. -I$(LINUX_DIR)/user_headers/include \
  420. $(TARGET_CPPFLAGS)
  421. TARGET_CFLAGS += \
  422. -I$(PKG_BUILD_DIR)/include \
  423. -I$(LINUX_DIR)/user_headers/include \
  424. -ffunction-sections -fdata-sections \
  425. -DNO_LEGACY
  426. TARGET_LDFLAGS += \
  427. -Wl,--gc-sections
  428. CONFIGURE_ARGS += \
  429. --enable-shared \
  430. --enable-static \
  431. --enable-devel \
  432. --with-kernel="$(LINUX_DIR)/user_headers" \
  433. --with-xtlibdir=/usr/lib/iptables \
  434. --with-xt-lock-name=/var/run/xtables.lock \
  435. $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
  436. $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
  437. $(if $(CONFIG_IPV6),,--disable-ipv6)
  438. MAKE_FLAGS := \
  439. $(TARGET_CONFIGURE_OPTS) \
  440. COPT_FLAGS="$(TARGET_CFLAGS)" \
  441. KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
  442. KBUILD_OUTPUT="$(LINUX_DIR)" \
  443. BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
  444. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
  445. define Build/Configure/rebuild
  446. $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
  447. rm -f $(PKG_BUILD_DIR)/.config_*
  448. rm -f $(PKG_BUILD_DIR)/.configured_*
  449. touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
  450. endef
  451. endif
  452. define Build/Configure
  453. $(Build/Configure/rebuild)
  454. $(Build/Configure/Default)
  455. endef
  456. define Build/InstallDev
  457. $(INSTALL_DIR) $(1)/usr/include
  458. $(INSTALL_DIR) $(1)/usr/include/iptables
  459. $(INSTALL_DIR) $(1)/usr/include/net/netfilter
  460. # XXX: iptables header fixup, some headers are not installed by iptables anymore
  461. $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
  462. $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
  463. $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
  464. $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
  465. $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
  466. $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
  467. $(INSTALL_DIR) $(1)/usr/lib
  468. $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
  469. $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
  470. $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
  471. $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
  472. $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
  473. # XXX: needed by firewall3
  474. $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
  475. endef
  476. define Package/iptables/install
  477. $(INSTALL_DIR) $(1)/usr/sbin
  478. $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
  479. $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
  480. $(INSTALL_DIR) $(1)/usr/lib/iptables
  481. endef
  482. define Package/iptables-nft/install
  483. $(INSTALL_DIR) $(1)/usr/sbin
  484. $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
  485. $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
  486. $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
  487. endef
  488. define Package/ip6tables/install
  489. $(INSTALL_DIR) $(1)/usr/sbin
  490. $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
  491. endef
  492. define Package/ip6tables-nft/install
  493. $(INSTALL_DIR) $(1)/usr/sbin
  494. $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
  495. $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
  496. endef
  497. define Package/libiptc/install
  498. $(INSTALL_DIR) $(1)/usr/lib
  499. $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
  500. endef
  501. define Package/libip4tc/install
  502. $(INSTALL_DIR) $(1)/usr/lib
  503. $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
  504. $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
  505. endef
  506. define Package/libip6tc/install
  507. $(INSTALL_DIR) $(1)/usr/lib
  508. $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
  509. $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
  510. endef
  511. define Package/libxtables/install
  512. $(INSTALL_DIR) $(1)/usr/lib
  513. $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
  514. $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
  515. endef
  516. define Package/libxtables-nft/install
  517. $(INSTALL_DIR) $(1)/usr/lib
  518. $(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
  519. endef
  520. define BuildPlugin
  521. define Package/$(1)/install
  522. $(INSTALL_DIR) $$(1)/usr/lib/iptables
  523. for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
  524. if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
  525. $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
  526. fi; \
  527. done
  528. $(3)
  529. endef
  530. $$(eval $$(call BuildPackage,$(1)))
  531. endef
  532. $(eval $(call BuildPackage,iptables))
  533. $(eval $(call BuildPackage,iptables-nft))
  534. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
  535. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
  536. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
  537. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
  538. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
  539. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
  540. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
  541. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
  542. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
  543. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
  544. $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
  545. $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
  546. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
  547. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
  548. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
  549. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
  550. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
  551. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
  552. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
  553. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
  554. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
  555. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
  556. $(eval $(call BuildPackage,ip6tables))
  557. $(eval $(call BuildPackage,ip6tables-nft))
  558. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
  559. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
  560. $(eval $(call BuildPackage,libiptc))
  561. $(eval $(call BuildPackage,libip4tc))
  562. $(eval $(call BuildPackage,libip6tc))
  563. $(eval $(call BuildPackage,libxtables))
  564. $(eval $(call BuildPackage,libxtables-nft))