mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-20 06:08:08 +00:00
iptables: default to ip(6)tables-nft
OpenWrt now uses firewall4 (nft) by default,
so iptables should also default to nftables backend.
When multiple packages provide the same virtual package,
opkg pick the first one by alphabetical order,
so we rename iptables-legacy to iptables-zz-legacy and add
iptables-legacy in PROVIDES.
We also need to remove IPTABLES_NFTABLES config as
this cause recursive dependencies.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 35fec487e3)
This commit is contained in:
Etienne Champetier
Hauke Mehrtens
parent
e4caacc887
commit
fb3b927643
@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
PKG_NAME:=iptables
|
||||
PKG_VERSION:=1.8.7
|
||||
PKG_RELEASE:=6
|
||||
PKG_RELEASE:=7
|
||||
|
||||
PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
@ -50,18 +50,18 @@ $(call Package/iptables/Default)
|
||||
DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables
|
||||
endef
|
||||
|
||||
define Package/iptables-legacy
|
||||
define Package/iptables-zz-legacy
|
||||
$(call Package/iptables/Default)
|
||||
TITLE:=IP firewall administration tool
|
||||
DEPENDS+= +xtables-legacy
|
||||
PROVIDES:=iptables
|
||||
PROVIDES:=iptables iptables-legacy
|
||||
ALTERNATIVES:=\
|
||||
200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
|
||||
200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
|
||||
200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
|
||||
endef
|
||||
|
||||
define Package/iptables-legacy/description
|
||||
define Package/iptables-zz-legacy/description
|
||||
IP firewall administration tool.
|
||||
|
||||
Matches:
|
||||
@ -104,7 +104,7 @@ endef
|
||||
define Package/xtables-nft
|
||||
$(call Package/iptables/Default)
|
||||
TITLE:=IP firewall administration tool nft
|
||||
DEPENDS:=@IPTABLES_NFTABLES +libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
|
||||
DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat
|
||||
endef
|
||||
|
||||
define Package/arptables-nft
|
||||
@ -483,12 +483,12 @@ define Package/iptables-mod-checksum/description
|
||||
iptables extension for the CHECKSUM calculation target
|
||||
endef
|
||||
|
||||
define Package/ip6tables-legacy
|
||||
define Package/ip6tables-zz-legacy
|
||||
$(call Package/iptables/Default)
|
||||
DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy
|
||||
CATEGORY:=Network
|
||||
TITLE:=IPv6 firewall administration tool
|
||||
PROVIDES:=ip6tables
|
||||
PROVIDES:=ip6tables ip6tables-legacy
|
||||
ALTERNATIVES:=\
|
||||
200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
|
||||
200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
|
||||
@ -575,7 +575,7 @@ define Package/libiptext-nft
|
||||
CATEGORY:=Libraries
|
||||
TITLE:=IPv4/IPv6 firewall - shared libiptext nft library
|
||||
ABI_VERSION:=0
|
||||
DEPENDS:=@IPTABLES_NFTABLES +libxtables
|
||||
DEPENDS:=+libxtables
|
||||
endef
|
||||
|
||||
define Package/libxtables
|
||||
@ -594,12 +594,6 @@ define Package/libxtables/config
|
||||
default n
|
||||
help
|
||||
This enable connlabel support in iptables.
|
||||
|
||||
config IPTABLES_NFTABLES
|
||||
bool "Enable Nftables support"
|
||||
default y
|
||||
help
|
||||
This enable nftables support in iptables.
|
||||
endef
|
||||
|
||||
TARGET_CPPFLAGS := \
|
||||
@ -624,7 +618,6 @@ CONFIGURE_ARGS += \
|
||||
--with-xtlibdir=/usr/lib/iptables \
|
||||
--with-xt-lock-name=/var/run/xtables.lock \
|
||||
$(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
|
||||
$(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
|
||||
$(if $(CONFIG_IPV6),,--disable-ipv6)
|
||||
|
||||
MAKE_FLAGS := \
|
||||
@ -677,7 +670,7 @@ define Package/xtables-legacy/install
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
|
||||
endef
|
||||
|
||||
define Package/iptables-legacy/install
|
||||
define Package/iptables-zz-legacy/install
|
||||
$(INSTALL_DIR) $(1)/usr/sbin
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/
|
||||
$(INSTALL_DIR) $(1)/usr/lib/iptables
|
||||
@ -708,7 +701,7 @@ define Package/iptables-nft/install
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
|
||||
endef
|
||||
|
||||
define Package/ip6tables-legacy/install
|
||||
define Package/ip6tables-zz-legacy/install
|
||||
$(INSTALL_DIR) $(1)/usr/sbin
|
||||
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/
|
||||
endef
|
||||
@ -771,7 +764,7 @@ $(eval $(call BuildPackage,libiptext))
|
||||
$(eval $(call BuildPackage,libiptext6))
|
||||
$(eval $(call BuildPackage,libiptext-nft))
|
||||
$(eval $(call BuildPackage,xtables-legacy))
|
||||
$(eval $(call BuildPackage,iptables-legacy))
|
||||
$(eval $(call BuildPackage,iptables-zz-legacy))
|
||||
$(eval $(call BuildPackage,xtables-nft))
|
||||
$(eval $(call BuildPackage,arptables-nft))
|
||||
$(eval $(call BuildPackage,ebtables-nft))
|
||||
@ -799,7 +792,7 @@ $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
|
||||
$(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
|
||||
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
|
||||
$(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
|
||||
$(eval $(call BuildPackage,ip6tables-legacy))
|
||||
$(eval $(call BuildPackage,ip6tables-zz-legacy))
|
||||
$(eval $(call BuildPackage,ip6tables-nft))
|
||||
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
|
||||
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
|
||||
|
||||
Loading…
Reference in New Issue
Block a user