Root/package/iptables/Makefile

1#
2# Copyright (C) 2006-2010 OpenWrt.org
3#
4# This is free software, licensed under the GNU General Public License v2.
5# See /LICENSE for more information.
6#
7
8include $(TOPDIR)/rules.mk
9include $(INCLUDE_DIR)/kernel.mk
10
11PKG_NAME:=iptables
12PKG_VERSION:=1.4.6
13PKG_RELEASE:=2
14
15PKG_MD5SUM:=c67cf30e281a924def6426be0973df56
16PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
18    ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
19    ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
20    ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
21
22PKG_FIXUP:=autoreconf
23
24include $(INCLUDE_DIR)/package.mk
25ifeq ($(DUMP),)
26  -include $(LINUX_DIR)/.config
27  include $(INCLUDE_DIR)/netfilter.mk
28  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
29endif
30
31
32define Package/iptables/Default
33  SECTION:=net
34  CATEGORY:=Network
35  URL:=http://netfilter.org/
36endef
37
38define Package/iptables/Module
39$(call Package/iptables/Default)
40  DEPENDS:=iptables $(1)
41endef
42
43define Package/iptables
44$(call Package/iptables/Default)
45  TITLE:=IPv4 firewall administration tool
46  MENU:=1
47  DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
48endef
49
50define Package/iptables/description
51IPv4 firewall administration tool.
52Includes support for:
53- comment
54- limit
55- LOG
56- mac
57- multiport
58- REJECT
59- TCPMSS
60endef
61
62define Package/iptables-mod-conntrack
63$(call Package/iptables/Module, +kmod-ipt-conntrack)
64  TITLE:=Basic connection tracking extensions
65endef
66
67define Package/iptables-mod-conntrack/description
68Basic iptables extensions for connection tracking.
69Includes:
70- state
71- raw
72- NOTRACK
73endef
74
75define Package/iptables-mod-conntrack-extra
76$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
77  TITLE:=Extra connection tracking extensions
78endef
79
80define Package/iptables-mod-conntrack-extra/description
81Extra iptables extensions for connection tracking.
82Includes:
83- libipt_conntrack
84- libipt_helper
85- libipt_connmark/CONNMARK
86endef
87
88define Package/iptables-mod-filter
89$(call Package/iptables/Module, +kmod-ipt-filter)
90  TITLE:=Content inspection extensions
91endef
92
93define Package/iptables-mod-filter/description
94iptables extensions for packet content inspection.
95Includes:
96- libipt_string
97- libipt_layer7
98endef
99
100define Package/iptables-mod-imq
101$(call Package/iptables/Module, +kmod-ipt-imq)
102  TITLE:=IMQ support
103endef
104
105define Package/iptables-mod-imq/description
106iptables extension for IMQ support.
107Includes:
108- libipt_IMQ
109endef
110
111define Package/iptables-mod-ipopt
112$(call Package/iptables/Module, +kmod-ipt-ipopt)
113  TITLE:=IP/Packet option extensions
114endef
115
116define Package/iptables-mod-ipopt/description
117iptables extensions for matching/changing IP packet options.
118Includes:
119- libipt_CLASSIFY
120- libipt_dscp/DSCP
121- libipt_ecn/ECN
122- libipt_length
123- libipt_mac
124- libipt_mark/MARK
125- libipt_statistic
126- libipt_tcpmms
127- libipt_tos/TOS
128- libipt_ttl/TTL
129- libipt_unclean
130endef
131
132define Package/iptables-mod-ipsec
133$(call Package/iptables/Module, +kmod-ipt-ipsec)
134  TITLE:=IPsec extensions
135endef
136
137define Package/iptables-mod-ipsec/description
138iptables extensions for matching ipsec traffic.
139Includes:
140- libipt_ah
141- libipt_esp
142- libipt_policy
143endef
144
145define Package/iptables-mod-ipset
146$(call Package/iptables/Module, @LINUX_2_6)
147  TITLE:=IPset iptables extensions
148endef
149
150define Package/iptables-mod-ipset/description
151IPset iptables extensions.
152Includes:
153- libipt_set
154- libipt_SET
155endef
156
157define Package/iptables-mod-nat
158$(call Package/iptables/Module, +kmod-ipt-nat)
159  TITLE:=Basic NAT extensions
160endef
161
162define Package/iptables-mod-nat/description
163iptables extensions for basic NAT targets.
164Includes:
165- MASQUERADE
166- SNAT
167- DNAT
168endef
169
170define Package/iptables-mod-nat-extra
171$(call Package/iptables/Module, +kmod-ipt-nat-extra)
172  TITLE:=Extra NAT extensions
173endef
174
175define Package/iptables-mod-nat-extra/description
176iptables extensions for extra NAT targets.
177Includes:
178- REDIRECT
179endef
180
181define Package/iptables-mod-ulog
182$(call Package/iptables/Module, +kmod-ipt-ulog)
183  TITLE:=user-space packet logging
184endef
185
186define Package/iptables-mod-ulog/description
187iptables extensions for user-space packet logging.
188Includes:
189- libipt_ULOG
190endef
191
192define Package/iptables-mod-hashlimit
193$(call Package/iptables/Module, +kmod-ipt-hashlimit)
194  TITLE:=hashlimit matching
195endef
196
197define Package/iptables-mod-hashlimit/description
198iptables extensions for hashlimit matching
199Includes:
200- libxt_hashlimit
201endef
202
203define Package/iptables-mod-iprange
204$(call Package/iptables/Module, +kmod-ipt-iprange)
205  TITLE:=IP range extension
206endef
207
208define Package/iptables-mod-iprange/description
209iptables extensions for matching ip ranges.
210Includes:
211- libipt_iprange
212endef
213
214define Package/iptables-mod-extra
215$(call Package/iptables/Module, +kmod-ipt-extra)
216  TITLE:=Other extra iptables extensions
217endef
218
219define Package/iptables-mod-extra/description
220Other extra iptables extensions.
221Includes:
222- libipt_owner
223- libipt_physdev
224- libipt_pkttype
225- libipt_recent
226endef
227
228define Package/iptables-utils
229$(call Package/iptables/Module, )
230  TITLE:=iptables save and restore utilities
231endef
232
233define Package/ip6tables
234$(call Package/iptables/Default)
235  DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
236  CATEGORY:=IPv6
237  TITLE:=IPv6 firewall administration tool
238  MENU:=1
239endef
240
241define Package/ip6tables-utils
242$(call Package/iptables/Default)
243  DEPENDS:=ip6tables
244  CATEGORY:=IPv6
245  TITLE:=ip6tables save and restore utilities
246endef
247
248define Package/libiptc
249$(call Package/iptables/Default)
250  SECTION:=libs
251  CATEGORY:=Libraries
252  DEPENDS:=+libip4tc +libip6tc
253  TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
254endef
255
256define Package/libip4tc
257$(call Package/iptables/Default)
258  SECTION:=libs
259  CATEGORY:=Libraries
260  TITLE:=IPv4 firewall - shared libiptc library
261endef
262
263define Package/libip6tc
264$(call Package/iptables/Default)
265  SECTION:=libs
266  CATEGORY:=Libraries
267  TITLE:=IPv6 firewall - shared libiptc library
268endef
269
270define Package/libxtables
271 $(call Package/iptables/Default)
272 SECTION:=libs
273 CATEGORY:=Libraries
274 TITLE:=IPv4/IPv6 firewall - shared xtables library
275endef
276
277
278TARGET_CPPFLAGS := \
279    -I$(PKG_BUILD_DIR)/include \
280    -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
281    $(TARGET_CPPFLAGS)
282
283CONFIGURE_ARGS += \
284    --enable-shared \
285    --enable-devel \
286    --enable-ipv6 \
287    --with-kernel="$(LINUX_DIR)" \
288    --with-xtlibdir=/usr/lib/iptables
289
290IPTABLES_MAKEOPTS = \
291        $(TARGET_CONFIGURE_OPTS) \
292        COPT_FLAGS="$(TARGET_CFLAGS)" \
293        LDFLAGS="-rdynamic -static-libgcc" \
294        KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
295        KBUILD_OUTPUT="$(LINUX_DIR)" \
296        DESTDIR="$(PKG_INSTALL_DIR)" \
297        $(MAKE_TARGETS)
298
299define Build/Compile
300    $(INSTALL_DIR) $(PKG_INSTALL_DIR)
301    $(MAKE) -C $(PKG_BUILD_DIR) $(IPTABLES_MAKEOPTS)
302    $(MAKE) -C $(PKG_BUILD_DIR) $(IPTABLES_MAKEOPTS) install
303    $(MAKE) -C $(PKG_BUILD_DIR)/libipq $(IPTABLES_MAKEOPTS)
304    $(MAKE) -C $(PKG_BUILD_DIR)/libipq $(IPTABLES_MAKEOPTS) install
305endef
306
307define Build/InstallDev
308    $(INSTALL_DIR) $(1)/usr/include
309    $(INSTALL_DIR) $(1)/usr/include/iptables
310    $(INSTALL_DIR) $(1)/usr/include/net/netfilter
311
312    # XXX: iptables header fixup, some headers are not installed by iptables anymore
313    $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
314    $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
315    $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
316    $(CP) $(PKG_BUILD_DIR)/include/libipq/libipq.h $(1)/usr/include/
317    $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
318    $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
319
320    $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
321    $(INSTALL_DIR) $(1)/usr/lib
322    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
323    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
324    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.a $(1)/usr/lib/
325    $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
326    $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
327    $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
328endef
329
330define Package/iptables/install
331    $(INSTALL_DIR) $(1)/usr/sbin
332    $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
333    $(INSTALL_DIR) $(1)/usr/lib/iptables
334    (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
335        for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
336            if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
337                $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
338            fi; \
339        done \
340    )
341endef
342
343define Package/iptables-utils/install
344    $(INSTALL_DIR) $(1)/usr/sbin
345    $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(1)/usr/sbin/
346endef
347
348define Package/ip6tables/install
349    $(INSTALL_DIR) $(1)/usr/sbin
350    $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
351    $(INSTALL_DIR) $(1)/usr/lib/iptables
352    (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
353        $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
354    )
355endef
356
357define Package/ip6tables-utils/install
358    $(INSTALL_DIR) $(1)/usr/sbin
359    $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-{save,restore} $(1)/usr/sbin/
360endef
361
362define Package/libiptc/install
363    $(INSTALL_DIR) $(1)/usr/lib
364    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
365endef
366
367define Package/libip4tc/install
368    $(INSTALL_DIR) $(1)/usr/lib
369    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
370endef
371
372define Package/libip6tc/install
373    $(INSTALL_DIR) $(1)/usr/lib
374    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
375endef
376
377define Package/libxtables/install
378    $(INSTALL_DIR) $(1)/usr/lib
379    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
380endef
381
382define BuildPlugin
383  define Package/$(1)/install
384    $(INSTALL_DIR) $$(1)/usr/lib/iptables
385    for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
386        if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
387            $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
388        fi; \
389    done
390    $(3)
391  endef
392
393  $$(eval $$(call BuildPackage,$(1)))
394endef
395
396L7_INSTALL:=\
397    $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
398    $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
399
400
401$(eval $(call BuildPackage,iptables))
402$(eval $(call BuildPackage,iptables-utils))
403$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
404$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
405$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
406$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
407$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
408$(eval $(call BuildPlugin,iptables-mod-imq,$(IPT_IMQ-m)))
409$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
410$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
411$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
412$(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
413$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
414$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
415$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
416$(eval $(call BuildPackage,ip6tables))
417$(eval $(call BuildPackage,ip6tables-utils))
418$(eval $(call BuildPackage,libiptc))
419$(eval $(call BuildPackage,libip4tc))
420$(eval $(call BuildPackage,libip6tc))
421$(eval $(call BuildPackage,libxtables))
422

Archive Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl



interactive