ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-26 00:41:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
aada15af93
openwrt/package/network/config/firewall/Makefile
Jo-Philipp Wich 2daab45cae firewall3: drop support for automatic NOTRACK rules 
Update to current HEAD in order to drop automatic generation of per-zone
NOTRACK rules.

The NOTRACK rules used to provide a little performance improvement but the
later introduction of the netfilter conntrack cache made those rules largely
unnecessary. Additionally, those rules caused various issues which broke
stateful firewalling in some scenarios.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-14 01:05:06 +01:00

63 lines
1.9 KiB
Makefile
Raw Blame History

#
# Copyright (C) 2013-2016 OpenWrt.org
# Copyright (C) 2016 LEDE project
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2016-11-29
PKG_RELEASE:=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(LEDE_GIT)/project/firewall3.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=13698aafb52c45817ee7815da3405e620657c8d0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
PKG_MIRROR_MD5SUM:=fd5468488e67b2a67a95228cb2e2efe66a44426748d294ecd9c7806c6bbe0978
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=ISC
PKG_CONFIG_DEPENDS := CONFIG_IPV6
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/firewall
SECTION:=net
CATEGORY:=Base system
TITLE:=OpenWrt C Firewall
DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +kmod-ipt-nat
endef
define Package/firewall/description
This package provides a config-compatible C implementation of the UCI firewall.
endef
define Package/firewall/conffiles
/etc/config/firewall
/etc/firewall.user
endef
TARGET_CFLAGS += -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
CMAKE_OPTIONS += $(if $(CONFIG_IPV6),,-DDISABLE_IPV6=1)
define Package/firewall/install
$(INSTALL_DIR) $(1)/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/firewall3 $(1)/sbin/fw3
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/firewall.init $(1)/etc/init.d/firewall
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
$(INSTALL_DATA) ./files/firewall.hotplug $(1)/etc/hotplug.d/iface/20-firewall
$(INSTALL_DIR) $(1)/etc/config/
$(INSTALL_DATA) ./files/firewall.config $(1)/etc/config/firewall
$(INSTALL_DIR) $(1)/etc/
$(INSTALL_DATA) ./files/firewall.user $(1)/etc/firewall.user
endef
$(eval $(call BuildPackage,firewall))
Reference in New Issue View Git Blame Copy Permalink