2 # Copyright (C) 2006-2016 OpenWrt.org
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
8 include $(TOPDIR)/rules.mk
9 include $(INCLUDE_DIR)/kernel.mk
15 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
16 PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
17 ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
18 ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
19 ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
20 PKG_HASH:=52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0
27 include $(INCLUDE_DIR)/package.mk
29 -include $(LINUX_DIR)/.config
30 include $(INCLUDE_DIR)/netfilter.mk
31 STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
35 define Package/iptables/Default
39 URL:=http://netfilter.org/
42 define Package/iptables/Module
43 $(call Package/iptables/Default)
44 DEPENDS:=iptables $(1)
47 define Package/iptables
48 $(call Package/iptables/Default)
49 TITLE:=IP firewall administration tool
51 DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
54 define Package/iptables/description
55 IP firewall administration tool.
93 define Package/iptables-mod-conntrack-extra
94 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
95 TITLE:=Extra connection tracking extensions
98 define Package/iptables-mod-conntrack-extra/description
99 Extra iptables extensions for connection tracking.
113 define Package/iptables-mod-filter
114 $(call Package/iptables/Module, +kmod-ipt-filter)
115 TITLE:=Content inspection extensions
118 define Package/iptables-mod-filter/description
119 iptables extensions for packet content inspection.
120 Includes support for:
127 define Package/iptables-mod-ipopt
128 $(call Package/iptables/Module, +kmod-ipt-ipopt)
129 TITLE:=IP/Packet option extensions
132 define Package/iptables-mod-ipopt/description
133 iptables extensions for matching/changing IP packet options.
152 define Package/iptables-mod-ipsec
153 $(call Package/iptables/Module, +kmod-ipt-ipsec)
154 TITLE:=IPsec extensions
157 define Package/iptables-mod-ipsec/description
158 iptables extensions for matching ipsec traffic.
167 define Package/iptables-mod-nat-extra
168 $(call Package/iptables/Module, +kmod-ipt-nat-extra)
169 TITLE:=Extra NAT extensions
172 define Package/iptables-mod-nat-extra/description
173 iptables extensions for extra NAT targets.
180 define Package/iptables-mod-ulog
181 $(call Package/iptables/Module, +kmod-ipt-ulog)
182 TITLE:=user-space packet logging
185 define Package/iptables-mod-ulog/description
186 iptables extensions for user-space packet logging.
193 define Package/iptables-mod-nflog
194 $(call Package/iptables/Module, +kmod-nfnetlink-log +kmod-ipt-nflog)
195 TITLE:=Netfilter NFLOG target
198 define Package/iptables-mod-nflog/description
199 iptables extension for user-space logging via NFNETLINK.
206 define Package/iptables-mod-nfqueue
207 $(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
208 TITLE:=Netfilter NFQUEUE target
211 define Package/iptables-mod-nfqueue/description
212 iptables extension for user-space queuing via NFNETLINK.
219 define Package/iptables-mod-hashlimit
220 $(call Package/iptables/Module, +kmod-ipt-hashlimit)
221 TITLE:=hashlimit matching
224 define Package/iptables-mod-hashlimit/description
225 iptables extensions for hashlimit matching
232 define Package/iptables-mod-iprange
233 $(call Package/iptables/Module, +kmod-ipt-iprange)
234 TITLE:=IP range extension
237 define Package/iptables-mod-iprange/description
238 iptables extensions for matching ip ranges.
245 define Package/iptables-mod-cluster
246 $(call Package/iptables/Module, +kmod-ipt-cluster)
247 TITLE:=Match cluster extension
250 define Package/iptables-mod-cluster/description
251 iptables extensions for matching cluster.
253 Netfilter (IPv4/IPv6) module for matching cluster
254 This option allows you to build work-load-sharing clusters of
255 network servers/stateful firewalls without having a dedicated
256 load-balancing router/server/switch. Basically, this match returns
257 true when the packet must be handled by this cluster node. Thus,
258 all nodes see all packets and this match decides which node handles
259 what packets. The work-load sharing algorithm is based on source
262 This module is usable for ipv4 and ipv6.
264 If you select it, it enables kmod-ipt-cluster.
266 see `iptables -m cluster --help` for more information.
269 define Package/iptables-mod-clusterip
270 $(call Package/iptables/Module, +kmod-ipt-clusterip)
271 TITLE:=Clusterip extension
274 define Package/iptables-mod-clusterip/description
275 iptables extensions for CLUSTERIP.
276 The CLUSTERIP target allows you to build load-balancing clusters of
277 network servers without having a dedicated load-balancing
278 router/server/switch.
280 If you select it, it enables kmod-ipt-clusterip.
282 see `iptables -j CLUSTERIP --help` for more information.
285 define Package/iptables-mod-extra
286 $(call Package/iptables/Module, +kmod-ipt-extra)
287 TITLE:=Other extra iptables extensions
290 define Package/iptables-mod-extra/description
291 Other extra iptables extensions.
297 - physdev (if ebtables is enabled)
303 define Package/iptables-mod-led
304 $(call Package/iptables/Module, +kmod-ipt-led)
305 TITLE:=LED trigger iptables extension
308 define Package/iptables-mod-led/description
309 iptables extension for triggering a LED.
316 define Package/iptables-mod-tproxy
317 $(call Package/iptables/Module, +kmod-ipt-tproxy)
318 TITLE:=Transparent proxy iptables extensions
321 define Package/iptables-mod-tproxy/description
322 Transparent proxy iptables extensions.
332 define Package/iptables-mod-tee
333 $(call Package/iptables/Module, +kmod-ipt-tee)
334 TITLE:=TEE iptables extensions
337 define Package/iptables-mod-tee/description
338 TEE iptables extensions.
345 define Package/iptables-mod-u32
346 $(call Package/iptables/Module, +kmod-ipt-u32)
347 TITLE:=U32 iptables extensions
350 define Package/iptables-mod-u32/description
351 U32 iptables extensions.
358 define Package/ip6tables
359 $(call Package/iptables/Default)
360 DEPENDS:=@IPV6 +kmod-ip6tables +iptables
362 TITLE:=IPv6 firewall administration tool
367 define Package/ip6tables-extra
368 $(call Package/iptables/Default)
369 DEPENDS:=ip6tables +kmod-ip6tables-extra
370 TITLE:=IPv6 header matching modules
373 define Package/ip6tables-mod-extra/description
374 iptables header matching modules for IPv6
377 define Package/ip6tables-mod-nat
378 $(call Package/iptables/Default)
379 DEPENDS:=ip6tables +kmod-ipt-nat6
380 TITLE:=IPv6 NAT extensions
383 define Package/ip6tables-mod-nat/description
384 iptables extensions for IPv6-NAT targets.
387 define Package/libiptc
388 $(call Package/iptables/Default)
391 DEPENDS:=+libip4tc +libip6tc +libxtables
392 TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
395 define Package/libip4tc
396 $(call Package/iptables/Default)
399 TITLE:=IPv4 firewall - shared libiptc library
403 define Package/libip6tc
404 $(call Package/iptables/Default)
407 TITLE:=IPv6 firewall - shared libiptc library
411 define Package/libxtables
412 $(call Package/iptables/Default)
415 TITLE:=IPv4/IPv6 firewall - shared xtables library
419 -I$(PKG_BUILD_DIR)/include \
420 -I$(LINUX_DIR)/user_headers/include \
424 -I$(PKG_BUILD_DIR)/include \
425 -I$(LINUX_DIR)/user_headers/include \
426 -ffunction-sections -fdata-sections \
435 --with-kernel="$(LINUX_DIR)/user_headers" \
436 --with-xtlibdir=/usr/lib/iptables \
438 $(if $(CONFIG_IPV6),,--disable-ipv6)
441 $(TARGET_CONFIGURE_OPTS) \
442 COPT_FLAGS="$(TARGET_CFLAGS)" \
443 KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
444 KBUILD_OUTPUT="$(LINUX_DIR)" \
445 BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
447 ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
448 define Build/Configure/rebuild
449 $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
450 rm -f $(PKG_BUILD_DIR)/.config_*
451 rm -f $(PKG_BUILD_DIR)/.configured_*
452 touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
456 define Build/Configure
457 $(Build/Configure/rebuild)
458 $(Build/Configure/Default)
461 define Build/InstallDev
462 $(INSTALL_DIR) $(1)/usr/include
463 $(INSTALL_DIR) $(1)/usr/include/iptables
464 $(INSTALL_DIR) $(1)/usr/include/net/netfilter
466 # XXX: iptables header fixup, some headers are not installed by iptables anymore
467 $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
468 $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
469 $(CP) $(PKG_BUILD_DIR)/include/ip6tables.h $(1)/usr/include/
470 $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
471 $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
473 $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
474 $(INSTALL_DIR) $(1)/usr/lib
475 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
476 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
477 $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
478 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
479 $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
481 # XXX: needed by firewall3
482 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
485 define Package/iptables/install
486 $(INSTALL_DIR) $(1)/usr/sbin
487 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-multi $(1)/usr/sbin/
488 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
489 $(INSTALL_DIR) $(1)/usr/lib/iptables
492 define Package/ip6tables/install
493 $(INSTALL_DIR) $(1)/usr/sbin
494 $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
497 define Package/libiptc/install
498 $(INSTALL_DIR) $(1)/usr/lib
499 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
502 define Package/libip4tc/install
503 $(INSTALL_DIR) $(1)/usr/lib
504 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
505 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
508 define Package/libip6tc/install
509 $(INSTALL_DIR) $(1)/usr/lib
510 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
511 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
514 define Package/libxtables/install
515 $(INSTALL_DIR) $(1)/usr/lib
516 $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
517 $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
521 define Package/$(1)/install
522 $(INSTALL_DIR) $$(1)/usr/lib/iptables
523 for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
524 if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
525 $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
531 $$(eval $$(call BuildPackage,$(1)))
534 $(eval $(call BuildPackage,iptables))
535 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
536 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
537 $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
538 $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
539 $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
540 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
541 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
542 $(eval $(call BuildPlugin,iptables-mod-cluster,$(IPT_CLUSTER-m)))
543 $(eval $(call BuildPlugin,iptables-mod-clusterip,$(IPT_CLUSTERIP-m)))
544 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
545 $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
546 $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
547 $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
548 $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
549 $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
550 $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
551 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
552 $(eval $(call BuildPackage,ip6tables))
553 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
554 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
555 $(eval $(call BuildPackage,libiptc))
556 $(eval $(call BuildPackage,libip4tc))
557 $(eval $(call BuildPackage,libip6tc))
558 $(eval $(call BuildPackage,libxtables))