Root/package/network/utils/iptables/Makefile

1#
2# Copyright (C) 2006-2012 OpenWrt.org
3#
4# This is free software, licensed under the GNU General Public License v2.
5# See /LICENSE for more information.
6#
7
8include $(TOPDIR)/rules.mk
9include $(INCLUDE_DIR)/kernel.mk
10
11PKG_NAME:=iptables
12PKG_VERSION:=1.4.10
13PKG_RELEASE:=4
14
15PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
16PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
17PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
18    ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
19    ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
20    ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
21
22PKG_FIXUP:=autoreconf
23PKG_INSTALL:=1
24PKG_BUILD_PARALLEL:=1
25
26ifneq ($(CONFIG_EXTERNAL_KERNEL_TREE),"")
27PATCH_DIR:=
28endif
29
30include $(INCLUDE_DIR)/package.mk
31ifeq ($(DUMP),)
32  -include $(LINUX_DIR)/.config
33  include $(INCLUDE_DIR)/netfilter.mk
34  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
35endif
36
37
38define Package/iptables/Default
39  SECTION:=net
40  CATEGORY:=Network
41  SUBMENU:=Firewall
42  URL:=http://netfilter.org/
43endef
44
45define Package/iptables/Module
46$(call Package/iptables/Default)
47  DEPENDS:=iptables $(1)
48endef
49
50define Package/iptables
51$(call Package/iptables/Default)
52  TITLE:=IPv4 firewall administration tool
53  MENU:=1
54  DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
55endef
56
57define Package/iptables/description
58IPv4 firewall administration tool.
59
60 Matches:
61  - icmp
62  - tcp
63  - udp
64  - comment
65  - limit
66  - mac
67  - multiport
68
69 Targets:
70  - ACCEPT
71  - DROP
72  - REJECT
73  - LOG
74  - TCPMSS
75
76 Tables:
77  - filter
78  - mangle
79
80endef
81
82define Package/iptables-mod-conntrack-extra
83$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
84  TITLE:=Extra connection tracking extensions
85endef
86
87define Package/iptables-mod-conntrack-extra/description
88Extra iptables extensions for connection tracking.
89
90 Matches:
91  - connbytes
92  - connmark
93  - recent
94  - helper
95
96 Targets:
97  - CONNMARK
98
99endef
100
101define Package/iptables-mod-filter
102$(call Package/iptables/Module, +kmod-ipt-filter)
103  TITLE:=Content inspection extensions
104endef
105
106define Package/iptables-mod-filter/description
107iptables extensions for packet content inspection.
108Includes support for:
109
110 Matches:
111  - layer7
112  - string
113
114endef
115
116define Package/iptables-mod-ipopt
117$(call Package/iptables/Module, +kmod-ipt-ipopt)
118  TITLE:=IP/Packet option extensions
119endef
120
121define Package/iptables-mod-ipopt/description
122iptables extensions for matching/changing IP packet options.
123
124 Matches:
125  - dscp
126  - ecn
127  - length
128  - mark
129  - statistic
130  - tcpmss
131  - time
132  - unclean
133  - hl
134
135 Targets:
136  - DSCP
137  - CLASSIFY
138  - ECN
139  - MARK
140  - HL
141
142endef
143
144define Package/iptables-mod-ipsec
145$(call Package/iptables/Module, +kmod-ipt-ipsec)
146  TITLE:=IPsec extensions
147endef
148
149define Package/iptables-mod-ipsec/description
150iptables extensions for matching ipsec traffic.
151
152 Matches:
153  - ah
154  - esp
155  - policy
156
157endef
158
159define Package/iptables-mod-ipset
160$(call Package/iptables/Module,)
161  TITLE:=IPset iptables extensions
162endef
163
164define Package/iptables-mod-ipset/description
165IPset iptables extensions.
166
167 Matches:
168  - set
169
170 Targets:
171  - SET
172
173endef
174
175define Package/iptables-mod-nat-extra
176$(call Package/iptables/Module, +kmod-ipt-nat-extra)
177  TITLE:=Extra NAT extensions
178endef
179
180define Package/iptables-mod-nat-extra/description
181iptables extensions for extra NAT targets.
182
183 Targets:
184  - MIRROR
185  - NETMAP
186  - REDIRECT
187endef
188
189define Package/iptables-mod-ulog
190$(call Package/iptables/Module, +kmod-ipt-ulog)
191  TITLE:=user-space packet logging
192endef
193
194define Package/iptables-mod-ulog/description
195iptables extensions for user-space packet logging.
196
197 Targets:
198  - ULOG
199
200endef
201
202define Package/iptables-mod-hashlimit
203$(call Package/iptables/Module, +kmod-ipt-hashlimit)
204  TITLE:=hashlimit matching
205endef
206
207define Package/iptables-mod-hashlimit/description
208iptables extensions for hashlimit matching
209
210 Matches:
211  - hashlimit
212
213endef
214
215define Package/iptables-mod-iprange
216$(call Package/iptables/Module, +kmod-ipt-iprange)
217  TITLE:=IP range extension
218endef
219
220define Package/iptables-mod-iprange/description
221iptables extensions for matching ip ranges.
222
223 Matches:
224  - iprange
225
226endef
227
228define Package/iptables-mod-extra
229$(call Package/iptables/Module, +kmod-ipt-extra)
230  TITLE:=Other extra iptables extensions
231endef
232
233define Package/iptables-mod-extra/description
234Other extra iptables extensions.
235
236 Matches:
237  - condition
238  - owner
239  - physdev (if ebtables is enabled)
240  - pkttype
241  - quota
242
243endef
244
245define Package/iptables-mod-led
246$(call Package/iptables/Module, +kmod-ipt-led)
247  TITLE:=LED trigger iptables extension
248endef
249
250define Package/iptables-mod-led/description
251iptables extension for triggering a LED.
252
253 Targets:
254  - LED
255
256endef
257
258define Package/iptables-mod-tproxy
259$(call Package/iptables/Module, +kmod-ipt-tproxy)
260  TITLE:=Transparent proxy iptables extensions
261endef
262
263define Package/iptables-mod-tproxy/description
264Transparent proxy iptables extensions.
265
266 Matches:
267  - socket
268
269 Targets:
270  - TPROXY
271
272endef
273
274define Package/iptables-mod-tee
275$(call Package/iptables/Module, +kmod-ipt-tee)
276  TITLE:=TEE iptables extensions
277endef
278
279define Package/iptables-mod-tee/description
280TEE iptables extensions.
281
282 Targets:
283  - TEE
284
285endef
286
287define Package/iptables-mod-u32
288$(call Package/iptables/Module, +kmod-ipt-u32)
289  TITLE:=U32 iptables extensions
290endef
291
292define Package/iptables-mod-u32/description
293U32 iptables extensions.
294
295 Matches:
296  - u32
297
298endef
299
300define Package/ip6tables
301$(call Package/iptables/Default)
302  DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
303  CATEGORY:=IPv6
304  TITLE:=IPv6 firewall administration tool
305  MENU:=1
306endef
307
308define Package/libiptc
309$(call Package/iptables/Default)
310  SECTION:=libs
311  CATEGORY:=Libraries
312  DEPENDS:=+libip4tc +libip6tc
313  TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
314endef
315
316define Package/libip4tc
317$(call Package/iptables/Default)
318  SECTION:=libs
319  CATEGORY:=Libraries
320  TITLE:=IPv4 firewall - shared libiptc library
321endef
322
323define Package/libip6tc
324$(call Package/iptables/Default)
325  SECTION:=libs
326  CATEGORY:=Libraries
327  TITLE:=IPv6 firewall - shared libiptc library
328endef
329
330define Package/libxtables
331 $(call Package/iptables/Default)
332 SECTION:=libs
333 CATEGORY:=Libraries
334 TITLE:=IPv4/IPv6 firewall - shared xtables library
335endef
336
337define Package/libipq
338  $(call Package/iptables/Default)
339  SECTION:=libs
340  CATEGORY:=Libraries
341  TITLE:=IPv4/IPv6 firewall - shared libipq library
342endef
343
344TARGET_CPPFLAGS := \
345    -I$(PKG_BUILD_DIR)/include \
346    -I$(LINUX_DIR)/user_headers/include \
347    $(TARGET_CPPFLAGS)
348
349TARGET_CFLAGS += \
350    -I$(PKG_BUILD_DIR)/include \
351    -I$(LINUX_DIR)/user_headers/include
352
353CONFIGURE_ARGS += \
354    --enable-shared \
355    --enable-devel \
356    $(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
357    --enable-libipq \
358    --with-kernel="$(LINUX_DIR)/user_headers" \
359    --with-xtlibdir=/usr/lib/iptables \
360    --enable-static
361
362MAKE_FLAGS := \
363    $(TARGET_CONFIGURE_OPTS) \
364    COPT_FLAGS="$(TARGET_CFLAGS)" \
365    KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
366    KBUILD_OUTPUT="$(LINUX_DIR)" \
367    BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
368
369define Build/InstallDev
370    $(INSTALL_DIR) $(1)/usr/include
371    $(INSTALL_DIR) $(1)/usr/include/iptables
372    $(INSTALL_DIR) $(1)/usr/include/net/netfilter
373
374    # XXX: iptables header fixup, some headers are not installed by iptables anymore
375    $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
376    $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
377    $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
378    $(CP) $(PKG_BUILD_DIR)/include/libipq/libipq.h $(1)/usr/include/
379    $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
380    $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
381
382    $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
383    $(INSTALL_DIR) $(1)/usr/lib
384    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
385    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
386    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.so* $(1)/usr/lib/
387    $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
388    $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
389    $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
390endef
391
392define Package/iptables/install
393    $(INSTALL_DIR) $(1)/usr/sbin
394    $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
395    $(LN) iptables $(1)/usr/sbin/iptables-save
396    $(LN) iptables $(1)/usr/sbin/iptables-restore
397    $(INSTALL_DIR) $(1)/usr/lib/iptables
398endef
399
400define Package/ip6tables/install
401    $(INSTALL_DIR) $(1)/usr/sbin
402    $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
403    $(LN) ip6tables $(1)/usr/sbin/ip6tables-save
404    $(LN) ip6tables $(1)/usr/sbin/ip6tables-restore
405    $(INSTALL_DIR) $(1)/usr/lib/iptables
406    (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
407        $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
408    )
409endef
410
411define Package/libiptc/install
412    $(INSTALL_DIR) $(1)/usr/lib
413    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
414endef
415
416define Package/libip4tc/install
417    $(INSTALL_DIR) $(1)/usr/lib
418    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
419endef
420
421define Package/libip6tc/install
422    $(INSTALL_DIR) $(1)/usr/lib
423    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
424endef
425
426define Package/libxtables/install
427    $(INSTALL_DIR) $(1)/usr/lib
428    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
429endef
430
431define Package/libipq/install
432    $(INSTALL_DIR) $(1)/usr/lib
433    $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.so* $(1)/usr/lib/
434endef
435
436define BuildPlugin
437  define Package/$(1)/install
438    $(INSTALL_DIR) $$(1)/usr/lib/iptables
439    for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
440        if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
441            $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
442        fi; \
443    done
444    $(3)
445  endef
446
447  $$(eval $$(call BuildPackage,$(1)))
448endef
449
450L7_INSTALL:=\
451    $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
452    $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
453
454
455$(eval $(call BuildPackage,iptables))
456$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
457$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
458$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
459$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
460$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
461$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
462$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
463$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
464$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
465$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
466$(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
467$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
468$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
469$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
470$(eval $(call BuildPackage,ip6tables))
471$(eval $(call BuildPackage,libiptc))
472$(eval $(call BuildPackage,libip4tc))
473$(eval $(call BuildPackage,libip6tc))
474$(eval $(call BuildPackage,libxtables))
475$(eval $(call BuildPackage,libipq))
476

Archive Download this file

Branches:
backfire
history
master
release_2010-11-17
release_2010-12-14
release_2011-02-23
release_2011-05-28
release_2011-08-27
release_2011-11-13
release_2012-03-18
release_2012-04-09
release_2012-10-11
uclibc_nptl



interactive