-# Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
+# Copyright 2017-2023 MOSSDeF, Stan Grishin (stangri@melmac.ca)
# This is free software, licensed under the GNU General Public License v3.
include $(TOPDIR)/rules.mk
PKG_NAME:=pbr
-PKG_VERSION:=1.0.1
-PKG_RELEASE:=4
-PKG_LICENSE:=GPL-3.0-or-later
+PKG_VERSION:=1.1.4
+PKG_RELEASE:=16
+PKG_LICENSE:=AGPL-3.0-or-later
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
include $(INCLUDE_DIR)/package.mk
define Package/pbr/default
SECTION:=net
CATEGORY:=Network
- SUBMENU:=VPN
- PROVIDES:=pbr
+ SUBMENU:=Routing and Redirection
TITLE:=Policy Based Routing Service
URL:=https://docs.openwrt.melmac.net/pbr/
DEPENDS:=+ip-full +jshn +jsonfilter +resolveip
+ DEPENDS+=+!BUSYBOX_DEFAULT_AWK:gawk
+ DEPENDS+=+!BUSYBOX_DEFAULT_GREP:grep
+ DEPENDS+=+!BUSYBOX_DEFAULT_SED:sed
CONFLICTS:=vpnbypass vpn-policy-routing
+ PROVIDES:=pbr
PKGARCH:=all
endef
define Package/pbr
$(call Package/pbr/default)
TITLE+= with nft/nft set support
- DEPENDS+=+firewall4 +kmod-nft-core +kmod-nft-nat +nftables-json
- PROVIDES:=vpnbypass vpn-policy-routing
+ DEPENDS+=+kmod-nft-core +kmod-nft-nat +nftables-json
+ VARIANT:=nftables
+ DEFAULT_VARIANT:=1
+ PROVIDES+=vpnbypass vpn-policy-routing
endef
define Package/pbr-iptables
$(call Package/pbr/default)
TITLE+= with iptables/ipset support
DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
- PROVIDES:=pbr vpnbypass vpn-policy-routing
+ VARIANT:=iptables
endef
define Package/pbr-netifd
$(call Package/pbr/default)
TITLE+= with netifd support
- PROVIDES:=pbr vpnbypass vpn-policy-routing
+ VARIANT:=netifd
+endef
+
+define Package/pbr/default/description
+ This service enables policy-based routing for WAN interfaces and various VPN tunnels.
endef
define Package/pbr/description
-This service enables policy-based routing for WAN interfaces and various VPN tunnels.
-This version supports OpenWrt with both fw3/ipset/iptables and fw4/nft.
+ $(call Package/pbr/default/description)
+ This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
endef
define Package/pbr-iptables/description
-This service enables policy-based routing for WAN interfaces and various VPN tunnels.
-This version supports OpenWrt with fw3/ipset/iptables.
+ $(call Package/pbr/default/description)
+ This version supports OpenWrt with firewall3/ipset/iptables.
endef
define Package/pbr-netifd/description
-This service enables policy-based routing for WAN interfaces and various VPN tunnels.
-This version supports OpenWrt with both fw3/ipset/iptables and fw4/nft.
-This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
+ $(call Package/pbr/default/description)
+ This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
+ This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
endef
-define Package/pbr/conffiles
+define Package/pbr/default/conffiles
/etc/config/pbr
endef
-Package/pbr-iptables/conffiles = $(Package/pbr/conffiles)
-Package/pbr-netifd/conffiles = $(Package/pbr/conffiles)
+Package/pbr/conffiles = $(Package/pbr/default/conffiles)
+Package/pbr-iptables/conffiles = $(Package/pbr/default/conffiles)
+Package/pbr-netifd/conffiles = $(Package/pbr/default/conffiles)
define Build/Configure
endef
define Package/pbr/default/install
$(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/etc/init.d/pbr.init $(1)/etc/init.d/pbr
+ $(INSTALL_BIN) ./files/etc/init.d/pbr $(1)/etc/init.d/pbr
$(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
- $(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
- $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
- $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
$(INSTALL_DIR) $(1)/usr/share/pbr
- $(INSTALL_DATA) ./files/usr/share/pbr/pbr.firewall.include $(1)/usr/share/pbr/pbr.firewall.include
+ $(INSTALL_DATA) ./files/usr/share/pbr/.keep $(1)/usr/share/pbr/.keep
$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
+ $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.wg_server_and_client $(1)/usr/share/pbr/pbr.user.wg_server_and_client
endef
+# $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+# $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
define Package/pbr/install
$(call Package/pbr/default/install,$(1))
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
+ $(INSTALL_DIR) $(1)/usr/share/pbr
+ $(INSTALL_DATA) ./files/usr/share/pbr/firewall.include $(1)/usr/share/pbr/firewall.include
$(INSTALL_DIR) $(1)/usr/share/nftables.d
$(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr-nft $(1)/etc/uci-defaults/91-pbr-nft
endef
define Package/pbr-iptables/install
$(call Package/pbr/default/install,$(1))
+ $(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
+ $(INSTALL_DATA) ./files/etc/hotplug.d/firewall/70-pbr $(1)/etc/hotplug.d/firewall/70-pbr
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/pbr.iptables $(1)/etc/config/pbr
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr-iptables $(1)/etc/uci-defaults/91-pbr-iptables
endef
define Package/pbr-netifd/install
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
$(INSTALL_DIR) $(1)/etc/uci-defaults
- $(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr $(1)/etc/uci-defaults/91-pbr
+ $(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr-netifd $(1)/etc/uci-defaults/91-pbr-netifd
endef
define Package/pbr/postinst
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
uci -q delete firewall.pbr || true
- echo "Stopping pbr service... "
- /etc/init.d/pbr stop || true
+ echo -n "Stopping pbr service... "
+ /etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL"
echo -n "Removing rc.d symlink for pbr... "
/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
fi
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
- echo -n "Installing rc.d symlink for pbr... "
+ echo -n "Installing rc.d symlink for pbr-iptables... "
/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
fi
exit 0
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
uci -q delete firewall.pbr || true
- echo "Stopping pbr service... "
- /etc/init.d/pbr stop || true
- echo -n "Removing rc.d symlink for pbr... "
+ echo -n "Stopping pbr-iptables service... "
+ /etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL"
+ echo -n "Removing rc.d symlink for pbr-iptables... "
/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
fi
exit 0
#!/bin/sh
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
- echo -n "Installing rc.d symlink for pbr... "
+ echo -n "Installing rc.d symlink for pbr-netifd... "
/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
- # echo -n "Installing netifd support for pbr... "
- # /etc/init.d/pbr netifd install && echo "OK" || echo "FAIL"
- # echo -n "Restarting network... "
- # /etc/init.d/network restart && echo "OK" || echo "FAIL"
fi
exit 0
endef
# check if we are on real system
if [ -z "$${IPKG_INSTROOT}" ]; then
uci -q delete firewall.pbr || true
- echo "Stopping pbr service... "
- /etc/init.d/pbr stop || true
- # echo -n "Removing netifd support for pbr... "
- # /etc/init.d/pbr netifd remove && echo "OK" || echo "FAIL"
+ echo -n "Stopping pbr-netifd service... "
+ /etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL"
echo -n "Removing rc.d symlink for pbr... "
/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
- # echo -n "Restarting network... "
- # /etc/init.d/network restart && echo "OK" || echo "FAIL"
+ echo -n "Cleaning up /etc/iproute2/rt_tables... "
+ if sed -i '/pbr_/d' /etc/iproute2/rt_tables; then
+ echo "OK"
+ else
+ echo "FAIL"
+ fi
+ echo -n "Cleaning up /etc/config/network... "
+ if sed -i '/ip.table.*pbr_/d' /etc/config/network; then
+ echo "OK"
+ else
+ echo "FAIL"
+ fi
+ echo -n "Restarting Network... "
+ if /etc/init.d/network restart >/dev/null 2>&1; then
+ echo "OK"
+ else
+ echo "FAIL"
+ fi
+
fi
exit 0
endef
projects / feed / packages.git / blobdiff