remove subpackage ip6tables

8 files changed, 39 insertions, 183 deletions

diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index 477619c78..654278503 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -5,10 +5,11 @@ include ${TOPDIR}/rules.mk
 
 PKG_NAME:=		iptables
 PKG_VERSION:=		1.4.21
-PKG_RELEASE:=		5
+PKG_RELEASE:=		6
 PKG_MD5SUM:=		536d048c8e8eeebcd9757d0863ebb0c0
 PKG_DESCR:=		netfilter firewalling software
 PKG_SECTION:=		firewall
+PKG_DEPENDS:=		libnetfilter_conntrack
 PKG_BUILDDEP:=		autotool libnetfilter_conntrack
 PKG_URL:=		http://www.netfilter.org/
 PKG_SITES:=		http://www.netfilter.org/projects/iptables/files/
@@ -16,19 +17,13 @@ PKG_OPTS:=		dev
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.bz2
 
-PKG_SUBPKGS:=		IPTABLES IP6TABLES
-PKGSD_IPTABLES:=	iptables for IPv4
-PKGSD_IP6TABLES:=	iptables for IPv6
-PKGSS_IP6TABLES:=	iptables
-
 include ${TOPDIR}/mk/package.mk
 
 # right now default extensions are builtin
 # use --disable-static in CONFIGURE_ARGS to change and optimize package
 #include ${LINUX_DIR}/.config
 
-$(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKGSD_IPTABLES},${PKG_SECTION},${PKG_OPTS}))
-$(eval $(call PKG_template,IP6TABLES,ip6tables,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_IP6TABLES},${PKGSD_IP6TABLES},${PKG_SECTION},${PKG_OPTS}))
+$(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS}))
 
 AUTOTOOL_STYLE:=	autoreconf
 TARGET_LDFLAGS+=	-fPIC
@@ -37,16 +32,14 @@ CONFIGURE_ARGS+=	--enable-devel
 iptables-install:
 	${INSTALL_DIR} ${IDIR_IPTABLES}/{usr/lib,etc,usr/sbin}
 	${INSTALL_DATA} ./files/firewall.conf ${IDIR_IPTABLES}/etc
-	${CP} ${WRKINST}/usr/sbin/iptables* ${IDIR_IPTABLES}/usr/sbin
-	${CP} ${WRKINST}/usr/sbin/xtables* ${IDIR_IPTABLES}/usr/sbin
+	${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables ${IDIR_IPTABLES}/usr/sbin
+	${INSTALL_BIN} ${WRKINST}/usr/sbin/ip6tables ${IDIR_IPTABLES}/usr/sbin
+	${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables-{save,restore} \
+		 ${IDIR_IPTABLES}/usr/sbin
+	${CP} ${WRKINST}/usr/sbin/xtables-multi ${IDIR_IPTABLES}/usr/sbin
 	${CP} ${WRKINST}/usr/lib/libiptc.so* ${IDIR_IPTABLES}/usr/lib
 	${CP} ${WRKINST}/usr/lib/libip4tc.so* ${IDIR_IPTABLES}/usr/lib
+	${CP} ${WRKINST}/usr/lib/libip6tc.so* ${IDIR_IPTABLES}/usr/lib
 	${CP} ${WRKINST}/usr/lib/libxtables.so* ${IDIR_IPTABLES}/usr/lib
 
-ip6tables-install:
-	${INSTALL_DIR} ${IDIR_IP6TABLES}/{usr/lib,etc,usr/sbin}
-	${INSTALL_DATA} ./files/firewall6.conf ${IDIR_IP6TABLES}/etc
-	${CP} ${WRKINST}/usr/sbin/ip6tables ${IDIR_IP6TABLES}/usr/sbin
-	${CP} ${WRKINST}/usr/lib/libip6tc.so* ${IDIR_IP6TABLES}/usr/lib
-
 include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/iptables/files/firewall6.conf b/package/iptables/files/firewall6.conf
deleted file mode 100644
index 2e86138b2..000000000
--- a/package/iptables/files/firewall6.conf
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/sh
-echo "configure /etc/firewall6.conf first."
-exit 1
-
-### Interfaces
-WAN=sixxs
-LAN=br0
-WLAN=wlan0
-
-######################################################################
-### Default ruleset
-######################################################################
-
-### Create chains
-ip6tables -N input_rule
-ip6tables -N forwarding_rule
-
-### Default policy
-ip6tables -P INPUT DROP
-ip6tables -P FORWARD DROP
-ip6tables -P OUTPUT DROP
-
-### INPUT
-###  (connections with the router as destination)
-
-# base case
-ip6tables -A INPUT -m state --state INVALID -j DROP
-ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-ip6tables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP
-
-# custom rules
-ip6tables -A INPUT -j input_rule
-
-# allow access from anything but WAN
-ip6tables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT
-# allow icmp messages
-ip6tables -A INPUT -p icmp6 -j ACCEPT
-
-# reject
-ip6tables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
-ip6tables -A INPUT -j REJECT --reject-with icmp6-port-unreachable
-
-### OUTPUT
-###  (connections with the router as source)
-
-# base case
-ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
-ip6tables -A OUTPUT -p icmp6 -j ACCEPT
-
-### FORWARD
-###  (connections routed through the router)
-
-# base case
-ip6tables -A FORWARD -m state --state INVALID -j DROP
-ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-# fix for broken ISPs blocking ICMPv6 "packet too big" packets
-#ip6tables -t mangle -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-
-# custom rules
-ip6tables -A FORWARD -j forwarding_rule
-
-# allow LAN
-ip6tables -A FORWARD -i $LAN -o $WAN -j ACCEPT
-
-######################################################################
-### Default ruleset end
-######################################################################
-
-###
-### Connections to the router
-###
-
-# ssh
-#ip6tables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT
-
-# IPSec
-#ip6tables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT
-#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT
-
-# OpenVPN
-#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT
-
-# PPTP
-#ip6tables -A input_rule -i $WAN -p gre -j ACCEPT
-#ip6tables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT
-
-###
-###  VPN traffic
-###
-
-# IPSec
-#ip6tables -A forwarding_rule -o ipsec+ -j ACCEPT
-#ip6tables -A forwarding_rule -i ipsec+ -j ACCEPT
-
-# OpenVPN
-#ip6tables -A forwarding_rule -o tun+ -j ACCEPT
-#ip6tables -A forwarding_rule -i tun+ -j ACCEPT
diff --git a/package/iptables/files/firewall6.init b/package/iptables/files/firewall6.init
deleted file mode 100755
index 55631ecc9..000000000
--- a/package/iptables/files/firewall6.init
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-#PKG ip6tables
-#INIT 45
-. /etc/rc.conf
-
-case $1 in
-autostop) ;;
-autostart)
-	test x"${firewall6:-NO}" = x"NO" && exit 0
-	test x"$firewall6" = x"DAEMON" && test -x /bin/mksh && exec mksh -T- $0 start
-	exec sh $0 start
-	;;
-start)
-	. /etc/firewall6.conf
-	;;
-stop)
-	### Clear tables
-	ip6tables -F
-	ip6tables -X
-	ip6tables -P INPUT ACCEPT
-	ip6tables -P FORWARD ACCEPT
-	ip6tables -P OUTPUT ACCEPT
-	;;
-restart)
-	sh $0 stop
-	sh $0 start
-	;;
-*)
-	echo "Usage: $0 {start | stop | restart}"
-	;;
-esac
-exit $?
diff --git a/package/iptables/files/ip6tables.postinst b/package/iptables/files/ip6tables.postinst
deleted file mode 100644
index 90aa932a4..000000000
--- a/package/iptables/files/ip6tables.postinst
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-. $IPKG_INSTROOT/etc/functions.sh
-add_rcconf firewall6 NO
diff --git a/target/linux/config/Config.in.netfilter b/target/linux/config/Config.in.netfilter
index 2fc23225c..f07302981 100644
--- a/target/linux/config/Config.in.netfilter
+++ b/target/linux/config/Config.in.netfilter
@@ -1,29 +1,33 @@
 menu "Netfilter (Firewall/Filtering)"
 
 config ADK_KERNEL_NETFILTER
-	bool
+	boolean
+	default y if ADK_PACKAGE_IPTABLES
 	default n
 
 config ADK_KERNEL_NETFILTER_ADVANCED
-	bool
+	boolean
+	default y if ADK_PACKAGE_IPTABLES
 	default n
 
 config ADK_KERNEL_BRIDGE_NETFILTER
-	bool
+	boolean
+	default y if ADK_PACKAGE_EBTABLES
 	default n
 
 config ADK_KERNEL_NETFILTER_XTABLES
-	bool
+	boolean
 	select ADK_KERNEL_NETFILTER
 	select ADK_KERNEL_NETFILTER_ADVANCED
+	default y if ADK_PACKAGE_IPTABLES
 	default n
 
 config ADK_KERNEL_NETFILTER_DEBUG
-	bool
+	boolean
 	default n
 
 config ADK_KERNEL_IP_NF_MATCH_LAYER7_DEBUG
-	bool
+	boolean
 	default n
 
 config ADK_KERNEL_IP_NF_TARGET_MIRROR
@@ -75,7 +79,7 @@ config ADK_KERNEL_IP6_NF_IPTABLES
 	default n
 
 config ADK_KERNEL_IP_ROUTE_FWMARK
-	bool
+	boolean
 	default n
 
 config ADK_KERNEL_IP_NF_QUEUE
diff --git a/target/linux/config/Config.in.netfilter.core b/target/linux/config/Config.in.netfilter.core
index 16da9707f..d5665bbdc 100644
--- a/target/linux/config/Config.in.netfilter.core
+++ b/target/linux/config/Config.in.netfilter.core
@@ -5,8 +5,11 @@ config ADK_KERNEL_NETFILTER_NETLINK_LOG
 	  for logging packets via NFNETLINK.
 
 config ADK_KERNEL_NF_CONNTRACK
-	tristate 'Netfilter connection tracking support'
+	prompt 'Netfilter connection tracking support'
+	tristate
 	select ADK_KERNEL_NETFILTER_XTABLES
+	default m if ADK_PACKAGE_IPTABLES
+	default n
 	help
 	  Connection tracking keeps a record of what packets have passed
 	  through your machine, in order to figure out how they are related
diff --git a/target/linux/config/Config.in.netfilter.ip4 b/target/linux/config/Config.in.netfilter.ip4
index db3207af8..075fabd1c 100644
--- a/target/linux/config/Config.in.netfilter.ip4
+++ b/target/linux/config/Config.in.netfilter.ip4
@@ -1,5 +1,6 @@
 config ADK_KERNEL_NF_CONNTRACK_IPV4
-	bool 'IPv4 connection tracking support (required for NAT)'
+	prompt 'IPv4 connection tracking support (required for NAT)'
+	tristate
 	select ADK_KERNEL_NF_CONNTRACK
 	default m if ADK_PACKAGE_IPTABLES
 	default n
@@ -39,23 +40,8 @@ config ADK_KERNEL_IP_NF_FILTER
 	  rules for simple packet filtering at local input, forwarding and
 	  local output.  See the man page for iptables(8).
 
-config ADK_KERNEL_FULL_NAT
-	tristate "Meta package for Full NAT"
-	select ADK_KERNEL_NF_NAT if ADK_KERNEL_VERSION_3_4_87
-	select ADK_KERNEL_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_10_37
-	select ADK_KERNEL_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_11_10
-	select ADK_KERNEL_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_12_18
-	select ADK_KERNEL_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_13_11
-	select ADK_KERNEL_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_14_4
-	select ADK_KERNEL_NF_NAT_IPV4 if ADK_KERNEL_VERSION_3_15_RC5
-	default m if ADK_PACKAGE_IPTABLES
-	default n
-
 config ADK_KERNEL_NF_NAT
-	tristate 'Full NAT'
-	depends on ADK_KERNEL_IP_NF_IPTABLES
-	depends on ADK_KERNEL_VERSION_3_4_87
-	default m if ADK_PACKAGE_IPTABLES
+	tristate
 	default n
 	help
 	  The Full NAT option allows masquerading, port forwarding and other
@@ -64,13 +50,8 @@ config ADK_KERNEL_NF_NAT
 
 config ADK_KERNEL_NF_NAT_IPV4
 	tristate 'Full NAT'
+	select ADK_KERNEL_NF_NAT
 	depends on ADK_KERNEL_IP_NF_IPTABLES
-	depends on ADK_KERNEL_VERSION_3_10_37 \
-		|| ADK_KERNEL_VERSION_3_11_10 \
-		|| ADK_KERNEL_VERSION_3_12_18 \
-		|| ADK_KERNEL_VERSION_3_13_11 \
-		|| ADK_KERNEL_VERSION_3_14_4 \
-		|| ADK_KERNEL_VERSION_3_15_RC5
 	default m if ADK_PACKAGE_IPTABLES
 	default n
 	help
diff --git a/target/linux/config/Config.in.netfilter.ip6 b/target/linux/config/Config.in.netfilter.ip6
index 33588a071..1999f21b6 100644
--- a/target/linux/config/Config.in.netfilter.ip6
+++ b/target/linux/config/Config.in.netfilter.ip6
@@ -1,8 +1,11 @@
 config ADK_KERNEL_NF_CONNTRACK_IPV6
-	tristate "IPv6 connection tracking support"
+	prompt "IPv6 connection tracking support"
+	tristate
 	select ADK_KERNEL_NF_CONNTRACK
 	select ADK_KERNEL_IPV6
-	---help---
+	default y if ADK_TARGET_IPTABLES
+	default n
+	help
 	  Connection tracking keeps a record of what packets have passed
 	  through your machine, in order to figure out how they are related
 	  into connections.
@@ -17,6 +20,8 @@ config ADK_KERNEL_IP6_NF_IPTABLES
 	tristate "IP6 tables support (required for filtering)"
 	select ADK_KERNEL_NETFILTER_XTABLES
 	select ADK_KERNEL_IPV6
+	default y if ADK_TARGET_IPTABLES
+	default n
 	help
 	  ip6tables is a general, extensible packet identification framework.
 	  Currently only the packet filtering and packet mangling subsystem
@@ -86,7 +91,10 @@ config ADK_KERNEL_IP6_NF_MATCH_RT
 # The targets
 
 config ADK_KERNEL_IP6_NF_FILTER
-	tristate "Packet filtering"
+	prompt "Packet filtering"
+	tristate
+	default y if ADK_TARGET_IPTABLES
+	default n
 	help
 	  Packet filtering defines a table `filter', which has a series of
 	  rules for simple packet filtering at local input, forwarding and