PKG_NAME:=iptables
PKG_VERSION:=1.4.18
-PKG_RELEASE:=1
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
- tcp
- udp
- comment
+ - conntrack
- limit
- mac
+ - mark
- multiport
+ - set
+ - state
+ - time
Targets:
- ACCEPT
+ - CT
+ - DNAT
- DROP
- REJECT
- LOG
+ - MARK
+ - MASQUERADE
+ - REDIRECT
+ - SET
+ - SNAT
- TCPMSS
Tables:
- filter
- mangle
+ - nat
+ - raw
endef
- dscp
- ecn
- length
- - mark
- statistic
- tcpmss
- - time
- unclean
- hl
- DSCP
- CLASSIFY
- ECN
- - MARK
- HL
endef
endef
-define Package/iptables-mod-ipset
-$(call Package/iptables/Module,)
- TITLE:=IPset iptables extensions
-endef
-
-define Package/iptables-mod-ipset/description
-IPset iptables extensions.
-
- Matches:
- - set
-
- Targets:
- - SET
-
-endef
-
define Package/iptables-mod-nat-extra
$(call Package/iptables/Module, +kmod-ipt-nat-extra)
TITLE:=Extra NAT extensions
Targets:
- MIRROR
- NETMAP
- - REDIRECT
endef
define Package/iptables-mod-ulog
define Package/ip6tables
$(call Package/iptables/Default)
DEPENDS:=@IPV6 +kmod-ip6tables +iptables
- CATEGORY:=IPv6
+ CATEGORY:=Network
TITLE:=IPv6 firewall administration tool
MENU:=1
endef
TARGET_CFLAGS += \
-I$(PKG_BUILD_DIR)/include \
- -I$(LINUX_DIR)/user_headers/include
+ -I$(LINUX_DIR)/user_headers/include \
+ -ffunction-sections -fdata-sections
+
+TARGET_LDFLAGS += \
+ -Wl,--gc-sections
CONFIGURE_ARGS += \
--enable-shared \
--enable-devel \
- $(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \
--with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \
--enable-static
COPT_FLAGS="$(TARGET_CFLAGS)" \
KERNEL_DIR="$(LINUX_DIR)/user_headers/" PREFIX=/usr \
KBUILD_OUTPUT="$(LINUX_DIR)" \
- BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))"
+ BUILTIN_MODULES="$(patsubst ip6t_%,%,$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m))))"
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libip*tc.pc $(1)/usr/lib/pkgconfig/
endef
define Package/iptables/install
define BuildPlugin
define Package/$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/iptables
- for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
+ for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)) $(patsubst xt_%,ip6t_%,$(2)) $(patsubst ip6t_%,xt_%,$(2)); do \
if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
$(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
fi; \
$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
-$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))