6064710b90
* Enable drop_invalid by default to catch unnatted packets (#21738) * Fix processing of inversions for -i, -o, -s, -d and -p flags * Remove delegate_* chain indirection but rely on xt_id to identify own rules Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48551
61 lines
1.8 KiB
Makefile
61 lines
1.8 KiB
Makefile
#
|
|
# Copyright (C) 2013-2016 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=firewall
|
|
PKG_VERSION:=2016-01-29
|
|
PKG_RELEASE:=$(PKG_SOURCE_VERSION)
|
|
|
|
PKG_SOURCE_PROTO:=git
|
|
PKG_SOURCE_URL=$(OPENWRT_GIT)/project/firewall3.git
|
|
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
|
|
PKG_SOURCE_VERSION:=8957be6c026858fe414aef69281d8aa06f7ea122
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
|
|
PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
|
|
PKG_LICENSE:=ISC
|
|
|
|
PKG_CONFIG_DEPENDS := CONFIG_IPV6
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
include $(INCLUDE_DIR)/cmake.mk
|
|
|
|
define Package/firewall
|
|
SECTION:=net
|
|
CATEGORY:=Base system
|
|
TITLE:=OpenWrt C Firewall
|
|
DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +kmod-ipt-nat
|
|
endef
|
|
|
|
define Package/firewall/description
|
|
This package provides a config-compatible C implementation of the UCI firewall.
|
|
endef
|
|
|
|
define Package/firewall/conffiles
|
|
/etc/config/firewall
|
|
/etc/firewall.user
|
|
endef
|
|
|
|
TARGET_CFLAGS += -ffunction-sections -fdata-sections
|
|
TARGET_LDFLAGS += -Wl,--gc-sections
|
|
CMAKE_OPTIONS += $(if $(CONFIG_IPV6),,-DDISABLE_IPV6=1)
|
|
|
|
define Package/firewall/install
|
|
$(INSTALL_DIR) $(1)/sbin
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/firewall3 $(1)/sbin/fw3
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(INSTALL_BIN) ./files/firewall.init $(1)/etc/init.d/firewall
|
|
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
|
|
$(INSTALL_DATA) ./files/firewall.hotplug $(1)/etc/hotplug.d/iface/20-firewall
|
|
$(INSTALL_DIR) $(1)/etc/config/
|
|
$(INSTALL_DATA) ./files/firewall.config $(1)/etc/config/firewall
|
|
$(INSTALL_DIR) $(1)/etc/
|
|
$(INSTALL_DATA) ./files/firewall.user $(1)/etc/firewall.user
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,firewall))
|