kumquat-buildroot/package/iptables/iptables.mk
José Pekkarinen 4906e77d59 package/iptables: add init script
This patch will add an init script that allows
to set a ruleset in /etc/iptables.conf to be loaded
on boot, or flushed on stop, as well as a saving
command to generate a new file.

Signed-off-by: José Pekkarinen <jose.pekkarinen@unikie.com>
[Arnout: change handling of readonly filesystem]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-09-22 23:27:21 +02:00

67 lines
2.1 KiB
Makefile

################################################################################
#
# iptables
#
################################################################################
IPTABLES_VERSION = 1.8.7
IPTABLES_SOURCE = iptables-$(IPTABLES_VERSION).tar.bz2
IPTABLES_SITE = https://netfilter.org/projects/iptables/files
IPTABLES_INSTALL_STAGING = YES
IPTABLES_DEPENDENCIES = host-pkgconf \
$(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack)
IPTABLES_LICENSE = GPL-2.0
IPTABLES_LICENSE_FILES = COPYING
IPTABLES_CPE_ID_VENDOR = netfilter
IPTABLES_SELINUX_MODULES = iptables
# Building static causes ugly warnings on some plugins
IPTABLES_CONF_OPTS = --libexecdir=/usr/lib --with-kernel=$(STAGING_DIR)/usr \
$(if $(BR2_STATIC_LIBS),,--disable-static)
# For connlabel match
ifeq ($(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),y)
IPTABLES_DEPENDENCIES += libnetfilter_conntrack
endif
# For nfnl_osf
ifeq ($(BR2_PACKAGE_LIBNFNETLINK),y)
IPTABLES_DEPENDENCIES += libnfnetlink
endif
# For iptables-compat tools
ifeq ($(BR2_PACKAGE_IPTABLES_NFTABLES),y)
IPTABLES_CONF_OPTS += --enable-nftables
IPTABLES_DEPENDENCIES += host-bison host-flex libmnl libnftnl
else
IPTABLES_CONF_OPTS += --disable-nftables
endif
# bpf compiler support and nfsynproxy tool
ifeq ($(BR2_PACKAGE_IPTABLES_BPF_NFSYNPROXY),y)
# libpcap is tricky for static-only builds and needs help
ifeq ($(BR2_STATIC_LIBS),y)
IPTABLES_LIBS_FOR_STATIC_LINK += `$(STAGING_DIR)/usr/bin/pcap-config --static --additional-libs`
IPTABLES_CONF_OPTS += LIBS="$(IPTABLES_LIBS_FOR_STATIC_LINK)"
endif
IPTABLES_CONF_OPTS += --enable-bpf-compiler --enable-nfsynproxy
IPTABLES_DEPENDENCIES += libpcap
else
IPTABLES_CONF_OPTS += --disable-bpf-compiler --disable-nfsynproxy
endif
define IPTABLES_LINUX_CONFIG_FIXUPS
$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_IPTABLES)
$(call KCONFIG_ENABLE_OPT,CONFIG_IP_NF_FILTER)
$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER)
$(call KCONFIG_ENABLE_OPT,CONFIG_NETFILTER_XTABLES)
endef
define IPTABLES_INSTALL_INIT_SYSV
$(INSTALL) -m 0755 -D package/iptables/S35iptables \
$(TARGET_DIR)/etc/init.d/S35iptables
touch $(TARGET_DIR)/etc/iptables.conf
endef
$(eval $(autotools-package))