1 # Copyright 2017-2023 MOSSDeF, Stan Grishin (stangri@melmac.ca)
2 # This is free software, licensed under the GNU General Public License v3.
4 include $(TOPDIR
)/rules.mk
9 PKG_LICENSE
:=GPL-3.0
-or-later
10 PKG_MAINTAINER
:=Stan Grishin
<stangri@melmac.ca
>
12 include $(INCLUDE_DIR
)/package.mk
14 define Package
/pbr
/default
17 SUBMENU
:=Routing and Redirection
18 TITLE
:=Policy Based Routing Service
19 URL
:=https
://docs.openwrt.melmac.net
/pbr
/
20 DEPENDS
:=+ip-full
+jshn
+jsonfilter
+resolveip
21 DEPENDS
+=+!BUSYBOX_DEFAULT_AWK
:gawk
22 DEPENDS
+=+!BUSYBOX_DEFAULT_GREP
:grep
23 DEPENDS
+=+!BUSYBOX_DEFAULT_SED
:sed
24 CONFLICTS
:=vpnbypass vpn-policy-routing
30 $(call Package
/pbr
/default
)
31 TITLE
+= with nft
/nft set support
32 DEPENDS
+=+kmod-nft-core
+kmod-nft-nat
+nftables-json
35 PROVIDES
+=vpnbypass vpn-policy-routing
38 define Package
/pbr-iptables
39 $(call Package
/pbr
/default
)
40 TITLE
+= with iptables
/ipset support
41 DEPENDS
+=+ipset
+iptables
+kmod-ipt-ipset
+iptables-mod-ipopt
45 define Package
/pbr-netifd
46 $(call Package
/pbr
/default
)
47 TITLE
+= with netifd support
51 define Package
/pbr
/default
/description
52 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
55 define Package
/pbr
/description
56 $(call Package
/pbr
/default
/description
)
57 This version supports OpenWrt with both firewall3
/ipset
/iptables and firewall4
/nft.
60 define Package
/pbr-iptables
/description
61 $(call Package
/pbr
/default
/description
)
62 This version supports OpenWrt with firewall3
/ipset
/iptables.
65 define Package
/pbr-netifd
/description
66 $(call Package
/pbr
/default
/description
)
67 This version supports OpenWrt with both firewall3
/ipset
/iptables and firewall4
/nft.
68 This version uses OpenWrt native netifd
/tables to set up interfaces. This is WIP.
71 define Package
/pbr
/default
/conffiles
75 Package
/pbr
/conffiles
= $(Package
/pbr
/default
/conffiles
)
76 Package
/pbr-iptables
/conffiles
= $(Package
/pbr
/default
/conffiles
)
77 Package
/pbr-netifd
/conffiles
= $(Package
/pbr
/default
/conffiles
)
79 define Build
/Configure
85 define Package
/pbr
/default
/install
86 $(INSTALL_DIR
) $(1)/etc
/init.d
87 $(INSTALL_BIN
) .
/files
/etc
/init.d
/pbr
$(1)/etc
/init.d
/pbr
88 $(SED
) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc
/init.d
/pbr
89 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
90 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/90-pbr
$(1)/etc
/uci-defaults
/90-pbr
91 $(INSTALL_DIR
) $(1)/usr
/share
/pbr
92 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/.keep
$(1)/usr
/share
/pbr
/.keep
93 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.aws
$(1)/usr
/share
/pbr
/pbr.user.aws
94 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.netflix
$(1)/usr
/share
/pbr
/pbr.user.netflix
95 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/pbr.user.wg_server_and_client
$(1)/usr
/share
/pbr
/pbr.user.wg_server_and_client
97 # $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
98 # $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
100 define Package
/pbr
/install
101 $(call Package
/pbr
/default
/install,$(1))
102 $(INSTALL_DIR
) $(1)/etc
/config
103 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr
$(1)/etc
/config
/pbr
104 $(INSTALL_DIR
) $(1)/usr
/share
/pbr
105 $(INSTALL_DATA
) .
/files
/usr
/share
/pbr
/firewall.
include $(1)/usr
/share
/pbr
/firewall.
include
106 $(INSTALL_DIR
) $(1)/usr
/share
/nftables.d
107 $(CP
) .
/files
/usr
/share
/nftables.d
/* $(1)/usr
/share
/nftables.d
/
108 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
109 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/91-pbr-nft
$(1)/etc
/uci-defaults
/91-pbr-nft
112 define Package
/pbr-iptables
/install
113 $(call Package
/pbr
/default
/install,$(1))
114 $(INSTALL_DIR
) $(1)/etc
/hotplug.d
/firewall
115 $(INSTALL_DATA
) .
/files
/etc
/hotplug.d
/firewall
/70-pbr
$(1)/etc
/hotplug.d
/firewall
/70-pbr
116 $(INSTALL_DIR
) $(1)/etc
/config
117 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr.iptables
$(1)/etc
/config
/pbr
118 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
119 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/91-pbr-iptables
$(1)/etc
/uci-defaults
/91-pbr-iptables
122 define Package
/pbr-netifd
/install
123 $(call Package
/pbr
/default
/install,$(1))
124 $(INSTALL_DIR
) $(1)/etc
/config
125 $(INSTALL_CONF
) .
/files
/etc
/config
/pbr
$(1)/etc
/config
/pbr
126 $(INSTALL_DIR
) $(1)/etc
/uci-defaults
127 $(INSTALL_BIN
) .
/files
/etc
/uci-defaults
/91-pbr-netifd
$(1)/etc
/uci-defaults
/91-pbr-netifd
130 define Package
/pbr
/postinst
132 # check if we are on real system
133 if
[ -z
"$${IPKG_INSTROOT}" ]; then
134 chmod
-x
/etc
/init.d
/pbr || true
135 fw4
-q reload || true
136 chmod
+x
/etc
/init.d
/pbr || true
137 echo
-n
"Installing rc.d symlink for pbr... "
138 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
143 define Package
/pbr
/prerm
145 # check if we are on real system
146 if
[ -z
"$${IPKG_INSTROOT}" ]; then
147 uci
-q delete firewall.pbr || true
148 echo
-n
"Stopping pbr service... "
149 /etc
/init.d
/pbr stop quiet
>/dev
/null
2>&1 && echo
"OK" || echo
"FAIL"
150 echo
-n
"Removing rc.d symlink for pbr... "
151 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
156 define Package
/pbr
/postrm
158 # check if we are on real system
159 if
[ -z
"$${IPKG_INSTROOT}" ]; then
160 fw4
-q reload || true
165 define Package
/pbr-iptables
/postinst
167 # check if we are on real system
168 if
[ -z
"$${IPKG_INSTROOT}" ]; then
169 echo
-n
"Installing rc.d symlink for pbr-iptables... "
170 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
175 define Package
/pbr-iptables
/prerm
177 # check if we are on real system
178 if
[ -z
"$${IPKG_INSTROOT}" ]; then
179 uci
-q delete firewall.pbr || true
180 echo
-n
"Stopping pbr-iptables service... "
181 /etc
/init.d
/pbr stop quiet
>/dev
/null
2>&1 && echo
"OK" || echo
"FAIL"
182 echo
-n
"Removing rc.d symlink for pbr-iptables... "
183 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
188 define Package
/pbr-netifd
/postinst
190 # check if we are on real system
191 if
[ -z
"$${IPKG_INSTROOT}" ]; then
192 echo
-n
"Installing rc.d symlink for pbr-netifd... "
193 /etc
/init.d
/pbr enable
&& echo
"OK" || echo
"FAIL"
198 define Package
/pbr-netifd
/prerm
200 # check if we are on real system
201 if
[ -z
"$${IPKG_INSTROOT}" ]; then
202 uci
-q delete firewall.pbr || true
203 echo
-n
"Stopping pbr-netifd service... "
204 /etc
/init.d
/pbr stop quiet
>/dev
/null
2>&1 && echo
"OK" || echo
"FAIL"
205 echo
-n
"Removing rc.d symlink for pbr... "
206 /etc
/init.d
/pbr disable
&& echo
"OK" || echo
"FAIL"
207 echo
-n
"Cleaning up /etc/iproute2/rt_tables... "
208 if sed
-i
'/pbr_/d' /etc
/iproute2
/rt_tables
; then
213 echo
-n
"Cleaning up /etc/config/network... "
214 if sed
-i
'/ip.table.*pbr_/d' /etc
/config
/network
; then
219 echo
-n
"Restarting Network... "
220 if
/etc
/init.d
/network restart
>/dev
/null
2>&1; then
230 $(eval
$(call BuildPackage
,pbr
))
231 $(eval
$(call BuildPackage
,pbr-iptables
))
232 #$(eval $(call BuildPackage,pbr-netifd))