Jo-Philipp Wich 6064710b90 firewall: drop invalid by default, remove chain indirection, fix invert flags (#21738)
* Enable drop_invalid by default to catch unnatted packets (#21738)
* Fix processing of inversions for -i, -o, -s, -d and -p flags
* Remove delegate_* chain indirection but rely on xt_id to identify own rules

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48551
2016-01-29 17:26:41 +00:00

61 lines
1.8 KiB
Makefile

#
# Copyright (C) 2013-2016 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2016-01-29
PKG_RELEASE:=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(OPENWRT_GIT)/project/firewall3.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=8957be6c026858fe414aef69281d8aa06f7ea122
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
PKG_LICENSE:=ISC
PKG_CONFIG_DEPENDS := CONFIG_IPV6
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/firewall
SECTION:=net
CATEGORY:=Base system
TITLE:=OpenWrt C Firewall
DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +kmod-ipt-nat
endef
define Package/firewall/description
This package provides a config-compatible C implementation of the UCI firewall.
endef
define Package/firewall/conffiles
/etc/config/firewall
/etc/firewall.user
endef
TARGET_CFLAGS += -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
CMAKE_OPTIONS += $(if $(CONFIG_IPV6),,-DDISABLE_IPV6=1)
define Package/firewall/install
$(INSTALL_DIR) $(1)/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/firewall3 $(1)/sbin/fw3
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/firewall.init $(1)/etc/init.d/firewall
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_DATA) ./files/firewall.hotplug $(1)/etc/hotplug.d/iface/20-firewall
$(INSTALL_DIR) $(1)/etc/config/
$(INSTALL_DATA) ./files/firewall.config $(1)/etc/config/firewall
$(INSTALL_DIR) $(1)/etc/
$(INSTALL_DATA) ./files/firewall.user $(1)/etc/firewall.user
endef
$(eval $(call BuildPackage,firewall))