diff options
author | Waldemar Brodkorb <wbx@openadk.org> | 2014-05-15 16:34:38 +0200 |
---|---|---|
committer | Waldemar Brodkorb <wbx@openadk.org> | 2014-05-15 16:34:38 +0200 |
commit | da074de37f3f49ff70644bf37178e31d1ca0f065 (patch) | |
tree | 1b94a3d8d019ec0bfa397d33fe72f78153a7acf1 /package/iptables | |
parent | 12117c47fa424fbb41fd105434e0b80f0f3cac62 (diff) |
remove subpackage ip6tables
Diffstat (limited to 'package/iptables')
-rw-r--r-- | package/iptables/Makefile | 25 | ||||
-rw-r--r-- | package/iptables/files/firewall6.conf | 98 | ||||
-rwxr-xr-x | package/iptables/files/firewall6.init | 32 | ||||
-rw-r--r-- | package/iptables/files/ip6tables.postinst | 3 |
4 files changed, 9 insertions, 149 deletions
diff --git a/package/iptables/Makefile b/package/iptables/Makefile index 477619c78..654278503 100644 --- a/package/iptables/Makefile +++ b/package/iptables/Makefile @@ -5,10 +5,11 @@ include ${TOPDIR}/rules.mk PKG_NAME:= iptables PKG_VERSION:= 1.4.21 -PKG_RELEASE:= 5 +PKG_RELEASE:= 6 PKG_MD5SUM:= 536d048c8e8eeebcd9757d0863ebb0c0 PKG_DESCR:= netfilter firewalling software PKG_SECTION:= firewall +PKG_DEPENDS:= libnetfilter_conntrack PKG_BUILDDEP:= autotool libnetfilter_conntrack PKG_URL:= http://www.netfilter.org/ PKG_SITES:= http://www.netfilter.org/projects/iptables/files/ @@ -16,19 +17,13 @@ PKG_OPTS:= dev DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.bz2 -PKG_SUBPKGS:= IPTABLES IP6TABLES -PKGSD_IPTABLES:= iptables for IPv4 -PKGSD_IP6TABLES:= iptables for IPv6 -PKGSS_IP6TABLES:= iptables - include ${TOPDIR}/mk/package.mk # right now default extensions are builtin # use --disable-static in CONFIGURE_ARGS to change and optimize package #include ${LINUX_DIR}/.config -$(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKGSD_IPTABLES},${PKG_SECTION},${PKG_OPTS})) -$(eval $(call PKG_template,IP6TABLES,ip6tables,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_IP6TABLES},${PKGSD_IP6TABLES},${PKG_SECTION},${PKG_OPTS})) +$(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS})) AUTOTOOL_STYLE:= autoreconf TARGET_LDFLAGS+= -fPIC @@ -37,16 +32,14 @@ CONFIGURE_ARGS+= --enable-devel iptables-install: ${INSTALL_DIR} ${IDIR_IPTABLES}/{usr/lib,etc,usr/sbin} ${INSTALL_DATA} ./files/firewall.conf ${IDIR_IPTABLES}/etc - ${CP} ${WRKINST}/usr/sbin/iptables* ${IDIR_IPTABLES}/usr/sbin - ${CP} ${WRKINST}/usr/sbin/xtables* ${IDIR_IPTABLES}/usr/sbin + ${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables ${IDIR_IPTABLES}/usr/sbin + ${INSTALL_BIN} ${WRKINST}/usr/sbin/ip6tables ${IDIR_IPTABLES}/usr/sbin + ${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables-{save,restore} \ + ${IDIR_IPTABLES}/usr/sbin + ${CP} ${WRKINST}/usr/sbin/xtables-multi ${IDIR_IPTABLES}/usr/sbin ${CP} ${WRKINST}/usr/lib/libiptc.so* ${IDIR_IPTABLES}/usr/lib ${CP} ${WRKINST}/usr/lib/libip4tc.so* ${IDIR_IPTABLES}/usr/lib + ${CP} ${WRKINST}/usr/lib/libip6tc.so* ${IDIR_IPTABLES}/usr/lib ${CP} ${WRKINST}/usr/lib/libxtables.so* ${IDIR_IPTABLES}/usr/lib -ip6tables-install: - ${INSTALL_DIR} ${IDIR_IP6TABLES}/{usr/lib,etc,usr/sbin} - ${INSTALL_DATA} ./files/firewall6.conf ${IDIR_IP6TABLES}/etc - ${CP} ${WRKINST}/usr/sbin/ip6tables ${IDIR_IP6TABLES}/usr/sbin - ${CP} ${WRKINST}/usr/lib/libip6tc.so* ${IDIR_IP6TABLES}/usr/lib - include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/iptables/files/firewall6.conf b/package/iptables/files/firewall6.conf deleted file mode 100644 index 2e86138b2..000000000 --- a/package/iptables/files/firewall6.conf +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -echo "configure /etc/firewall6.conf first." -exit 1 - -### Interfaces -WAN=sixxs -LAN=br0 -WLAN=wlan0 - -###################################################################### -### Default ruleset -###################################################################### - -### Create chains -ip6tables -N input_rule -ip6tables -N forwarding_rule - -### Default policy -ip6tables -P INPUT DROP -ip6tables -P FORWARD DROP -ip6tables -P OUTPUT DROP - -### INPUT -### (connections with the router as destination) - -# base case -ip6tables -A INPUT -m state --state INVALID -j DROP -ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -ip6tables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP - -# custom rules -ip6tables -A INPUT -j input_rule - -# allow access from anything but WAN -ip6tables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT -# allow icmp messages -ip6tables -A INPUT -p icmp6 -j ACCEPT - -# reject -ip6tables -A INPUT -p tcp -j REJECT --reject-with tcp-reset -ip6tables -A INPUT -j REJECT --reject-with icmp6-port-unreachable - -### OUTPUT -### (connections with the router as source) - -# base case -ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT -ip6tables -A OUTPUT -p icmp6 -j ACCEPT - -### FORWARD -### (connections routed through the router) - -# base case -ip6tables -A FORWARD -m state --state INVALID -j DROP -ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT - -# fix for broken ISPs blocking ICMPv6 "packet too big" packets -#ip6tables -t mangle -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - -# custom rules -ip6tables -A FORWARD -j forwarding_rule - -# allow LAN -ip6tables -A FORWARD -i $LAN -o $WAN -j ACCEPT - -###################################################################### -### Default ruleset end -###################################################################### - -### -### Connections to the router -### - -# ssh -#ip6tables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT - -# IPSec -#ip6tables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT -#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT - -# OpenVPN -#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT - -# PPTP -#ip6tables -A input_rule -i $WAN -p gre -j ACCEPT -#ip6tables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT - -### -### VPN traffic -### - -# IPSec -#ip6tables -A forwarding_rule -o ipsec+ -j ACCEPT -#ip6tables -A forwarding_rule -i ipsec+ -j ACCEPT - -# OpenVPN -#ip6tables -A forwarding_rule -o tun+ -j ACCEPT -#ip6tables -A forwarding_rule -i tun+ -j ACCEPT diff --git a/package/iptables/files/firewall6.init b/package/iptables/files/firewall6.init deleted file mode 100755 index 55631ecc9..000000000 --- a/package/iptables/files/firewall6.init +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -#PKG ip6tables -#INIT 45 -. /etc/rc.conf - -case $1 in -autostop) ;; -autostart) - test x"${firewall6:-NO}" = x"NO" && exit 0 - test x"$firewall6" = x"DAEMON" && test -x /bin/mksh && exec mksh -T- $0 start - exec sh $0 start - ;; -start) - . /etc/firewall6.conf - ;; -stop) - ### Clear tables - ip6tables -F - ip6tables -X - ip6tables -P INPUT ACCEPT - ip6tables -P FORWARD ACCEPT - ip6tables -P OUTPUT ACCEPT - ;; -restart) - sh $0 stop - sh $0 start - ;; -*) - echo "Usage: $0 {start | stop | restart}" - ;; -esac -exit $? diff --git a/package/iptables/files/ip6tables.postinst b/package/iptables/files/ip6tables.postinst deleted file mode 100644 index 90aa932a4..000000000 --- a/package/iptables/files/ip6tables.postinst +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -. $IPKG_INSTROOT/etc/functions.sh -add_rcconf firewall6 NO |