diff options
-rw-r--r-- | package/iptables/Config.in | 85 | ||||
-rw-r--r-- | package/iptables/Makefile | 54 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-extra.control | 4 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-mod-conntrack.control | 5 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-mod-extra.control | 5 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-mod-filter.control | 5 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-mod-ipopt.control | 5 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-mod-ipsec.control | 5 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-mod-nat.control | 5 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-mod-ulog.control | 5 | ||||
-rw-r--r-- | package/iptables/ipkg/iptables-utils.control | 2 | ||||
-rw-r--r-- | package/iptables/kernelconfig.mk | 43 |
12 files changed, 154 insertions, 69 deletions
diff --git a/package/iptables/Config.in b/package/iptables/Config.in index 9529cd5cc..d89fcbaf3 100644 --- a/package/iptables/Config.in +++ b/package/iptables/Config.in @@ -15,23 +15,92 @@ config BR2_PACKAGE_IPTABLES http://www.iptables.org/ -config BR2_PACKAGE_IPTABLES_UTILS - prompt "iptables-utils.................. Save and restore utilities" +config BR2_PACKAGE_IPTABLES_EXTRA + prompt "iptables-extra.................. Extra Iptables extensions for IPv4 firewalling (meta-package)" tristate default m if CONFIG_DEVEL depends BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_KMOD_IPTABLES_EXTRA + select BR2_PACKAGE_IPTABLES_MOD_CONNTRACK + select BR2_PACKAGE_IPTABLES_MOD_EXTRA + select BR2_PACKAGE_IPTABLES_MOD_FILTER + select BR2_PACKAGE_IPTABLES_MOD_IPOPT + select BR2_PACKAGE_IPTABLES_MOD_IPSEC + select BR2_PACKAGE_IPTABLES_MOD_NAT + select BR2_PACKAGE_IPTABLES_MOD_ULOG help - iptables-save and iptables-restore - - http://www.iptables.org/ + Extra Iptables extensions for IPv4 firewalling (meta-package) -config BR2_PACKAGE_IPTABLES_EXTRA - prompt "iptables-extra.................. Extra modules not found elsewhere" +config BR2_PACKAGE_IPTABLES_MOD_CONNTRACK + prompt "iptables-mod-conntrack.......... Iptables extensions for connection tracking" + tristate + default m if CONFIG_DEVEL + depends BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_KMOD_IPT_CONNTRACK + help + Iptables (IPv4) extensions for connection tracking + +config BR2_PACKAGE_IPTABLES_MOD_FILTER + prompt "iptables-mod-filter............. Iptables extension for packet content inspection" + tristate + default m if CONFIG_DEVEL + depends BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_KMOD_IPT_FILTER + help + Iptables (IPv4) extension for packet content inspection + +config BR2_PACKAGE_IPTABLES_MOD_IPOPT + prompt "iptables-mod-ipopt.............. Iptables extensions for matching/changing IP packet options" + tristate + default m if CONFIG_DEVEL + depends BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_KMOD_IPT_IPOPT + help + Extra Iptables (IPv4) extensions for matching/changing IP packet options + +config BR2_PACKAGE_IPTABLES_MOD_IPSEC + prompt "iptables-mod-ipsec.............. Iptables extensions for matching special IPsec packets" + tristate + default m if CONFIG_DEVEL + depends BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_KMOD_IPT_IPSEC + help + Iptables (IPv4) extensions for matching special IPsec packets + +config BR2_PACKAGE_IPTABLES_MOD_NAT + prompt "iptables-mod-nat................ Iptables extensions for different NAT targets" + tristate + default m if CONFIG_DEVEL + depends BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_KMOD_IPT_NAT + help + Iptables (IPv4) extensions for different NAT targets + +config BR2_PACKAGE_IPTABLES_MOD_ULOG + prompt "iptables-mod-ulog............... Iptables extensions for user-space packet logging" + tristate + default m if CONFIG_DEVEL + depends BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_KMOD_IPT_ULOG + help + Iptables (IPv4) extensions for user-space packet logging + +config BR2_PACKAGE_IPTABLES_MOD_EXTRA + prompt "iptables-mod-extra.............. Other extra Iptables extensions" + tristate + default m if CONFIG_DEVEL + depends BR2_PACKAGE_IPTABLES + select BR2_PACKAGE_KMOD_IPT_EXTRA + help + Other extra Iptables (IPv4) extensions + +config BR2_PACKAGE_IPTABLES_UTILS + prompt "iptables-utils.................. Save and restore utilities" tristate default m if CONFIG_DEVEL depends BR2_PACKAGE_IPTABLES help - Extra modules for iptables (kernel and user space) + iptables-save and iptables-restore for Iptables (IPv4) http://www.iptables.org/ diff --git a/package/iptables/Makefile b/package/iptables/Makefile index e40fa8e7d..a14d71a6f 100644 --- a/package/iptables/Makefile +++ b/package/iptables/Makefile @@ -1,11 +1,10 @@ # $Id$ include $(TOPDIR)/rules.mk -include kernelconfig.mk PKG_NAME:=iptables PKG_VERSION:=1.3.3 -PKG_RELEASE:=1 +PKG_RELEASE:=2.1 PKG_MD5SUM:=86d88455520cfdc56fd7ae27897a80a4 PKG_SOURCE_URL:=http://www.netfilter.org/files \ @@ -18,18 +17,50 @@ PKG_CAT:=bzcat PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install +define IPKG_plugin_template + +$$(IPKG_$(1)): + install -m0755 -d $$(IDIR_$(1))/usr/lib/iptables + for m in $(2); do \ + cp -fpR $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $$(IDIR_$(1))/usr/lib/iptables/ ; \ + done + $(RSTRIP) $$(IDIR_$(1)) + $(IPKG_BUILD) $$(IDIR_$(1)) $(PACKAGE_DIR) + +endef + include $(TOPDIR)/package/rules.mk +include $(LINUX_DIR)/.config +include $(TOPDIR)/target/linux/netfilter.mk $(eval $(call PKG_template,IPTABLES,iptables,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) $(eval $(call PKG_template,IPTABLES_EXTRA,iptables-extra,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) $(eval $(call PKG_template,IPTABLES_UTILS,iptables-utils,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) $(eval $(call PKG_template,IP6TABLES,ip6tables,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,IPTABLES_MOD_CONNTRACK,iptables-mod-conntrack,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,IPTABLES_MOD_EXTRA,iptables-mod-extra,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,IPTABLES_MOD_FILTER,iptables-mod-filter,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,IPTABLES_MOD_IMQ,iptables-mod-img,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,IPTABLES_MOD_IPOPT,iptables-mod-ipopt,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,IPTABLES_MOD_IPSEC,iptables-mod-ipsec,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,IPTABLES_MOD_NAT,iptables-mod-nat,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,IPTABLES_MOD_ULOG,iptables-mod-ulog,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) + +$(eval $(call IPKG_plugin_template,IPTABLES_MOD_CONNTRACK,$(IPKG_IPTABLES_MOD_CONNTRACK-m))) +$(eval $(call IPKG_plugin_template,IPTABLES_MOD_EXTRA,$(IPKG_IPTABLES_MOD_EXTRA-m))) +$(eval $(call IPKG_plugin_template,IPTABLES_MOD_FILTER,$(IPKG_IPTABLES_MOD_FILTER-m))) +$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IMQ,$(IPKG_IPTABLES_MOD_IMQ-m))) +$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPOPT,$(IPKG_IPTABLES_MOD_IPOPT-m))) +$(eval $(call IPKG_plugin_template,IPTABLES_MOD_IPSEC,$(IPKG_IPTABLES_MOD_IPSEC-m))) +$(eval $(call IPKG_plugin_template,IPTABLES_MOD_NAT,$(IPKG_IPTABLES_MOD_NAT-m))) +$(eval $(call IPKG_plugin_template,IPTABLES_MOD_ULOG,$(IPKG_IPTABLES_MOD_ULOG-m))) + $(PKG_BUILD_DIR)/.configured: touch $@ $(PKG_BUILD_DIR)/.built: - chmod a+x $(PKG_BUILD_DIR)/extensions/.*-test + chmod a+x $(PKG_BUILD_DIR)/extensions/.*-test* mkdir -p $(PKG_INSTALL_DIR) $(MAKE) -C $(PKG_BUILD_DIR) \ $(TARGET_CONFIGURE_OPTS) \ @@ -44,22 +75,14 @@ $(IPKG_IPTABLES): cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables $(IDIR_IPTABLES)/usr/sbin/ install -d -m0755 $(IDIR_IPTABLES)/usr/lib/iptables (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \ - cp -fpR $(patsubst %,libipt_%.so,$(ext-y)) $(IDIR_IPTABLES)/usr/lib/iptables \ + cp -fpR $(patsubst %,lib%.so,$(IPKG_IPTABLES-y)) $(IDIR_IPTABLES)/usr/lib/iptables/ \ ) $(RSTRIP) $(IDIR_IPTABLES) $(IPKG_BUILD) $(IDIR_IPTABLES) $(PACKAGE_DIR) -$(IPKG_IPTABLES_EXTRA): - install -d -m0755 $(IDIR_IPTABLES_EXTRA)/usr/lib/iptables - (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \ - cp -fpR $(patsubst %,libipt_%.so,$(ext-m)) $(IDIR_IPTABLES_EXTRA)/usr/lib/iptables \ - ) - $(RSTRIP) $(IDIR_IPTABLES_EXTRA) - $(IPKG_BUILD) $(IDIR_IPTABLES_EXTRA) $(PACKAGE_DIR) - $(IPKG_IPTABLES_UTILS): install -d -m0755 $(IDIR_IPTABLES_UTILS)/usr/sbin - cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(IDIR_IPTABLES_UTILS)/usr/sbin + cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/iptables-{save,restore} $(IDIR_IPTABLES_UTILS)/usr/sbin/ $(RSTRIP) $(IDIR_IPTABLES_UTILS) $(IPKG_BUILD) $(IDIR_IPTABLES_UTILS) $(PACKAGE_DIR) @@ -68,14 +91,15 @@ $(IPKG_IP6TABLES): cp -fpR $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(IDIR_IP6TABLES)/usr/sbin/ install -d -m0755 $(IDIR_IP6TABLES)/usr/lib/iptables (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \ - cp -fpR libip6t_*.so $(IDIR_IP6TABLES)/usr/lib/iptables \ + cp -fpR libip6t_*.so $(IDIR_IP6TABLES)/usr/lib/iptables/ \ ) $(RSTRIP) $(IDIR_IP6TABLES) $(IPKG_BUILD) $(IDIR_IP6TABLES) $(PACKAGE_DIR) $(STAGING_DIR)/usr/lib/libipq.a: $(PKG_BUILD_DIR)/.built - mkdir -p $(STAGING_DIR)/usr/include/ $(STAGING_DIR)/usr/lib/ + mkdir -p $(STAGING_DIR)/usr/include cp -fpR $(PKG_INSTALL_DIR)/usr/include/libipq.h $(STAGING_DIR)/usr/include/ + mkdir -p $(STAGING_DIR)/usr/lib cp -fpR $(PKG_INSTALL_DIR)/usr/lib/libipq.a $(STAGING_DIR)/usr/lib/ install-dev: $(STAGING_DIR)/usr/lib/libipq.a diff --git a/package/iptables/ipkg/iptables-extra.control b/package/iptables/ipkg/iptables-extra.control index 02feaf014..de04e4a51 100644 --- a/package/iptables/ipkg/iptables-extra.control +++ b/package/iptables/ipkg/iptables-extra.control @@ -1,5 +1,5 @@ Package: iptables-extra Priority: optional Section: net -Description: Extra plugins for iptables -Depends: kmod-iptables-extra +Depends: kmod-iptables-extra, iptables-mod-conntrack, iptables-mod-extra, iptables-mod-filter, iptables-mod-ipopt, iptables-mod-ipsec, iptables-mod-nat, iptables-mod-ulog +Description: Other extra Iptables extensions (meta-package) diff --git a/package/iptables/ipkg/iptables-mod-conntrack.control b/package/iptables/ipkg/iptables-mod-conntrack.control new file mode 100644 index 000000000..35f2afaac --- /dev/null +++ b/package/iptables/ipkg/iptables-mod-conntrack.control @@ -0,0 +1,5 @@ +Package: iptables-mod-conntrack +Priority: optional +Section: net +Depends: kmod-ipt-conntrack +Description: Iptables (IPv4) extensions for connection tracking diff --git a/package/iptables/ipkg/iptables-mod-extra.control b/package/iptables/ipkg/iptables-mod-extra.control new file mode 100644 index 000000000..7111eab88 --- /dev/null +++ b/package/iptables/ipkg/iptables-mod-extra.control @@ -0,0 +1,5 @@ +Package: iptables-mod-extra +Priority: optional +Section: net +Depends: kmod-ipt-extra +Description: Other extra Iptables (IPv4) extensions diff --git a/package/iptables/ipkg/iptables-mod-filter.control b/package/iptables/ipkg/iptables-mod-filter.control new file mode 100644 index 000000000..30add3172 --- /dev/null +++ b/package/iptables/ipkg/iptables-mod-filter.control @@ -0,0 +1,5 @@ +Package: iptables-mod-filter +Priority: optional +Section: net +Depends: kmod-ipt-filter +Description: Iptables (IPv4) extension for packet content inspection diff --git a/package/iptables/ipkg/iptables-mod-ipopt.control b/package/iptables/ipkg/iptables-mod-ipopt.control new file mode 100644 index 000000000..4a8c72f40 --- /dev/null +++ b/package/iptables/ipkg/iptables-mod-ipopt.control @@ -0,0 +1,5 @@ +Package: iptables-mod-ipopt +Priority: optional +Section: net +Depends: kmod-ipt-ipopt +Description: Iptables (IPv4) extensions for matching/changing IP packet options diff --git a/package/iptables/ipkg/iptables-mod-ipsec.control b/package/iptables/ipkg/iptables-mod-ipsec.control new file mode 100644 index 000000000..caf8f182c --- /dev/null +++ b/package/iptables/ipkg/iptables-mod-ipsec.control @@ -0,0 +1,5 @@ +Package: iptables-mod-ipsec +Priority: optional +Section: net +Depends: kmod-ipt-ipsec +Description: Iptables (IPv4) extensions for matching special IPsec packets diff --git a/package/iptables/ipkg/iptables-mod-nat.control b/package/iptables/ipkg/iptables-mod-nat.control new file mode 100644 index 000000000..f9d961333 --- /dev/null +++ b/package/iptables/ipkg/iptables-mod-nat.control @@ -0,0 +1,5 @@ +Package: iptables-mod-nat +Priority: optional +Section: net +Depends: kmod-ipt-nat +Description: Iptables (IPv4) extensions for different NAT targets diff --git a/package/iptables/ipkg/iptables-mod-ulog.control b/package/iptables/ipkg/iptables-mod-ulog.control new file mode 100644 index 000000000..b0aaa3d11 --- /dev/null +++ b/package/iptables/ipkg/iptables-mod-ulog.control @@ -0,0 +1,5 @@ +Package: iptables-mod-ulog +Priority: optional +Section: net +Depends: kmod-ipt-ulog +Description: Iptables (IPv4) extension for user-space packet logging diff --git a/package/iptables/ipkg/iptables-utils.control b/package/iptables/ipkg/iptables-utils.control index a56992488..6bbb2ed35 100644 --- a/package/iptables/ipkg/iptables-utils.control +++ b/package/iptables/ipkg/iptables-utils.control @@ -1,4 +1,4 @@ Package: iptables-utils Priority: optional Section: net -Description: iptables-save and iptables-restore +Description: iptables-save and iptables-restore for Iptables (IPv4) diff --git a/package/iptables/kernelconfig.mk b/package/iptables/kernelconfig.mk deleted file mode 100644 index 90d8bb521..000000000 --- a/package/iptables/kernelconfig.mk +++ /dev/null @@ -1,43 +0,0 @@ -include $(LINUX_DIR)/.config - -# translate linux kernel config to filenames -ext-$(CONFIG_IP_NF_NAT) += SNAT DNAT -ext-$(CONFIG_IP_NF_MATCH_LIMIT) += limit -ext-$(CONFIG_IP_NF_MATCH_MAC) += mac -ext-$(CONFIG_IP_NF_MATCH_PKTTYPE) += pkttype -ext-$(CONFIG_IP_NF_MATCH_MARK) += mark -ext-$(CONFIG_IP_NF_MATCH_MULTIPORT) += multiport -ext-$(CONFIG_IP_NF_MATCH_TOS) += tos -ext-$(CONFIG_IP_NF_MATCH_RECENT) += recent -ext-$(CONFIG_IP_NF_MATCH_ECN) += ecn -ext-$(CONFIG_IP_NF_MATCH_IPP2P) += ipp2p -ext-$(CONFIG_IP_NF_MATCH_SET) += set -ext-$(CONFIG_IP_NF_MATCH_DSCP) += dscp -ext-$(CONFIG_IP_NF_MATCH_AH_ESP) += ah esp -ext-$(CONFIG_IP_NF_MATCH_LENGTH) += length -ext-$(CONFIG_IP_NF_MATCH_TTL) += ttl -ext-$(CONFIG_IP_NF_MATCH_TCPMSS) += tcpmss -ext-$(CONFIG_IP_NF_MATCH_HELPER) += helper -ext-$(CONFIG_IP_NF_MATCH_CONNMARK) += connmark -#ext-$(CONFIG_IP_NF_MATCH_STATE) += state -#ext-$(CONFIG_IP_NF_MATCH_CONNTRACK) += conntrack -ext-$(CONFIG_IP_NF_MATCH_UNCLEAN) += unclean -ext-$(CONFIG_IP_NF_MATCH_OWNER) += owner -ext-$(CONFIG_IP_NF_MATCH_PHYSDEV) += physdev -ext-$(CONFIG_IP_NF_MATCH_LAYER7) += layer7 -#ext-$(CONFIG_IP_NF_TARGET_MASQUERADE) += MASQUERADE -ext-$(CONFIG_IP_NF_TARGET_REDIRECT) += REDIRECT -ext-$(CONFIG_IP_NF_TARGET_REJECT) += REJECT -ext-$(CONFIG_IP_NF_TARGET_TOS) += TOS -ext-$(CONFIG_IP_NF_TARGET_ECN) += ECN -ext-$(CONFIG_IP_NF_TARGET_DSCP) += DSCP -ext-$(CONFIG_IP_NF_TARGET_MARK) += MARK -#ext-$(CONFIG_IP_NF_TARGET_LOG) += LOG -ext-$(CONFIG_IP_NF_TARGET_ULOG) += ULOG -#ext-$(CONFIG_IP_NF_TARGET_TCPMSS) += TCPMSS -ext-$(CONFIG_IP_NF_TARGET_NETMAP) += NETMAP -ext-$(CONFIG_IP_NF_TARGET_CONNMARK) += CONNMARK - -# add extensions that don't depend on kernel config -ext-m += TTL -ext-y += icmp standard tcp udp state MASQUERADE conntrack TCPMSS LOG |