Home Esplora Aiuto
Accedi
jahway603
/
libreCMC
forkato da libreCMC/libreCMC
1
0
Forka 0
File
Albero (Tree): d692b96e67
Rami (Branch) Tag
libreCMC
/
package
/
network
/
utils
/
iptables
/
Makefile

Makefile 20 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781 
  1. #
    2. 

  2. # Copyright (C) 2006-2016 OpenWrt.org
    3. 

  3. #
    4. 

  4. # This is free software, licensed under the GNU General Public License v2.
    5. 

  5. # See /LICENSE for more information.
    6. 

  6. #
    7. 

  7. 

  8. include $(TOPDIR)/rules.mk
    9. 

  9. include $(INCLUDE_DIR)/kernel.mk
    10. 

  10. 

  11. PKG_NAME:=iptables
    12. 

  12. PKG_VERSION:=1.8.8
    13. 

  13. PKG_RELEASE:=2
    14. 

  14. 

  15. PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
    16. 

  16. PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
    17. 

  17. PKG_HASH:=71c75889dc710676631553eb1511da0177bbaaf1b551265b912d236c3f51859f
    18. 

  18. 

  19. PKG_FIXUP:=autoreconf
    20. 

  20. PKG_FLAGS:=nonshared
    21. 

  21. 

  22. PKG_INSTALL:=1
    23. 

  23. PKG_BUILD_FLAGS:=gc-sections no-lto
    24. 

  24. PKG_BUILD_PARALLEL:=1
    25. 

  25. PKG_LICENSE:=GPL-2.0
    26. 

  26. PKG_CPE_ID:=cpe:/a:netfilter_core_team:iptables
    27. 

  27. 

  28. include $(INCLUDE_DIR)/package.mk
    29. 

  29. ifeq ($(DUMP),)
    30. 

  30.   -include $(LINUX_DIR)/.config
    31. 

  31.   include $(INCLUDE_DIR)/netfilter.mk
    32. 

  32.   STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | $(MKHASH) md5)
    33. 

  33. endif
    34. 

  34. 

  35. 

  36. define Package/iptables/Default
    37. 

  37.   SECTION:=net
    38. 

  38.   CATEGORY:=Network
    39. 

  39.   SUBMENU:=Firewall
    40. 

  40.   URL:=https://netfilter.org/
    41. 

  41. endef
    42. 

  42. 

  43. define Package/iptables/Module
    44. 

  44. $(call Package/iptables/Default)
    45. 

  45.   DEPENDS:=+libxtables $(1)
    46. 

  46. endef
    47. 

  47. 

  48. define Package/xtables-legacy
    49. 

  49. $(call Package/iptables/Default)
    50. 

  50.   TITLE:=IP firewall administration tool
    51. 

  51.   DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
    52. 

  52. endef
    53. 

  53. 

  54. define Package/iptables-zz-legacy
    55. 

  55. $(call Package/iptables/Default)
    56. 

  56.   TITLE:=IP firewall administration tool
    57. 

  57.   DEPENDS+= +xtables-legacy
    58. 

  58.   PROVIDES:=iptables iptables-legacy
    59. 

  59.   ALTERNATIVES:=\
    60. 

  60.     200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
    61. 

  61.     200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
    62. 

  62.     200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
    63. 

  63. endef
    64. 

  64. 

  65. define Package/iptables-zz-legacy/description
    66. 

  66. IP firewall administration tool.
    67. 

  67. 

  68.  Matches:
    69. 

  69.   - icmp
    70. 

  70.   - tcp
    71. 

  71.   - udp
    72. 

  72.   - comment
    73. 

  73.   - conntrack
    74. 

  74.   - limit
    75. 

  75.   - mac
    76. 

  76.   - mark
    77. 

  77.   - multiport
    78. 

  78.   - set
    79. 

  79.   - state
    80. 

  80.   - time
    81. 

  81. 

  82.  Targets:
    83. 

  83.   - ACCEPT
    84. 

  84.   - CT
    85. 

  85.   - DNAT
    86. 

  86.   - DROP
    87. 

  87.   - REJECT
    88. 

  88.   - FLOWOFFLOAD
    89. 

  89.   - LOG
    90. 

  90.   - MARK
    91. 

  91.   - MASQUERADE
    92. 

  92.   - REDIRECT
    93. 

  93.   - SET
    94. 

  94.   - SNAT
    95. 

  95.   - TCPMSS
    96. 

  96. 

  97.  Tables:
    98. 

  98.   - filter
    99. 

  99.   - mangle
    100. 

  100.   - nat
    101. 

  101.   - raw
    102. 

  102. 

  103. endef
    104. 

  104. 

  105. define Package/xtables-nft
    106. 

  106. $(call Package/iptables/Default)
    107. 

  107.   TITLE:=IP firewall administration tool nft
    108. 

  108.   DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
    109. 

  109. endef
    110. 

  110. 

  111. define Package/arptables-nft
    112. 

  112. $(call Package/iptables/Default)
    113. 

  113.   DEPENDS:=+kmod-nft-arp +xtables-nft +kmod-arptables
    114. 

  114.   TITLE:=ARP firewall administration tool nft
    115. 

  115.   PROVIDES:=arptables
    116. 

  116.   ALTERNATIVES:=\
    117. 

  117.     300:/usr/sbin/arptables:/usr/sbin/xtables-nft-multi \
    118. 

  118.     300:/usr/sbin/arptables-restore:/usr/sbin/xtables-nft-multi \
    119. 

  119.     300:/usr/sbin/arptables-save:/usr/sbin/xtables-nft-multi
    120. 

  120. endef
    121. 

  121. 

  122. define Package/ebtables-nft
    123. 

  123. $(call Package/iptables/Default)
    124. 

  124.   DEPENDS:=+kmod-nft-bridge +xtables-nft +kmod-ebtables
    125. 

  125.   TITLE:=Bridge firewall administration tool nft
    126. 

  126.   PROVIDES:=ebtables
    127. 

  127.   ALTERNATIVES:=\
    128. 

  128.     300:/usr/sbin/ebtables:/usr/sbin/xtables-nft-multi \
    129. 

  129.     300:/usr/sbin/ebtables-restore:/usr/sbin/xtables-nft-multi \
    130. 

  130.     300:/usr/sbin/ebtables-save:/usr/sbin/xtables-nft-multi
    131. 

  131. endef
    132. 

  132. 

  133. define Package/iptables-nft
    134. 

  134. $(call Package/iptables/Default)
    135. 

  135.   TITLE:=IP firewall administration tool nft
    136. 

  136.   DEPENDS:=+kmod-ipt-core +xtables-nft
    137. 

  137.   PROVIDES:=iptables
    138. 

  138.   ALTERNATIVES:=\
    139. 

  139.     300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
    140. 

  140.     300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
    141. 

  141.     300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
    142. 

  142. endef
    143. 

  143. 

  144. define Package/iptables-nft/description
    145. 

  145. Extra iptables nftables nft binaries.
    146. 

  146.   iptables-nft
    147. 

  147.   iptables-nft-restore
    148. 

  148.   iptables-nft-save
    149. 

  149.   iptables-translate
    150. 

  150.   iptables-restore-translate
    151. 

  151. endef
    152. 

  152. 

  153. define Package/iptables-mod-conntrack-extra
    154. 

  154. $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
    155. 

  155.   TITLE:=Extra connection tracking extensions
    156. 

  156. endef
    157. 

  157. 

  158. define Package/iptables-mod-conntrack-extra/description
    159. 

  159. Extra iptables extensions for connection tracking.
    160. 

  160. 

  161.  Matches:
    162. 

  162.   - connbytes
    163. 

  163.   - connlimit
    164. 

  164.   - connmark
    165. 

  165.   - recent
    166. 

  166.   - helper
    167. 

  167. 

  168.  Targets:
    169. 

  169.   - CONNMARK
    170. 

  170. 

  171. endef
    172. 

  172. 

  173. define Package/iptables-mod-conntrack-label
    174. 

  174. $(call Package/iptables/Module, +kmod-ipt-conntrack-label @IPTABLES_CONNLABEL)
    175. 

  175.   TITLE:=Connection tracking labeling extension
    176. 

  176.   DEFAULT:=y if IPTABLES_CONNLABEL
    177. 

  177. endef
    178. 

  178. 

  179. define Package/iptables-mod-conntrack-label/description
    180. 

  180. Match and set label(s) on connection tracking entries
    181. 

  181. 

  182.  Matches:
    183. 

  183.   - connlabel
    184. 

  184. 

  185. endef
    186. 

  186. 

  187. define Package/iptables-mod-filter
    188. 

  188. $(call Package/iptables/Module, +kmod-ipt-filter)
    189. 

  189.   TITLE:=Content inspection extensions
    190. 

  190. endef
    191. 

  191. 

  192. define Package/iptables-mod-filter/description
    193. 

  193. iptables extensions for packet content inspection.
    194. 

  194. Includes support for:
    195. 

  195. 

  196.  Matches:
    197. 

  197.   - string
    198. 

  198.   - bpf
    199. 

  199. 

  200. endef
    201. 

  201. 

  202. define Package/iptables-mod-ipopt
    203. 

  203. $(call Package/iptables/Module, +kmod-ipt-ipopt)
    204. 

  204.   TITLE:=IP/Packet option extensions
    205. 

  205. endef
    206. 

  206. 

  207. define Package/iptables-mod-ipopt/description
    208. 

  208. iptables extensions for matching/changing IP packet options.
    209. 

  209. 

  210.  Matches:
    211. 

  211.   - dscp
    212. 

  212.   - ecn
    213. 

  213.   - length
    214. 

  214.   - statistic
    215. 

  215.   - tcpmss
    216. 

  216.   - unclean
    217. 

  217.   - hl
    218. 

  218. 

  219.  Targets:
    220. 

  220.   - DSCP
    221. 

  221.   - CLASSIFY
    222. 

  222.   - ECN
    223. 

  223.   - HL
    224. 

  224. 

  225. endef
    226. 

  226. 

  227. define Package/iptables-mod-ipsec
    228. 

  228. $(call Package/iptables/Module, +kmod-ipt-ipsec)
    229. 

  229.   TITLE:=IPsec extensions
    230. 

  230. endef
    231. 

  231. 

  232. define Package/iptables-mod-ipsec/description
    233. 

  233. iptables extensions for matching ipsec traffic.
    234. 

  234. 

  235.  Matches:
    236. 

  236.   - ah
    237. 

  237.   - esp
    238. 

  238.   - policy
    239. 

  239. 

  240. endef
    241. 

  241. 

  242. define Package/iptables-mod-nat-extra
    243. 

  243. $(call Package/iptables/Module, +kmod-ipt-nat-extra)
    244. 

  244.   TITLE:=Extra NAT extensions
    245. 

  245. endef
    246. 

  246. 

  247. define Package/iptables-mod-nat-extra/description
    248. 

  248. iptables extensions for extra NAT targets.
    249. 

  249. 

  250.  Targets:
    251. 

  251.   - MIRROR
    252. 

  252.   - NETMAP
    253. 

  253. endef
    254. 

  254. 

  255. define Package/iptables-mod-nflog
    256. 

  256. $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
    257. 

  257.   TITLE:=Netfilter NFLOG target
    258. 

  258. endef
    259. 

  259. 

  260. define Package/iptables-mod-nflog/description
    261. 

  261.  iptables extension for user-space logging via NFNETLINK.
    262. 

  262. 

  263.  Includes:
    264. 

  264.   - libxt_NFLOG
    265. 

  265. 

  266. endef
    267. 

  267. 

  268. define Package/iptables-mod-trace
    269. 

  269. $(call Package/iptables/Module, +kmod-ipt-debug)
    270. 

  270.   TITLE:=Netfilter TRACE target
    271. 

  271. endef
    272. 

  272. 

  273. define Package/iptables-mod-trace/description
    274. 

  274.  iptables extension for TRACE target
    275. 

  275. 

  276.  Includes:
    277. 

  277.   - libxt_TRACE
    278. 

  278. 

  279. endef
    280. 

  280. 

  281. 

  282. define Package/iptables-mod-nfqueue
    283. 

  283. $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
    284. 

  284.   TITLE:=Netfilter NFQUEUE target
    285. 

  285. endef
    286. 

  286. 

  287. define Package/iptables-mod-nfqueue/description
    288. 

  288.  iptables extension for user-space queuing via NFNETLINK.
    289. 

  289. 

  290.  Includes:
    291. 

  291.   - libxt_NFQUEUE
    292. 

  292. 

  293. endef
    294. 

  294. 

  295. define Package/iptables-mod-hashlimit
    296. 

  296. $(call Package/iptables/Module, +kmod-ipt-hashlimit)
    297. 

  297.   TITLE:=hashlimit matching
    298. 

  298. endef
    299. 

  299. 

  300. define Package/iptables-mod-hashlimit/description
    301. 

  301. iptables extensions for hashlimit matching
    302. 

  302. 

  303.  Matches:
    304. 

  304.   - hashlimit
    305. 

  305. 

  306. endef
    307. 

  307. 

  308. define Package/iptables-mod-rpfilter
    309. 

  309. $(call Package/iptables/Module, +kmod-ipt-rpfilter)
    310. 

  310.   TITLE:=rpfilter iptables extension
    311. 

  311. endef
    312. 

  312. 

  313. define Package/iptables-mod-rpfilter/description
    314. 

  314. iptables extensions for reverse path filter test on a packet
    315. 

  315. 

  316.  Matches:
    317. 

  317.   - rpfilter
    318. 

  318. 

  319. endef
    320. 

  320. 

  321. define Package/iptables-mod-iprange
    322. 

  322. $(call Package/iptables/Module, +kmod-ipt-iprange)
    323. 

  323.   TITLE:=IP range extension
    324. 

  324. endef
    325. 

  325. 

  326. define Package/iptables-mod-iprange/description
    327. 

  327. iptables extensions for matching ip ranges.
    328. 

  328. 

  329.  Matches:
    330. 

  330.   - iprange
    331. 

  331. 

  332. endef
    333. 

  333. 

  334. define Package/iptables-mod-cluster
    335. 

  335. $(call Package/iptables/Module, +kmod-ipt-cluster)
    336. 

  336.   TITLE:=Match cluster extension
    337. 

  337. endef
    338. 

  338. 

  339. define Package/iptables-mod-cluster/description
    340. 

  340. iptables extensions for matching cluster.
    341. 

  341. 

  342.  Netfilter (IPv4/IPv6) module for matching cluster
    343. 

  343.  This option allows you to build work-load-sharing clusters of
    344. 

  344.  network servers/stateful firewalls without having a dedicated
    345. 

  345.  load-balancing router/server/switch. Basically, this match returns
    346. 

  346.  true when the packet must be handled by this cluster node. Thus,
    347. 

  347.  all nodes see all packets and this match decides which node handles
    348. 

  348.  what packets. The work-load sharing algorithm is based on source
    349. 

  349.  address hashing.
    350. 

  350. 

  351.  This module is usable for ipv4 and ipv6.
    352. 

  352. 

  353.  If you select it, it enables kmod-ipt-cluster.
    354. 

  354. 

  355.  see `iptables -m cluster --help` for more information.
    356. 

  356. endef
    357. 

  357. 

  358. define Package/iptables-mod-clusterip
    359. 

  359. $(call Package/iptables/Module, +kmod-ipt-clusterip)
    360. 

  360.   TITLE:=Clusterip extension
    361. 

  361. endef
    362. 

  362. 

  363. define Package/iptables-mod-clusterip/description
    364. 

  364. iptables extensions for CLUSTERIP.
    365. 

  365.  The CLUSTERIP target allows you to build load-balancing clusters of
    366. 

  366.  network servers without having a dedicated load-balancing
    367. 

  367.  router/server/switch.
    368. 

  368. 

  369.  If you select it, it enables kmod-ipt-clusterip.
    370. 

  370. 

  371.  see `iptables -j CLUSTERIP --help` for more information.
    372. 

  372. endef
    373. 

  373. 

  374. define Package/iptables-mod-extra
    375. 

  375. $(call Package/iptables/Module, +kmod-ipt-extra)
    376. 

  376.   TITLE:=Other extra iptables extensions
    377. 

  377. endef
    378. 

  378. 

  379. define Package/iptables-mod-extra/description
    380. 

  380. Other extra iptables extensions.
    381. 

  381. 

  382.  Matches:
    383. 

  383.   - addrtype
    384. 

  384.   - condition
    385. 

  385.   - owner
    386. 

  386.   - pkttype
    387. 

  387.   - quota
    388. 

  388. 

  389. endef
    390. 

  390. 

  391. define Package/iptables-mod-physdev
    392. 

  392. $(call Package/iptables/Module, +kmod-ipt-physdev)
    393. 

  393.   TITLE:=physdev iptables extension
    394. 

  394. endef
    395. 

  395. 

  396. define Package/iptables-mod-physdev/description
    397. 

  397. The iptables physdev match.
    398. 

  398. endef
    399. 

  399. 

  400. define Package/iptables-mod-led
    401. 

  401. $(call Package/iptables/Module, +kmod-ipt-led)
    402. 

  402.   TITLE:=LED trigger iptables extension
    403. 

  403. endef
    404. 

  404. 

  405. define Package/iptables-mod-led/description
    406. 

  406. iptables extension for triggering a LED.
    407. 

  407. 

  408.  Targets:
    409. 

  409.   - LED
    410. 

  410. 

  411. endef
    412. 

  412. 

  413. define Package/iptables-mod-socket
    414. 

  414. $(call Package/iptables/Module, +kmod-ipt-socket)
    415. 

  415.   TITLE:=Socket match iptables extensions
    416. 

  416. endef
    417. 

  417. 

  418. define Package/iptables-mod-socket/description
    419. 

  419. Socket match iptables extensions.
    420. 

  420. 

  421.  Matches:
    422. 

  422.   - socket
    423. 

  423. 

  424. endef
    425. 

  425. 

  426. define Package/iptables-mod-tproxy
    427. 

  427. $(call Package/iptables/Module, +kmod-ipt-tproxy)
    428. 

  428.   TITLE:=Transparent proxy iptables extensions
    429. 

  429. endef
    430. 

  430. 

  431. define Package/iptables-mod-tproxy/description
    432. 

  432. Transparent proxy iptables extensions.
    433. 

  433. 

  434.  Targets:
    435. 

  435.   - TPROXY
    436. 

  436. 

  437. endef
    438. 

  438. 

  439. define Package/iptables-mod-tee
    440. 

  440. $(call Package/iptables/Module, +kmod-ipt-tee)
    441. 

  441.   TITLE:=TEE iptables extensions
    442. 

  442. endef
    443. 

  443. 

  444. define Package/iptables-mod-tee/description
    445. 

  445. TEE iptables extensions.
    446. 

  446. 

  447.  Targets:
    448. 

  448.   - TEE
    449. 

  449. 

  450. endef
    451. 

  451. 

  452. define Package/iptables-mod-u32
    453. 

  453. $(call Package/iptables/Module, +kmod-ipt-u32)
    454. 

  454.   TITLE:=U32 iptables extensions
    455. 

  455. endef
    456. 

  456. 

  457. define Package/iptables-mod-u32/description
    458. 

  458. U32 iptables extensions.
    459. 

  459. 

  460.  Matches:
    461. 

  461.   - u32
    462. 

  462. 

  463. endef
    464. 

  464. 

  465. define Package/iptables-mod-checksum
    466. 

  466. $(call Package/iptables/Module, +kmod-ipt-checksum)
    467. 

  467.   TITLE:=IP CHECKSUM target extension
    468. 

  468. endef
    469. 

  469. 

  470. define Package/iptables-mod-checksum/description
    471. 

  471. iptables extension for the CHECKSUM calculation target
    472. 

  472. endef
    473. 

  473. 

  474. define Package/ip6tables-zz-legacy
    475. 

  475. $(call Package/iptables/Default)
    476. 

  476.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
    477. 

  477.   CATEGORY:=Network
    478. 

  478.   TITLE:=IPv6 firewall administration tool
    479. 

  479.   PROVIDES:=ip6tables ip6tables-legacy
    480. 

  480.   ALTERNATIVES:=\
    481. 

  481.     200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
    482. 

  482.     200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
    483. 

  483.     200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
    484. 

  484. endef
    485. 

  485. 

  486. define Package/ip6tables-nft
    487. 

  487. $(call Package/iptables/Default)
    488. 

  488.   DEPENDS:=@IPV6 +kmod-ip6tables +xtables-nft
    489. 

  489.   TITLE:=IP firewall administration tool nft
    490. 

  490.   PROVIDES:=ip6tables
    491. 

  491.   ALTERNATIVES:=\
    492. 

  492.     300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
    493. 

  493.     300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
    494. 

  494.     300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
    495. 

  495. endef
    496. 

  496. 

  497. define Package/ip6tables-nft/description
    498. 

  498. Extra ip6tables nftables nft binaries.
    499. 

  499.   ip6tables-nft
    500. 

  500.   ip6tables-nft-restore
    501. 

  501.   ip6tables-nft-save
    502. 

  502.   ip6tables-translate
    503. 

  503.   ip6tables-restore-translate
    504. 

  504. endef
    505. 

  505. 

  506. define Package/ip6tables-extra
    507. 

  507. $(call Package/iptables/Default)
    508. 

  508.   DEPENDS:=+libxtables +kmod-ip6tables-extra
    509. 

  509.   TITLE:=IPv6 header matching modules
    510. 

  510. endef
    511. 

  511. 

  512. define Package/ip6tables-extra/description
    513. 

  513. iptables header matching modules for IPv6
    514. 

  514. endef
    515. 

  515. 

  516. define Package/ip6tables-mod-nat
    517. 

  517. $(call Package/iptables/Default)
    518. 

  518.   DEPENDS:=+libxtables +kmod-ipt-nat6
    519. 

  519.   TITLE:=IPv6 NAT extensions
    520. 

  520. endef
    521. 

  521. 

  522. define Package/ip6tables-mod-nat/description
    523. 

  523. iptables extensions for IPv6-NAT targets.
    524. 

  524. endef
    525. 

  525. 

  526. define Package/libip4tc
    527. 

  527. $(call Package/iptables/Default)
    528. 

  528.   SECTION:=libs
    529. 

  529.   CATEGORY:=Libraries
    530. 

  530.   TITLE:=IPv4 firewall - shared libiptc library
    531. 

  531.   ABI_VERSION:=2
    532. 

  532. endef
    533. 

  533. 

  534. define Package/libip6tc
    535. 

  535. $(call Package/iptables/Default)
    536. 

  536.   SECTION:=libs
    537. 

  537.   CATEGORY:=Libraries
    538. 

  538.   TITLE:=IPv6 firewall - shared libiptc library
    539. 

  539.   ABI_VERSION:=2
    540. 

  540. endef
    541. 

  541. 

  542. define Package/libiptext
    543. 

  543.  $(call Package/iptables/Default)
    544. 

  544.  SECTION:=libs
    545. 

  545.  CATEGORY:=Libraries
    546. 

  546.  TITLE:=IPv4 firewall - shared libiptext library
    547. 

  547.  ABI_VERSION:=0
    548. 

  548.  DEPENDS:=+libxtables
    549. 

  549. endef
    550. 

  550. 

  551. define Package/libiptext6
    552. 

  552.  $(call Package/iptables/Default)
    553. 

  553.  SECTION:=libs
    554. 

  554.  CATEGORY:=Libraries
    555. 

  555.  TITLE:=IPv6 firewall - shared libiptext library
    556. 

  556.  ABI_VERSION:=0
    557. 

  557.  DEPENDS:=+libxtables
    558. 

  558. endef
    559. 

  559. 

  560. define Package/libiptext-nft
    561. 

  561.  $(call Package/iptables/Default)
    562. 

  562.  SECTION:=libs
    563. 

  563.  CATEGORY:=Libraries
    564. 

  564.  TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
    565. 

  565.  ABI_VERSION:=0
    566. 

  566.  DEPENDS:=+libxtables
    567. 

  567. endef
    568. 

  568. 

  569. define Package/libxtables
    570. 

  570.  $(call Package/iptables/Default)
    571. 

  571.  SECTION:=libs
    572. 

  572.  CATEGORY:=Libraries
    573. 

  573.  TITLE:=IPv4/IPv6 firewall - shared xtables library
    574. 

  574.  MENU:=1
    575. 

  575.  ABI_VERSION:=12
    576. 

  576.  DEPENDS:=+IPTABLES_CONNLABEL:libnetfilter-conntrack
    577. 

  577. endef
    578. 

  578. 

  579. define Package/libxtables/config
    580. 

  580.   config IPTABLES_CONNLABEL
    581. 

  581. 	bool "Enable Connlabel support"
    582. 

  582. 	default n
    583. 

  583. 	help
    584. 

  584. 		This enable connlabel support in iptables.
    585. 

  585. endef
    586. 

  586. 

  587. TARGET_CPPFLAGS := \
    588. 

  588. 	-I$(PKG_BUILD_DIR)/include \
    589. 

  589. 	-I$(LINUX_DIR)/user_headers/include \
    590. 

  590. 	$(TARGET_CPPFLAGS)
    591. 

  591. 

  592. TARGET_CFLAGS += \
    593. 

  593. 	-I$(PKG_BUILD_DIR)/include \
    594. 

  594. 	-I$(LINUX_DIR)/user_headers/include \
    595. 

  595. 	-DNO_LEGACY
    596. 

  596. 

  597. CONFIGURE_ARGS += \
    598. 

  598. 	--enable-shared \
    599. 

  599. 	--enable-static \
    600. 

  600. 	--enable-devel \
    601. 

  601. 	--with-kernel="$(LINUX_DIR)/user_headers" \
    602. 

  602. 	--with-xtlibdir=/usr/lib/iptables \
    603. 

  603. 	--with-xt-lock-name=/var/run/xtables.lock \
    604. 

  604. 	$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
    605. 

  605. 	$(if $(CONFIG_IPV6),,--disable-ipv6)
    606. 

  606. 

  607. MAKE_FLAGS := \
    608. 

  608. 	$(TARGET_CONFIGURE_OPTS) \
    609. 

  609. 	COPT_FLAGS="$(TARGET_CFLAGS)" \
    610. 

  610. 	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
    611. 

  611. 	KBUILD_OUTPUT="$(LINUX_DIR)" \
    612. 

  612. 	BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
    613. 

  613. 

  614. ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
    615. 

  615.   define Build/Configure/rebuild
    616. 

  616. 	$(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
    617. 

  617. 	rm -f $(PKG_BUILD_DIR)/.config_*
    618. 

  618. 	rm -f $(PKG_BUILD_DIR)/.configured_*
    619. 

  619. 	touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
    620. 

  620.   endef
    621. 

  621. endif
    622. 

  622. 

  623. define Build/Configure
    624. 

  624. $(Build/Configure/rebuild)
    625. 

  625. $(Build/Configure/Default)
    626. 

  626. endef
    627. 

  627. 

  628. define Build/InstallDev
    629. 

  629. 	$(INSTALL_DIR) $(1)/usr/include
    630. 

  630. 	$(INSTALL_DIR) $(1)/usr/include/iptables
    631. 

  631. 	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
    632. 

  632. 

  633. 	# XXX: iptables header fixup, some headers are not installed by iptables anymore
    634. 

  634. 	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
    635. 

  635. 	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
    636. 

  636. 	$(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
    637. 

  637. 	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
    638. 

  638. 

  639. 	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
    640. 

  640. 	$(INSTALL_DIR) $(1)/usr/lib
    641. 

  641. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
    642. 

  642. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
    643. 

  643. 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
    644. 

  644. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
    645. 

  645. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
    646. 

  646. 

  647. 	# XXX: needed by firewall3
    648. 

  648. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
    649. 

  649. endef
    650. 

  650. 

  651. define Package/xtables-legacy/install
    652. 

  652. 	$(INSTALL_DIR) $(1)/usr/sbin
    653. 

  653. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
    654. 

  654. endef
    655. 

  655. 

  656. define Package/iptables-zz-legacy/install
    657. 

  657. 	$(INSTALL_DIR) $(1)/usr/sbin
    658. 

  658. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
    659. 

  659. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    660. 

  660. endef
    661. 

  661. 

  662. define Package/xtables-nft/install
    663. 

  663. 	$(INSTALL_DIR) $(1)/usr/sbin
    664. 

  664. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-nft-multi $(1)/usr/sbin/
    665. 

  665. endef
    666. 

  666. 

  667. define Package/arptables-nft/install
    668. 

  668. 	$(INSTALL_DIR) $(1)/usr/sbin
    669. 

  669. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/arptables-nft{,-restore,-save} $(1)/usr/sbin/
    670. 

  670. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    671. 

  671. 	$(CP) $(PKG_BUILD_DIR)/extensions/libarpt_*.so $(1)/usr/lib/iptables/
    672. 

  672. endef
    673. 

  673. 

  674. define Package/ebtables-nft/install
    675. 

  675. 	$(INSTALL_DIR) $(1)/usr/sbin
    676. 

  676. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ebtables-nft{,-restore,-save} $(1)/usr/sbin/
    677. 

  677. 	$(INSTALL_DIR) $(1)/usr/lib/iptables
    678. 

  678. 	$(CP) $(PKG_BUILD_DIR)/extensions/libebt_*.so $(1)/usr/lib/iptables/
    679. 

  679. endef
    680. 

  680. 

  681. define Package/iptables-nft/install
    682. 

  682. 	$(INSTALL_DIR) $(1)/usr/sbin
    683. 

  683. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-nft{,-restore,-save} $(1)/usr/sbin/
    684. 

  684. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
    685. 

  685. endef
    686. 

  686. 

  687. define Package/ip6tables-zz-legacy/install
    688. 

  688. 	$(INSTALL_DIR) $(1)/usr/sbin
    689. 

  689. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
    690. 

  690. endef
    691. 

  691. 

  692. define Package/ip6tables-nft/install
    693. 

  693. 	$(INSTALL_DIR) $(1)/usr/sbin
    694. 

  694. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-nft{,-restore,-save} $(1)/usr/sbin/
    695. 

  695. 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
    696. 

  696. endef
    697. 

  697. 

  698. define Package/libip4tc/install
    699. 

  699. 	$(INSTALL_DIR) $(1)/usr/lib
    700. 

  700. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
    701. 

  701. endef
    702. 

  702. 

  703. define Package/libip6tc/install
    704. 

  704. 	$(INSTALL_DIR) $(1)/usr/lib
    705. 

  705. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so.* $(1)/usr/lib/
    706. 

  706. endef
    707. 

  707. 

  708. define Package/libiptext/install
    709. 

  709. 	$(INSTALL_DIR) $(1)/usr/lib
    710. 

  710. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
    711. 

  711. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
    712. 

  712. endef
    713. 

  713. 

  714. define Package/libiptext6/install
    715. 

  715. 	$(INSTALL_DIR) $(1)/usr/lib
    716. 

  716. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
    717. 

  717. endef
    718. 

  718. 

  719. define Package/libiptext-nft/install
    720. 

  720. 	$(INSTALL_DIR) $(1)/usr/lib
    721. 

  721. 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
    722. 

  722. endef
    723. 

  723. 

  724. define Package/libxtables/install
    725. 

  725. 	$(INSTALL_DIR) $(1)/usr/lib
    726. 

  726. 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so.* $(1)/usr/lib/
    727. 

  727. endef
    728. 

  728. 

  729. define BuildPlugin
    730. 

  730.   define Package/$(1)/install
    731. 

  731. 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
    732. 

  732. 	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
    733. 

  733. 		if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
    734. 

  734. 			$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
    735. 

  735. 		fi; \
    736. 

  736. 	done
    737. 

  737. 	$(3)
    738. 

  738.   endef
    739. 

  739. 

  740.   $$(eval $$(call BuildPackage,$(1)))
    741. 

  741. endef
    742. 

  742. 

  743. $(eval $(call BuildPackage,libxtables))
    744. 

  744. $(eval $(call BuildPackage,libip4tc))
    745. 

  745. $(eval $(call BuildPackage,libip6tc))
    746. 

  746. $(eval $(call BuildPackage,libiptext))
    747. 

  747. $(eval $(call BuildPackage,libiptext6))
    748. 

  748. $(eval $(call BuildPackage,libiptext-nft))
    749. 

  749. $(eval $(call BuildPackage,xtables-legacy))
    750. 

  750. $(eval $(call BuildPackage,xtables-nft))
    751. 

  751. $(eval $(call BuildPackage,arptables-nft))
    752. 

  752. $(eval $(call BuildPackage,ebtables-nft))
    753. 

  753. $(eval $(call BuildPackage,iptables-nft))
    754. 

  754. $(eval $(call BuildPackage,iptables-zz-legacy))
    755. 

  755. $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
    756. 

  756. $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
    757. 

  757. $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
    758. 

  758. $(eval $(call BuildPlugin,iptables-mod-physdev,$(IPT_PHYSDEV-m)))
    759. 

  759. $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
    760. 

  760. $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
    761. 

  761. $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
    762. 

  762. $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
    763. 

  763. $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
    764. 

  764. $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
    765. 

  765. $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
    766. 

  766. $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
    767. 

  767. $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m)))
    768. 

  768. $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
    769. 

  769. $(eval $(call BuildPlugin,iptables-mod-socket,$(IPT_SOCKET-m)))
    770. 

  770. $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
    771. 

  771. $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
    772. 

  772. $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
    773. 

  773. $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
    774. 

  774. $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
    775. 

  775. $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
    776. 

  776. $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
    777. 

  777. $(eval $(call BuildPackage,ip6tables-nft))
    778. 

  778. $(eval $(call BuildPackage,ip6tables-zz-legacy))
    779. 

  779. $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
    780. 

  780. $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
    781. 

  781.