OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/package/network/utils/iptables/Makefile

1	#
2	# Copyright (C) 2006-2012 OpenWrt.org
3	#
4	# This is free software, licensed under the GNU General Public License v2.
5	# See /LICENSE for more information.
6	#
7
8	include $(TOPDIR)/rules.mk
9	include $(INCLUDE_DIR)/kernel.mk
10
11	PKG_NAME:=iptables
12	PKG_VERSION:=1.4.10
13	PKG_RELEASE:=4
14
15	PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
16	PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17	PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
18	ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
19	ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
20	ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
21
22	PKG_FIXUP:=autoreconf
23	PKG_INSTALL:=1
24	PKG_BUILD_PARALLEL:=1
25
26	ifneq ($(CONFIG_EXTERNAL_KERNEL_TREE),"")
27	PATCH_DIR:=
28	endif
29
30	include $(INCLUDE_DIR)/package.mk
31	ifeq ($(DUMP),)
32	-include $(LINUX_DIR)/.config
33	include $(INCLUDE_DIR)/netfilter.mk
34	STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) grep 'NETFILTER' $(LINUX_DIR)/.config \| md5s)
35	endif
36
37
38	define Package/iptables/Default
39	SECTION:=net
40	CATEGORY:=Network
41	SUBMENU:=Firewall
42	URL:=http://netfilter.org/
43	endef
44
45	define Package/iptables/Module
46	$(call Package/iptables/Default)
47	DEPENDS:=iptables $(1)
48	endef
49
50	define Package/iptables
51	$(call Package/iptables/Default)
52	TITLE:=IPv4 firewall administration tool
53	MENU:=1
54	DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
55	endef
56
57	define Package/iptables/description
58	IPv4 firewall administration tool.
59
60	Matches:
61	- icmp
62	- tcp
63	- udp
64	- comment
65	- limit
66	- mac
67	- multiport
68
69	Targets:
70	- ACCEPT
71	- DROP
72	- REJECT
73	- LOG
74	- TCPMSS
75
76	Tables:
77	- filter
78	- mangle
79
80	endef
81
82	define Package/iptables-mod-conntrack-extra
83	$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
84	TITLE:=Extra connection tracking extensions
85	endef
86
87	define Package/iptables-mod-conntrack-extra/description
88	Extra iptables extensions for connection tracking.
89
90	Matches:
91	- connbytes
92	- connmark
93	- recent
94	- helper
95
96	Targets:
97	- CONNMARK
98
99	endef
100
101	define Package/iptables-mod-filter
102	$(call Package/iptables/Module, +kmod-ipt-filter)
103	TITLE:=Content inspection extensions
104	endef
105
106	define Package/iptables-mod-filter/description
107	iptables extensions for packet content inspection.
108	Includes support for:
109
110	Matches:
111	- layer7
112	- string
113
114	endef
115
116	define Package/iptables-mod-ipopt
117	$(call Package/iptables/Module, +kmod-ipt-ipopt)
118	TITLE:=IP/Packet option extensions
119	endef
120
121	define Package/iptables-mod-ipopt/description
122	iptables extensions for matching/changing IP packet options.
123
124	Matches:
125	- dscp
126	- ecn
127	- length
128	- mark
129	- statistic
130	- tcpmss
131	- time
132	- unclean
133	- hl
134
135	Targets:
136	- DSCP
137	- CLASSIFY
138	- ECN
139	- MARK
140	- HL
141
142	endef
143
144	define Package/iptables-mod-ipsec
145	$(call Package/iptables/Module, +kmod-ipt-ipsec)
146	TITLE:=IPsec extensions
147	endef
148
149	define Package/iptables-mod-ipsec/description
150	iptables extensions for matching ipsec traffic.
151
152	Matches:
153	- ah
154	- esp
155	- policy
156
157	endef
158
159	define Package/iptables-mod-ipset
160	$(call Package/iptables/Module,)
161	TITLE:=IPset iptables extensions
162	endef
163
164	define Package/iptables-mod-ipset/description
165	IPset iptables extensions.
166
167	Matches:
168	- set
169
170	Targets:
171	- SET
172
173	endef
174
175	define Package/iptables-mod-nat-extra
176	$(call Package/iptables/Module, +kmod-ipt-nat-extra)
177	TITLE:=Extra NAT extensions
178	endef
179
180	define Package/iptables-mod-nat-extra/description
181	iptables extensions for extra NAT targets.
182
183	Targets:
184	- MIRROR
185	- NETMAP
186	- REDIRECT
187	endef
188
189	define Package/iptables-mod-ulog
190	$(call Package/iptables/Module, +kmod-ipt-ulog)
191	TITLE:=user-space packet logging
192	endef
193
194	define Package/iptables-mod-ulog/description
195	iptables extensions for user-space packet logging.
196
197	Targets:
198	- ULOG
199
200	endef
201
202	define Package/iptables-mod-hashlimit
203	$(call Package/iptables/Module, +kmod-ipt-hashlimit)
204	TITLE:=hashlimit matching
205	endef
206
207	define Package/iptables-mod-hashlimit/description
208	iptables extensions for hashlimit matching
209
210	Matches:
211	- hashlimit
212
213	endef
214
215	define Package/iptables-mod-iprange
216	$(call Package/iptables/Module, +kmod-ipt-iprange)
217	TITLE:=IP range extension
218	endef
219
220	define Package/iptables-mod-iprange/description
221	iptables extensions for matching ip ranges.
222
223	Matches:
224	- iprange
225
226	endef
227
228	define Package/iptables-mod-extra
229	$(call Package/iptables/Module, +kmod-ipt-extra)
230	TITLE:=Other extra iptables extensions
231	endef
232
233	define Package/iptables-mod-extra/description
234	Other extra iptables extensions.
235
236	Matches:
237	- condition
238	- owner
239	- physdev (if ebtables is enabled)
240	- pkttype
241	- quota
242
243	endef
244
245	define Package/iptables-mod-led
246	$(call Package/iptables/Module, +kmod-ipt-led)
247	TITLE:=LED trigger iptables extension
248	endef
249
250	define Package/iptables-mod-led/description
251	iptables extension for triggering a LED.
252
253	Targets:
254	- LED
255
256	endef
257
258	define Package/iptables-mod-tproxy
259	$(call Package/iptables/Module, +kmod-ipt-tproxy)
260	TITLE:=Transparent proxy iptables extensions
261	endef
262
263	define Package/iptables-mod-tproxy/description
264	Transparent proxy iptables extensions.
265
266	Matches:
267	- socket
268
269	Targets:
270	- TPROXY
271
272	endef
273
274	define Package/iptables-mod-tee
275	$(call Package/iptables/Module, +kmod-ipt-tee)
276	TITLE:=TEE iptables extensions
277	endef
278
279	define Package/iptables-mod-tee/description
280	TEE iptables extensions.
281
282	Targets:
283	- TEE
284
285	endef
286
287	define Package/iptables-mod-u32
288	$(call Package/iptables/Module, +kmod-ipt-u32)
289	TITLE:=U32 iptables extensions
290	endef
291
292	define Package/iptables-mod-u32/description
293	U32 iptables extensions.
294
295	Matches:
296	- u32
297
298	endef
299
300	define Package/ip6tables
301	$(call Package/iptables/Default)
302	DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
303	CATEGORY:=IPv6
304	TITLE:=IPv6 firewall administration tool
305	MENU:=1
306	endef
307
308	define Package/libiptc
309	$(call Package/iptables/Default)
310	SECTION:=libs
311	CATEGORY:=Libraries
312	DEPENDS:=+libip4tc +libip6tc
313	TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
314	endef
315
316	define Package/libip4tc
317	$(call Package/iptables/Default)
318	SECTION:=libs
319	CATEGORY:=Libraries
320	TITLE:=IPv4 firewall - shared libiptc library
321	endef
322
323	define Package/libip6tc
324	$(call Package/iptables/Default)
325	SECTION:=libs
326	CATEGORY:=Libraries
327	TITLE:=IPv6 firewall - shared libiptc library
328	endef
329
330	define Package/libxtables
331	$(call Package/iptables/Default)
332	SECTION:=libs
333	CATEGORY:=Libraries
334	TITLE:=IPv4/IPv6 firewall - shared xtables library
335	endef
336
337	TARGET_CPPFLAGS := \
338	-I$(PKG_BUILD_DIR)/include \
339	-I$(LINUX_DIR)/user_headers/include \
340	$(TARGET_CPPFLAGS)
341
342	TARGET_CFLAGS += \
343	-I$(PKG_BUILD_DIR)/include \
344	-I$(LINUX_DIR)/user_headers/include
345
346	CONFIGURE_ARGS += \
347	--enable-shared \
348	--enable-devel \
349	$(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
350	--with-kernel="$(LINUX_DIR)/user_headers" \
351	--with-xtlibdir=/usr/lib/iptables \
352	--enable-static
353
354	MAKE_FLAGS := \
355	$(TARGET_CONFIGURE_OPTS) \
356	COPT_FLAGS="$(TARGET_CFLAGS)" \
357	KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
358	KBUILD_OUTPUT="$(LINUX_DIR)" \
359	BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
360
361	define Build/InstallDev
362	$(INSTALL_DIR) $(1)/usr/include
363	$(INSTALL_DIR) $(1)/usr/include/iptables
364	$(INSTALL_DIR) $(1)/usr/include/net/netfilter
365
366	# XXX: iptables header fixup, some headers are not installed by iptables anymore
367	$(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
368	$(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
369	$(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
370	$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
371	$(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
372
373	$(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
374	$(INSTALL_DIR) $(1)/usr/lib
375	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
376	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so $(1)/usr/lib/
377	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
378	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
379	$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
380	endef
381
382	define Package/iptables/install
383	$(INSTALL_DIR) $(1)/usr/sbin
384	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
385	$(LN) iptables $(1)/usr/sbin/iptables-save
386	$(LN) iptables $(1)/usr/sbin/iptables-restore
387	$(INSTALL_DIR) $(1)/usr/lib/iptables
388	endef
389
390	define Package/ip6tables/install
391	$(INSTALL_DIR) $(1)/usr/sbin
392	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
393	$(LN) ip6tables $(1)/usr/sbin/ip6tables-save
394	$(LN) ip6tables $(1)/usr/sbin/ip6tables-restore
395	$(INSTALL_DIR) $(1)/usr/lib/iptables
396	(cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
397	$(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
398	)
399	endef
400
401	define Package/libiptc/install
402	$(INSTALL_DIR) $(1)/usr/lib
403	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
404	endef
405
406	define Package/libip4tc/install
407	$(INSTALL_DIR) $(1)/usr/lib
408	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
409	endef
410
411	define Package/libip6tc/install
412	$(INSTALL_DIR) $(1)/usr/lib
413	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
414	endef
415
416	define Package/libxtables/install
417	$(INSTALL_DIR) $(1)/usr/lib
418	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
419	endef
420
421	define BuildPlugin
422	define Package/$(1)/install
423	$(INSTALL_DIR) $$(1)/usr/lib/iptables
424	for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
425	if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
426	$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
427	fi; \
428	done
429	$(3)
430	endef
431
432	$$(eval $$(call BuildPackage,$(1)))
433	endef
434
435	L7_INSTALL:=\
436	$(INSTALL_DIR) $$(1)/etc/l7-protocols; \
437	$(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
438
439
440	$(eval $(call BuildPackage,iptables))
441	$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
442	$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
443	$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
444	$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
445	$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
446	$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
447	$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
448	$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
449	$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
450	$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
451	$(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
452	$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
453	$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
454	$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
455	$(eval $(call BuildPackage,ip6tables))
456	$(eval $(call BuildPackage,libiptc))
457	$(eval $(call BuildPackage,libip4tc))
458	$(eval $(call BuildPackage,libip6tc))
459	$(eval $(call BuildPackage,libxtables))
460

Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl

OpenWrt XBurst

OpenWrt XBurst Git Source Tree

Root/package/network/utils/iptables/Makefile

interactive