source: trunk/package/iptables/Makefile @ 25646

Last change on this file since 25646 was 25646, checked in by kaloz, 6 years ago

[package/iptables]: as [25641] removed kernel IMQ support, remove it from iptables as well

  • Property svn:copyright set to Copyright (C) 2006 OpenWrt.org
  • Property svn:eol-style set to native
File size: 10.5 KB
Line 
1#
2# Copyright (C) 2006-2010 OpenWrt.org
3#
4# This is free software, licensed under the GNU General Public License v2.
5# See /LICENSE for more information.
6#
7
8include $(TOPDIR)/rules.mk
9include $(INCLUDE_DIR)/kernel.mk
10
11PKG_NAME:=iptables
12PKG_VERSION:=1.4.10
13PKG_RELEASE:=1
14
15PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
16PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
18        ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
19        ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
20        ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
21
22PKG_FIXUP:=autoreconf
23PKG_INSTALL:=1
24PKG_BUILD_PARALLEL:=1
25
26include $(INCLUDE_DIR)/package.mk
27ifeq ($(DUMP),)
28  -include $(LINUX_DIR)/.config
29  include $(INCLUDE_DIR)/netfilter.mk
30  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
31endif
32
33
34define Package/iptables/Default
35  SECTION:=net
36  CATEGORY:=Network
37  URL:=http://netfilter.org/
38endef
39
40define Package/iptables/Module
41$(call Package/iptables/Default)
42  DEPENDS:=iptables $(1)
43endef
44
45define Package/iptables
46$(call Package/iptables/Default)
47  TITLE:=IPv4 firewall administration tool
48  MENU:=1
49  DEPENDS+= +kmod-ipt-core +libiptc +libxtables
50endef
51
52define Package/iptables/description
53IPv4 firewall administration tool.
54Includes support for:
55- comment
56- limit
57- LOG
58- mac
59- multiport
60- REJECT
61- TCPMSS
62endef
63
64define Package/iptables-mod-conntrack
65$(call Package/iptables/Module, +kmod-ipt-conntrack)
66  TITLE:=Basic connection tracking extensions
67endef
68
69define Package/iptables-mod-conntrack/description
70Basic iptables extensions for connection tracking.
71Includes:
72- state
73- raw
74- NOTRACK
75endef
76
77define Package/iptables-mod-conntrack-extra
78$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
79  TITLE:=Extra connection tracking extensions
80endef
81
82define Package/iptables-mod-conntrack-extra/description
83Extra iptables extensions for connection tracking.
84Includes:
85- libipt_conntrack
86- libipt_helper
87- libipt_connmark/CONNMARK
88endef
89
90define Package/iptables-mod-filter
91$(call Package/iptables/Module, +kmod-ipt-filter)
92  TITLE:=Content inspection extensions
93endef
94
95define Package/iptables-mod-filter/description
96iptables extensions for packet content inspection.
97Includes:
98- libipt_string
99- libipt_layer7
100endef
101
102define Package/iptables-mod-ipopt
103$(call Package/iptables/Module, +kmod-ipt-ipopt)
104  TITLE:=IP/Packet option extensions
105endef
106
107define Package/iptables-mod-ipopt/description
108iptables extensions for matching/changing IP packet options.
109Includes:
110- libipt_CLASSIFY
111- libipt_dscp/DSCP
112- libipt_ecn/ECN
113- libipt_length
114- libipt_mac
115- libipt_mark/MARK
116- libipt_statistic
117- libipt_tcpmms
118- libipt_tos/TOS
119- libipt_ttl/TTL
120- libipt_unclean
121endef
122
123define Package/iptables-mod-ipsec
124$(call Package/iptables/Module, +kmod-ipt-ipsec)
125  TITLE:=IPsec extensions
126endef
127
128define Package/iptables-mod-ipsec/description
129iptables extensions for matching ipsec traffic.
130Includes:
131- libipt_ah
132- libipt_esp
133- libipt_policy
134endef
135
136define Package/iptables-mod-ipset
137$(call Package/iptables/Module,)
138  TITLE:=IPset iptables extensions
139endef
140
141define Package/iptables-mod-ipset/description
142IPset iptables extensions.
143Includes:
144- libipt_set
145- libipt_SET
146endef
147
148define Package/iptables-mod-nat
149$(call Package/iptables/Module, +kmod-ipt-nat)
150  TITLE:=Basic NAT extensions
151endef
152
153define Package/iptables-mod-nat/description
154iptables extensions for basic NAT targets.
155Includes:
156- MASQUERADE
157- SNAT
158- DNAT
159endef
160
161define Package/iptables-mod-nat-extra
162$(call Package/iptables/Module, +kmod-ipt-nat-extra)
163  TITLE:=Extra NAT extensions
164endef
165
166define Package/iptables-mod-nat-extra/description
167iptables extensions for extra NAT targets.
168Includes:
169- REDIRECT
170endef
171
172define Package/iptables-mod-ulog
173$(call Package/iptables/Module, +kmod-ipt-ulog)
174  TITLE:=user-space packet logging
175endef
176
177define Package/iptables-mod-ulog/description
178iptables extensions for user-space packet logging.
179Includes:
180- libipt_ULOG
181endef
182
183define Package/iptables-mod-hashlimit
184$(call Package/iptables/Module, +kmod-ipt-hashlimit)
185  TITLE:=hashlimit matching
186endef
187
188define Package/iptables-mod-hashlimit/description
189iptables extensions for hashlimit matching
190Includes:
191- libipt_hashlimit
192endef
193
194define Package/iptables-mod-iprange
195$(call Package/iptables/Module, +kmod-ipt-iprange)
196  TITLE:=IP range extension
197endef
198
199define Package/iptables-mod-iprange/description
200iptables extensions for matching ip ranges.
201Includes:
202- libipt_iprange
203endef
204
205define Package/iptables-mod-extra
206$(call Package/iptables/Module, +kmod-ipt-extra)
207  TITLE:=Other extra iptables extensions
208endef
209
210define Package/iptables-mod-extra/description
211Other extra iptables extensions.
212Includes:
213- libipt_owner
214- libipt_physdev
215- libipt_pkttype
216- libipt_recent
217endef
218
219define Package/iptables-mod-tproxy
220$(call Package/iptables/Module, +kmod-ipt-tproxy)
221  TITLE:=Transparent proxy iptables extensions
222endef
223
224define Package/iptables-mod-tproxy/description
225Transparent proxy iptables extensions.
226Includes:
227- libxt_socket
228- libxt_TPROXY
229endef
230
231
232define Package/iptables-utils
233$(call Package/iptables/Module, )
234  TITLE:=iptables save and restore utilities
235endef
236
237define Package/ip6tables
238$(call Package/iptables/Default)
239  DEPENDS:=+kmod-ip6tables +libiptc +libxtables
240  CATEGORY:=IPv6
241  TITLE:=IPv6 firewall administration tool
242  MENU:=1
243endef
244
245define Package/ip6tables-utils
246$(call Package/iptables/Default)
247  DEPENDS:=ip6tables
248  CATEGORY:=IPv6
249  TITLE:=ip6tables save and restore utilities
250endef
251
252define Package/libiptc
253$(call Package/iptables/Default)
254  SECTION:=libs
255  CATEGORY:=Libraries
256  TITLE:=IPv4/IPv6 firewall - shared libiptc library
257endef
258
259define Package/libxtables
260 $(call Package/iptables/Default)
261 SECTION:=libs
262 CATEGORY:=Libraries
263 TITLE:=IPv4/IPv6 firewall - shared xtables library
264endef
265
266define Package/libipq
267  $(call Package/iptables/Default)
268  SECTION:=libs
269  CATEGORY:=Libraries
270  TITLE:=IPv4/IPv6 firewall - shared libipq library
271endef
272
273TARGET_CPPFLAGS := \
274        -I$(PKG_BUILD_DIR)/include \
275        -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
276        $(TARGET_CPPFLAGS)
277
278TARGET_CFLAGS += \
279        -I$(PKG_BUILD_DIR)/include \
280        -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include
281
282CONFIGURE_ARGS += \
283        --enable-shared \
284        --enable-devel \
285        --enable-ipv6 \
286        --enable-libipq \
287        --with-kernel="$(LINUX_DIR)" \
288        --with-xtlibdir=/usr/lib/iptables
289
290MAKE_FLAGS := \
291        $(TARGET_CONFIGURE_OPTS) \
292        COPT_FLAGS="$(TARGET_CFLAGS)" \
293        LDFLAGS="-rdynamic -static-libgcc" \
294        KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
295        KBUILD_OUTPUT="$(LINUX_DIR)" \
296
297define Build/InstallDev
298        $(INSTALL_DIR) $(1)/usr/include
299        $(INSTALL_DIR) $(1)/usr/include/iptables
300        $(INSTALL_DIR) $(1)/usr/include/net/netfilter
301
302        # XXX: iptables header fixup, some headers are not installed by iptables anymore
303        $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
304        $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
305        $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
306        $(CP) $(PKG_BUILD_DIR)/include/libipq/libipq.h $(1)/usr/include/
307        $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
308        $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
309
310        $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
311        $(INSTALL_DIR) $(1)/usr/lib
312        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
313        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
314        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.so* $(1)/usr/lib/
315        $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
316        $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
317        $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
318endef
319
320define Package/iptables/install
321        $(INSTALL_DIR) $(1)/usr/sbin
322        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
323        $(INSTALL_DIR) $(1)/usr/lib/iptables
324        (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
325                for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
326                        if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
327                                $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
328                        fi; \
329                done \
330        )
331endef
332
333define Package/iptables-utils/install
334        $(INSTALL_DIR) $(1)/usr/sbin
335        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(1)/usr/sbin/
336endef
337
338define Package/ip6tables/install
339        $(INSTALL_DIR) $(1)/usr/sbin
340        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
341        $(INSTALL_DIR) $(1)/usr/lib/iptables
342        (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
343                $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
344        )
345endef
346
347define Package/ip6tables-utils/install
348        $(INSTALL_DIR) $(1)/usr/sbin
349        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-{save,restore} $(1)/usr/sbin/
350endef
351
352define Package/libiptc/install
353        $(INSTALL_DIR) $(1)/usr/lib
354        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
355endef
356
357define Package/libxtables/install
358        $(INSTALL_DIR) $(1)/usr/lib
359        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
360endef
361
362define Package/libipq/install
363        $(INSTALL_DIR) $(1)/usr/lib
364        $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.so* $(1)/usr/lib/
365endef
366
367define BuildPlugin
368  define Package/$(1)/install
369        $(INSTALL_DIR) $$(1)/usr/lib/iptables
370        for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
371                if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
372                        $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
373                fi; \
374        done
375        $(3)
376  endef
377
378  $$(eval $$(call BuildPackage,$(1)))
379endef
380
381L7_INSTALL:=\
382        $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
383        $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
384
385
386$(eval $(call BuildPackage,iptables))
387$(eval $(call BuildPackage,iptables-utils))
388$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
389$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
390$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
391$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
392$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
393$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
394$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
395$(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
396$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
397$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
398$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
399$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
400$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
401$(eval $(call BuildPackage,ip6tables))
402$(eval $(call BuildPackage,ip6tables-utils))
403$(eval $(call BuildPackage,libiptc))
404$(eval $(call BuildPackage,libxtables))
405$(eval $(call BuildPackage,libipq))
Note: See TracBrowser for help on using the repository browser.