mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-21 06:33:41 +00:00
fcab45af13
Bump to latest git HEAD
509e673 firewall3: Improve ipset support
The enabled option did not work properly for ipsets, as it was not
checked on create/destroy of a set. After this commit, sets are only
created/destroyed if enabled is set to true.
Add support for reloading, or recreating, ipsets on firewall reload. By
setting "reload_set" to true, the set will be destroyed and then
re-created when the firewall is reloaded.
Add support for the counters and comment extensions. By setting
"counters" or "comment" to true, then counters or comments are added to
the set.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 51ffce0694)
63 lines
1.9 KiB
Makefile
63 lines
1.9 KiB
Makefile
#
|
|
# Copyright (C) 2013-2016 OpenWrt.org
|
|
# Copyright (C) 2016 LEDE project
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=firewall
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE_PROTO:=git
|
|
PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
|
|
PKG_SOURCE_DATE:=2019-08-16
|
|
PKG_SOURCE_VERSION:=509e673dab011851ed084ca592c557ee395fddd4
|
|
PKG_MIRROR_HASH:=6c05803bbf6c74a9a90bc1e425a069695490d87a988599e4607d51d2c2acacbb
|
|
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
|
|
PKG_LICENSE:=ISC
|
|
|
|
PKG_CONFIG_DEPENDS := CONFIG_IPV6
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
include $(INCLUDE_DIR)/cmake.mk
|
|
|
|
define Package/firewall
|
|
SECTION:=net
|
|
CATEGORY:=Base system
|
|
TITLE:=OpenWrt C Firewall
|
|
DEPENDS:=+libubox +libubus +libuci +libip4tc +IPV6:libip6tc +libxtables +kmod-ipt-core +kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +kmod-ipt-nat
|
|
endef
|
|
|
|
define Package/firewall/description
|
|
This package provides a config-compatible C implementation of the UCI firewall.
|
|
endef
|
|
|
|
define Package/firewall/conffiles
|
|
/etc/config/firewall
|
|
/etc/firewall.user
|
|
endef
|
|
|
|
TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
|
|
TARGET_LDFLAGS += -Wl,--gc-sections -flto
|
|
CMAKE_OPTIONS += $(if $(CONFIG_IPV6),,-DDISABLE_IPV6=1)
|
|
|
|
define Package/firewall/install
|
|
$(INSTALL_DIR) $(1)/sbin
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/firewall3 $(1)/sbin/fw3
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(INSTALL_BIN) ./files/firewall.init $(1)/etc/init.d/firewall
|
|
$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
|
|
$(INSTALL_CONF) ./files/firewall.hotplug $(1)/etc/hotplug.d/iface/20-firewall
|
|
$(INSTALL_DIR) $(1)/etc/config/
|
|
$(INSTALL_CONF) ./files/firewall.config $(1)/etc/config/firewall
|
|
$(INSTALL_DIR) $(1)/etc/
|
|
$(INSTALL_CONF) ./files/firewall.user $(1)/etc/firewall.user
|
|
$(INSTALL_DIR) $(1)/usr/share/fw3
|
|
$(INSTALL_CONF) $(PKG_BUILD_DIR)/helpers.conf $(1)/usr/share/fw3
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,firewall))
|