domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

iptables: add ip[6|]tables-compat packages + libxtables-compat depends on IPTABLES_NFTABLES

Browse Source 
allows iptables-compat to use nft packet filtering
allows to translate iptables-style to nft-style

Signed-off-by: Martin Strobel <arctus@crza.de>
This commit is contained in:
Martin Strobel
2018-07-07 09:24:30 +02:00
committed by John Crispin
parent 7bbd1855cd
commit 7d7323bccd
1 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
package/network/utils/iptables/Makefile
View File

@@ -106,6 +106,21 @@ IP firewall administration tool.
endef endef
define Package/iptables-compat
$(call Package/iptables/Default)
TITLE:=IP firewall administration tool compat
DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-compat
endef
define Package/iptables-compat/description
Extra iptables nftables compat binaries.
iptables-compat
iptables-compat-restore
iptables-compat-save
iptables-translate
iptables-restore-translate
endef
define Package/iptables-mod-conntrack-extra define Package/iptables-mod-conntrack-extra
$(call Package/iptables/Module, +kmod-ipt-conntrack-extra) $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
TITLE:=Extra connection tracking extensions TITLE:=Extra connection tracking extensions
@@ -438,6 +453,20 @@ $(call Package/iptables/Default)
MENU:=1 MENU:=1
endef endef
define Package/ip6tables-compat
$(call Package/iptables/Default)
DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-compat
TITLE:=IP firewall administration tool compat
endef
define Package/ip6tables-compat/description
Extra ip6tables nftables compat binaries.
iptables-compat
iptables-compat-restore
iptables-compat-save
iptables-translate
iptables-restore-translate
endef
define Package/ip6tables-extra define Package/ip6tables-extra
$(call Package/iptables/Default) $(call Package/iptables/Default)
@@ -497,6 +526,15 @@ define Package/libxtables
+IPTABLES_NFTABLES:libnftnl +IPTABLES_NFTABLES:libnftnl
endef endef
define Package/libxtables-compat
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables compat library
ABI_VERSION:=$(PKG_VERSION)
DEPENDS:=libxtables
endef
TARGET_CPPFLAGS := \ TARGET_CPPFLAGS := \
-I$(PKG_BUILD_DIR)/include \ -I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/user_headers/include \ -I$(LINUX_DIR)/user_headers/include \
@@ -574,11 +612,24 @@ define Package/iptables/install
$(INSTALL_DIR) $(1)/usr/lib/iptables $(INSTALL_DIR) $(1)/usr/lib/iptables
endef endef
define Package/iptables-compat/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-compat-multi $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-compat{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/ip6tables/install define Package/ip6tables/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
endef endef
define Package/ip6tables-compat/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-compat{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/libiptc/install define Package/libiptc/install
$(INSTALL_DIR) $(1)/usr/lib $(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
@@ -602,6 +653,11 @@ define Package/libxtables/install
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/ $(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
endef endef
define Package/libxtables-compat/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
endef
define BuildPlugin define BuildPlugin
define Package/$(1)/install define Package/$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/iptables $(INSTALL_DIR) $$(1)/usr/lib/iptables
@@ -617,6 +673,7 @@ define BuildPlugin
endef endef
$(eval $(call BuildPackage,iptables)) $(eval $(call BuildPackage,iptables))
$(eval $(call BuildPackage,iptables-compat))
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m))) $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
@@ -640,9 +697,11 @@ $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m))) $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
$(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m))) $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
$(eval $(call BuildPackage,ip6tables)) $(eval $(call BuildPackage,ip6tables))
$(eval $(call BuildPackage,ip6tables-compat))
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m))) $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
$(eval $(call BuildPackage,libiptc)) $(eval $(call BuildPackage,libiptc))
$(eval $(call BuildPackage,libip4tc)) $(eval $(call BuildPackage,libip4tc))
$(eval $(call BuildPackage,libip6tc)) $(eval $(call BuildPackage,libip6tc))
$(eval $(call BuildPackage,libxtables)) $(eval $(call BuildPackage,libxtables))
$(eval $(call BuildPackage,libxtables-compat))