#
-# Copyright (C) 2006-2013 OpenWrt.org
+# Copyright (C) 2006-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
-PKG_VERSION:=1.4.21
+PKG_VERSION:=1.6.1
PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
- ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
- ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
- ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
-PKG_MD5SUM:=536d048c8e8eeebcd9757d0863ebb0c0
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://git.netfilter.org/iptables
+PKG_SOURCE_VERSION:=7df66f1c13563cfbab75246b009ce36f69ee4487
+PKG_MIRROR_HASH:=22f15ef41fd8e3724bedcee666b7b6a3491d2d038d580ef1fb032718dcb73f14
PKG_FIXUP:=autoreconf
+
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0
-ifneq ($(CONFIG_EXTERNAL_KERNEL_TREE),"")
-PATCH_DIR:=
-endif
-
include $(INCLUDE_DIR)/package.mk
ifeq ($(DUMP),)
-include $(LINUX_DIR)/.config
include $(INCLUDE_DIR)/netfilter.mk
- STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
+ STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | mkhash md5)
endif
DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
endef
+define Package/iptables/config
+ config IPTABLES_CONNLABEL
+ bool "Enable Connlabel support"
+ default n
+ help
+ This enable connlabel support in iptables.
+
+ config IPTABLES_NFTABLES
+ bool "Enable Nftables support"
+ default n
+ help
+ This enable nftables support in iptables.
+endef
+
define Package/iptables/description
IP firewall administration tool.
Includes support for:
Matches:
- - layer7
- string
endef
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
- DEPENDS:=+libip4tc +IPV6:libip6tc
+ DEPENDS:=+libip4tc +libip6tc +libxtables
+ ABI_VERSION:=$(PKG_VERSION)
TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
endef
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4 firewall - shared libiptc library
+ ABI_VERSION:=$(PKG_VERSION)
+ DEPENDS:=+libxtables
endef
define Package/libip6tc
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv6 firewall - shared libiptc library
+ ABI_VERSION:=$(PKG_VERSION)
+ DEPENDS:=+libxtables
endef
define Package/libxtables
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables library
+ ABI_VERSION:=$(PKG_VERSION)
+ DEPENDS:= \
+ +IPTABLES_CONNLABEL:libnetfilter-conntrack \
+ +IPTABLES_NFTABLES:libnftnl
endef
TARGET_CPPFLAGS := \
TARGET_CFLAGS += \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/user_headers/include \
- -ffunction-sections -fdata-sections
+ -ffunction-sections -fdata-sections \
+ -DNO_LEGACY
TARGET_LDFLAGS += \
-Wl,--gc-sections
CONFIGURE_ARGS += \
--enable-shared \
+ --enable-static \
--enable-devel \
--with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \
- --enable-static \
+ $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
+ $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
$(if $(CONFIG_IPV6),,--disable-ipv6)
MAKE_FLAGS := \
KBUILD_OUTPUT="$(LINUX_DIR)" \
BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
+ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED)))
+ define Build/Configure/rebuild
+ $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.\?o -or -name \*.a | $(XARGS) rm -f
+ rm -f $(PKG_BUILD_DIR)/.config_*
+ rm -f $(PKG_BUILD_DIR)/.configured_*
+ touch $(subst .configured_,.config_,$(STAMP_CONFIGURED))
+ endef
+endif
+
+define Build/Configure
+$(Build/Configure/rebuild)
+$(Build/Configure/Default)
+endef
+
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(INSTALL_DIR) $(1)/usr/include/iptables
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
# XXX: needed by firewall3
- $(INSTALL_DIR) $(1)/usr/lib/iptables
- $(CP) $(PKG_BUILD_DIR)/extensions/libext*.a $(1)/usr/lib/iptables/
+ $(CP) $(PKG_BUILD_DIR)/extensions/libiptext*.so $(1)/usr/lib/
endef
define Package/iptables/install
define Package/libip4tc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
+ $(CP) $(PKG_BUILD_DIR)/extensions/libiptext4.so $(1)/usr/lib/
endef
define Package/libip6tc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
+ $(CP) $(PKG_BUILD_DIR)/extensions/libiptext6.so $(1)/usr/lib/
endef
define Package/libxtables/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
+ $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
endef
define BuildPlugin
$$(eval $$(call BuildPackage,$(1)))
endef
-L7_INSTALL:=\
- $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
- $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
-
-
$(eval $(call BuildPackage,iptables))
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
-$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
+$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m)))
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))