iptables: add ip[6|]tables-compat packages + libxtables-compat depends on IPTABLES_NFTABLES

allows iptables-compat to use nft packet filtering
allows to translate iptables-style to nft-style

Signed-off-by: Martin Strobel <arctus@crza.de>
This commit is contained in:
Martin Strobel 2018-07-07 09:24:30 +02:00 committed by John Crispin
parent 7bbd1855cd
commit 7d7323bccd

View File

@ -106,6 +106,21 @@ IP firewall administration tool.
endef
define Package/iptables-compat
$(call Package/iptables/Default)
TITLE:=IP firewall administration tool compat
DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-compat
endef
define Package/iptables-compat/description
Extra iptables nftables compat binaries.
iptables-compat
iptables-compat-restore
iptables-compat-save
iptables-translate
iptables-restore-translate
endef
define Package/iptables-mod-conntrack-extra
$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
TITLE:=Extra connection tracking extensions
@ -438,6 +453,20 @@ $(call Package/iptables/Default)
MENU:=1
endef
define Package/ip6tables-compat
$(call Package/iptables/Default)
DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-compat
TITLE:=IP firewall administration tool compat
endef
define Package/ip6tables-compat/description
Extra ip6tables nftables compat binaries.
iptables-compat
iptables-compat-restore
iptables-compat-save
iptables-translate
iptables-restore-translate
endef
define Package/ip6tables-extra
$(call Package/iptables/Default)
@ -497,6 +526,15 @@ define Package/libxtables
+IPTABLES_NFTABLES:libnftnl
endef
define Package/libxtables-compat
$(call Package/iptables/Default)
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables compat library
ABI_VERSION:=$(PKG_VERSION)
DEPENDS:=libxtables
endef
TARGET_CPPFLAGS := \
-I$(PKG_BUILD_DIR)/include \
-I$(LINUX_DIR)/user_headers/include \
@ -574,11 +612,24 @@ define Package/iptables/install
$(INSTALL_DIR) $(1)/usr/lib/iptables
endef
define Package/iptables-compat/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-compat-multi $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-compat{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/ip6tables/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
endef
define Package/ip6tables-compat/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-compat{,-restore,-save} $(1)/usr/sbin/
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
endef
define Package/libiptc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
@ -602,6 +653,11 @@ define Package/libxtables/install
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
endef
define Package/libxtables-compat/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
endef
define BuildPlugin
define Package/$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/iptables
@ -617,6 +673,7 @@ define BuildPlugin
endef
$(eval $(call BuildPackage,iptables))
$(eval $(call BuildPackage,iptables-compat))
$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
@ -640,9 +697,11 @@ $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
$(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
$(eval $(call BuildPackage,ip6tables))
$(eval $(call BuildPackage,ip6tables-compat))
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
$(eval $(call BuildPackage,libiptc))
$(eval $(call BuildPackage,libip4tc))
$(eval $(call BuildPackage,libip6tc))
$(eval $(call BuildPackage,libxtables))
$(eval $(call BuildPackage,libxtables-compat))