diff options
-rw-r--r-- | package/firewall/Makefile | 2 | ||||
-rw-r--r-- | package/iptables/Makefile | 51 | ||||
-rw-r--r-- | package/iptables/patches/200-configurable_builtin.patch | 56 |
3 files changed, 60 insertions, 49 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile index 978154b..54cb8dc 100644 --- a/package/firewall/Makefile +++ b/package/firewall/Makefile @@ -19,7 +19,7 @@ define Package/firewall URL:=http://openwrt.org/ TITLE:=OpenWrt firewall MAINTAINER:=Jo-Philipp Wich <xm@subsignal.org> - DEPENDS:=+iptables +iptables-mod-conntrack +iptables-mod-nat + DEPENDS:=+iptables +kmod-ipt-conntrack +kmod-ipt-nat PKGARCH:=all endef diff --git a/package/iptables/Makefile b/package/iptables/Makefile index 24c428c..026df26 100644 --- a/package/iptables/Makefile +++ b/package/iptables/Makefile @@ -79,26 +79,6 @@ IPv4 firewall administration tool. endef -define Package/iptables-mod-conntrack -$(call Package/iptables/Module, +kmod-ipt-conntrack) - TITLE:=Basic connection tracking extensions -endef - -define Package/iptables-mod-conntrack/description -Basic iptables extensions for connection tracking. - - Matches: - - state - - conntrack - - Targets: - - NOTRACK - - Tables: - - raw - -endef - define Package/iptables-mod-conntrack-extra $(call Package/iptables/Module, +kmod-ipt-conntrack-extra) TITLE:=Extra connection tracking extensions @@ -192,24 +172,6 @@ IPset iptables extensions. endef -define Package/iptables-mod-nat -$(call Package/iptables/Module, +kmod-ipt-nat) - TITLE:=Basic NAT extensions -endef - -define Package/iptables-mod-nat/description -iptables extensions for basic NAT targets. - - Targets: - - SNAT - - DNAT - - MASQUERADE - - Tables: - - nat - -endef - define Package/iptables-mod-nat-extra $(call Package/iptables/Module, +kmod-ipt-nat-extra) TITLE:=Extra NAT extensions @@ -394,13 +356,15 @@ CONFIGURE_ARGS += \ $(if $(CONFIG_IPV6),--enable-ipv6,--disable-ipv6) \ --enable-libipq \ --with-kernel="$(LINUX_DIR)" \ - --with-xtlibdir=/usr/lib/iptables + --with-xtlibdir=/usr/lib/iptables \ + --enable-static MAKE_FLAGS := \ $(TARGET_CONFIGURE_OPTS) \ COPT_FLAGS="$(TARGET_CFLAGS)" \ KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \ KBUILD_OUTPUT="$(LINUX_DIR)" \ + BUILTIN_MODULES="$(patsubst ipt_%,%,$(patsubst xt_%,%,$(IPT_BUILTIN) $(IPT_CONNTRACK-m) $(IPT_NAT-m)))" define Build/InstallDev $(INSTALL_DIR) $(1)/usr/include @@ -431,13 +395,6 @@ define Package/iptables/install $(LN) iptables $(1)/usr/sbin/iptables-save $(LN) iptables $(1)/usr/sbin/iptables-restore $(INSTALL_DIR) $(1)/usr/lib/iptables - (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \ - for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \ - if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\ - fi; \ - done \ - ) endef define Package/ip6tables/install @@ -496,14 +453,12 @@ L7_INSTALL:=\ $(eval $(call BuildPackage,iptables)) -$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m))) $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL))) $(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m))) $(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m))) $(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET)) -$(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m))) $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m))) $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m))) diff --git a/package/iptables/patches/200-configurable_builtin.patch b/package/iptables/patches/200-configurable_builtin.patch new file mode 100644 index 0000000..e61d8ab --- /dev/null +++ b/package/iptables/patches/200-configurable_builtin.patch @@ -0,0 +1,56 @@ +--- a/extensions/GNUmakefile.in ++++ b/extensions/GNUmakefile.in +@@ -40,9 +40,24 @@ + pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) + pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod}) + pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod}) +-pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod}) +-pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod}) +-pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod}) ++ ++ifdef BUILTIN_MODULES ++pfx_build_static := $(filter $(BUILTIN_MODULES),${pfx_build_mod}) ++pf4_build_static := $(filter $(BUILTIN_MODULES),${pf4_build_mod}) ++pf6_build_static := $(filter $(BUILTIN_MODULES),${pf6_build_mod}) ++else ++@ENABLE_STATIC_TRUE@ pfx_build_static := $(pfx_build_mod) ++@ENABLE_STATIC_TRUE@ pf4_build_static := $(pf4_build_mod) ++@ENABLE_STATIC_TRUE@ pf6_build_static := $(pf6_build_mod) ++endif ++ ++pfx_build_mod := $(filter-out $(pfx_build_static),$(pfx_build_mod)) ++pf4_build_mod := $(filter-out $(pf4_build_static),$(pf4_build_mod)) ++pf6_build_mod := $(filter-out $(pf6_build_static),$(pf6_build_mod)) ++ ++pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_static}) ++pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_static}) ++pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_static}) + pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod}) + pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod}) + pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod}) +@@ -54,10 +69,10 @@ + targets := libext4.a libext6.a matches4.man matches6.man \ + targets4.man targets6.man + targets_install := +-@ENABLE_STATIC_TRUE@ libext4_objs := ${pfx_objs} ${pf4_objs} +-@ENABLE_STATIC_TRUE@ libext6_objs := ${pfx_objs} ${pf6_objs} +-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} +-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} ++libext4_objs := ${pfx_objs} ${pf4_objs} ++libext6_objs := ${pfx_objs} ${pf6_objs} ++targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} ++targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs} + + .SECONDARY: + +@@ -107,8 +122,8 @@ + libext6.a: initext6.o ${libext6_objs} + ${AM_VERBOSE_AR} ${AR} crs $@ $^; + +-initext_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ipt_,${pf4_build_mod}) +-initext6_func := $(addprefix xt_,${pfx_build_mod}) $(addprefix ip6t_,${pf6_build_mod}) ++initext_func := $(addprefix xt_,${pfx_build_static}) $(addprefix ipt_,${pf4_build_static}) ++initext6_func := $(addprefix xt_,${pfx_build_static}) $(addprefix ip6t_,${pf6_build_static}) + + .initext4.dd: FORCE + @echo "${initext_func}" >$@.tmp; \ |