1 # Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
2 # This is free software, licensed under the GNU General Public License v3.
4 include $(TOPDIR
)/rules.mk
9 PKG_LICENSE
:=GPL-3.0
-or-later
10 PKG_MAINTAINER
:=Stan Grishin
<stangri@melmac.ca
>
12 include $(INCLUDE_DIR
)/package.mk
14 define Package
/pbr
/default
19 TITLE
:=Policy Based Routing Service
20 URL
:=https
://docs.openwrt.melmac.net
/pbr
/
21 DEPENDS
:=+ip-full
+jshn
+jsonfilter
+resolveip
22 CONFLICTS
:=vpnbypass vpn-policy-routing
23 PROVIDES
:=pbr vpnbypass vpn-policy-routing
28 $(call Package
/pbr
/default
)
29 TITLE
+= with nft
/nft set support
30 DEPENDS
+=+firewall4
+kmod-nft-core
+kmod-nft-nat
+nftables-json
33 define Package
/pbr-iptables
34 $(call Package
/pbr
/default
)
35 TITLE
+= with iptables
/ipset support
36 DEPENDS
+=+ipset
+iptables
+kmod-ipt-ipset
+iptables-mod-ipopt
39 define Package
/pbr-netifd
40 $(call Package
/pbr
/default
)
41 TITLE
+= with netifd support
44 define Package
/pbr
/description
45 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
46 This version supports OpenWrt with both fw3
/ipset
/iptables and fw4
/nft.
49 define Package
/pbr-iptables
/description
50 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
51 This version supports OpenWrt with fw3
/ipset
/iptables.
54 define Package
/pbr-netifd
/description
55 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
56 This version supports OpenWrt with both fw3
/ipset
/iptables and fw4
/nft.
57 This version uses OpenWrt native netifd
/tables to set up interfaces. This is WIP.
60 define Package
/pbr
/conffiles
64 Package
/pbr-iptables
/conffiles
= $(Package
/pbr
/conffiles
)
65 Package
/pbr-netifd
/conffiles
= $(Package
/pbr
/conffiles
)
67 define Build
/Configure
73 define Package
/pbr
/default
/install
74 $(INSTALL_DIR
) $(1)/etc
/init.d
75 $(INSTALL_BIN
) .
/files
/etc
/init.d
/pbr.init
$(1)/etc
/init.d
/pbr
76 $(SED
) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc
/init.d
/pbr
77 $(INSTALL_DIR
) $(1)/etc
/hotplug.d
/firewall
78 $(INSTALL_DIR
) $(1)/etc
/hotplug.d
/iface
79 $(INSTALL_DATA
) .
/files
/etc
/hotplug.d
/iface
/70-pbr
$(1)/etc
/hotplug.d
/iface
/70-pbr
80 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
81 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/90-pbr
$(1)/etc
/uci-defaults
/90-pbr
82 $(INSTALL_DIR
) $(1)/usr
/share
/pbr
83 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.firewall.
include $(1)/usr
/share
/pbr
/pbr.firewall.
include
84 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.aws
$(1)/usr
/share
/pbr
/pbr.user.aws
85 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.netflix
$(1)/usr
/share
/pbr
/pbr.user.netflix
88 define Package
/pbr
/install
89 $(call Package
/pbr
/default
/install,$(1))
90 $(INSTALL_DIR
) $(1)/etc
/config
91 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr
$(1)/etc
/config
/pbr
92 $(INSTALL_DIR
) $(1)/usr
/share
/nftables.d
93 $(CP
) .
/files
/usr
/share
/nftables.d
/* $(1)/usr
/share
/nftables.d
/
96 define Package
/pbr-iptables
/install
97 $(call Package
/pbr
/default
/install,$(1))
98 $(INSTALL_DIR
) $(1)/etc
/config
99 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr.iptables
$(1)/etc
/config
/pbr
102 define Package
/pbr-netifd
/install
103 $(call Package
/pbr
/default
/install,$(1))
104 $(INSTALL_DIR
) $(1)/etc
/config
105 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr
$(1)/etc
/config
/pbr
106 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
107 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/91-pbr
$(1)/etc
/uci-defaults
/91-pbr
110 define Package
/pbr
/postinst
112 # check if we are on real system
113 if
[ -z
"$${IPKG_INSTROOT}" ]; then
114 chmod
-x
/etc
/init.d
/pbr || true
115 fw4
-q reload || true
116 chmod
+x
/etc
/init.d
/pbr || true
117 echo
-n
"Installing rc.d symlink for pbr... "
118 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
123 define Package
/pbr
/prerm
125 # check if we are on real system
126 if
[ -z
"$${IPKG_INSTROOT}" ]; then
127 uci
-q delete firewall.pbr || true
128 echo
"Stopping pbr service... "
129 /etc
/init.d
/pbr stop || true
130 echo
-n
"Removing rc.d symlink for pbr... "
131 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
136 define Package
/pbr
/postrm
138 # check if we are on real system
139 if
[ -z
"$${IPKG_INSTROOT}" ]; then
140 fw4
-q reload || true
145 define Package
/pbr-iptables
/postinst
147 # check if we are on real system
148 if
[ -z
"$${IPKG_INSTROOT}" ]; then
149 echo
-n
"Installing rc.d symlink for pbr... "
150 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
155 define Package
/pbr-iptables
/prerm
157 # check if we are on real system
158 if
[ -z
"$${IPKG_INSTROOT}" ]; then
159 uci
-q delete firewall.pbr || true
160 echo
"Stopping pbr service... "
161 /etc
/init.d
/pbr stop || true
162 echo
-n
"Removing rc.d symlink for pbr... "
163 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
168 define Package
/pbr-netifd
/postinst
170 # check if we are on real system
171 if
[ -z
"$${IPKG_INSTROOT}" ]; then
172 echo
-n
"Installing rc.d symlink for pbr... "
173 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
174 # echo -n "Installing netifd support for pbr... "
175 # /etc/init.d/pbr netifd install && echo "OK" || echo "FAIL"
176 # echo -n "Restarting network... "
177 # /etc/init.d/network restart && echo "OK" || echo "FAIL"
182 define Package
/pbr-netifd
/prerm
184 # check if we are on real system
185 if
[ -z
"$${IPKG_INSTROOT}" ]; then
186 uci
-q delete firewall.pbr || true
187 echo
"Stopping pbr service... "
188 /etc
/init.d
/pbr stop || true
189 # echo -n "Removing netifd support for pbr... "
190 # /etc/init.d/pbr netifd remove && echo "OK" || echo "FAIL"
191 echo
-n
"Removing rc.d symlink for pbr... "
192 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
193 # echo -n "Restarting network... "
194 # /etc/init.d/network restart && echo "OK" || echo "FAIL"
199 $(eval
$(call BuildPackage
,pbr
))
200 $(eval
$(call BuildPackage
,pbr-iptables
))
201 #$(eval $(call BuildPackage,pbr-netifd))