summaryrefslogtreecommitdiff
path: root/package/iptables
diff options
context:
space:
mode:
authorWaldemar Brodkorb <wbx@openadk.org>2014-05-15 16:34:38 +0200
committerWaldemar Brodkorb <wbx@openadk.org>2014-05-15 16:34:38 +0200
commitda074de37f3f49ff70644bf37178e31d1ca0f065 (patch)
tree1b94a3d8d019ec0bfa397d33fe72f78153a7acf1 /package/iptables
parent12117c47fa424fbb41fd105434e0b80f0f3cac62 (diff)
remove subpackage ip6tables
Diffstat (limited to 'package/iptables')
-rw-r--r--package/iptables/Makefile25
-rw-r--r--package/iptables/files/firewall6.conf98
-rwxr-xr-xpackage/iptables/files/firewall6.init32
-rw-r--r--package/iptables/files/ip6tables.postinst3
4 files changed, 9 insertions, 149 deletions
diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index 477619c78..654278503 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -5,10 +5,11 @@ include ${TOPDIR}/rules.mk
PKG_NAME:= iptables
PKG_VERSION:= 1.4.21
-PKG_RELEASE:= 5
+PKG_RELEASE:= 6
PKG_MD5SUM:= 536d048c8e8eeebcd9757d0863ebb0c0
PKG_DESCR:= netfilter firewalling software
PKG_SECTION:= firewall
+PKG_DEPENDS:= libnetfilter_conntrack
PKG_BUILDDEP:= autotool libnetfilter_conntrack
PKG_URL:= http://www.netfilter.org/
PKG_SITES:= http://www.netfilter.org/projects/iptables/files/
@@ -16,19 +17,13 @@ PKG_OPTS:= dev
DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.bz2
-PKG_SUBPKGS:= IPTABLES IP6TABLES
-PKGSD_IPTABLES:= iptables for IPv4
-PKGSD_IP6TABLES:= iptables for IPv6
-PKGSS_IP6TABLES:= iptables
-
include ${TOPDIR}/mk/package.mk
# right now default extensions are builtin
# use --disable-static in CONFIGURE_ARGS to change and optimize package
#include ${LINUX_DIR}/.config
-$(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKGSD_IPTABLES},${PKG_SECTION},${PKG_OPTS}))
-$(eval $(call PKG_template,IP6TABLES,ip6tables,${PKG_VERSION}-${PKG_RELEASE},${PKGSS_IP6TABLES},${PKGSD_IP6TABLES},${PKG_SECTION},${PKG_OPTS}))
+$(eval $(call PKG_template,IPTABLES,iptables,${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION},${PKG_OPTS}))
AUTOTOOL_STYLE:= autoreconf
TARGET_LDFLAGS+= -fPIC
@@ -37,16 +32,14 @@ CONFIGURE_ARGS+= --enable-devel
iptables-install:
${INSTALL_DIR} ${IDIR_IPTABLES}/{usr/lib,etc,usr/sbin}
${INSTALL_DATA} ./files/firewall.conf ${IDIR_IPTABLES}/etc
- ${CP} ${WRKINST}/usr/sbin/iptables* ${IDIR_IPTABLES}/usr/sbin
- ${CP} ${WRKINST}/usr/sbin/xtables* ${IDIR_IPTABLES}/usr/sbin
+ ${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables ${IDIR_IPTABLES}/usr/sbin
+ ${INSTALL_BIN} ${WRKINST}/usr/sbin/ip6tables ${IDIR_IPTABLES}/usr/sbin
+ ${INSTALL_BIN} ${WRKINST}/usr/sbin/iptables-{save,restore} \
+ ${IDIR_IPTABLES}/usr/sbin
+ ${CP} ${WRKINST}/usr/sbin/xtables-multi ${IDIR_IPTABLES}/usr/sbin
${CP} ${WRKINST}/usr/lib/libiptc.so* ${IDIR_IPTABLES}/usr/lib
${CP} ${WRKINST}/usr/lib/libip4tc.so* ${IDIR_IPTABLES}/usr/lib
+ ${CP} ${WRKINST}/usr/lib/libip6tc.so* ${IDIR_IPTABLES}/usr/lib
${CP} ${WRKINST}/usr/lib/libxtables.so* ${IDIR_IPTABLES}/usr/lib
-ip6tables-install:
- ${INSTALL_DIR} ${IDIR_IP6TABLES}/{usr/lib,etc,usr/sbin}
- ${INSTALL_DATA} ./files/firewall6.conf ${IDIR_IP6TABLES}/etc
- ${CP} ${WRKINST}/usr/sbin/ip6tables ${IDIR_IP6TABLES}/usr/sbin
- ${CP} ${WRKINST}/usr/lib/libip6tc.so* ${IDIR_IP6TABLES}/usr/lib
-
include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/iptables/files/firewall6.conf b/package/iptables/files/firewall6.conf
deleted file mode 100644
index 2e86138b2..000000000
--- a/package/iptables/files/firewall6.conf
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/sh
-echo "configure /etc/firewall6.conf first."
-exit 1
-
-### Interfaces
-WAN=sixxs
-LAN=br0
-WLAN=wlan0
-
-######################################################################
-### Default ruleset
-######################################################################
-
-### Create chains
-ip6tables -N input_rule
-ip6tables -N forwarding_rule
-
-### Default policy
-ip6tables -P INPUT DROP
-ip6tables -P FORWARD DROP
-ip6tables -P OUTPUT DROP
-
-### INPUT
-### (connections with the router as destination)
-
-# base case
-ip6tables -A INPUT -m state --state INVALID -j DROP
-ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-ip6tables -A INPUT -p tcp --tcp-flags SYN SYN \! --tcp-option 2 -j DROP
-
-# custom rules
-ip6tables -A INPUT -j input_rule
-
-# allow access from anything but WAN
-ip6tables -A INPUT ${WAN:+\! -i $WAN} -j ACCEPT
-# allow icmp messages
-ip6tables -A INPUT -p icmp6 -j ACCEPT
-
-# reject
-ip6tables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
-ip6tables -A INPUT -j REJECT --reject-with icmp6-port-unreachable
-
-### OUTPUT
-### (connections with the router as source)
-
-# base case
-ip6tables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
-ip6tables -A OUTPUT -p icmp6 -j ACCEPT
-
-### FORWARD
-### (connections routed through the router)
-
-# base case
-ip6tables -A FORWARD -m state --state INVALID -j DROP
-ip6tables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-
-# fix for broken ISPs blocking ICMPv6 "packet too big" packets
-#ip6tables -t mangle -A FORWARD -p tcp -o $WAN --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-
-# custom rules
-ip6tables -A FORWARD -j forwarding_rule
-
-# allow LAN
-ip6tables -A FORWARD -i $LAN -o $WAN -j ACCEPT
-
-######################################################################
-### Default ruleset end
-######################################################################
-
-###
-### Connections to the router
-###
-
-# ssh
-#ip6tables -A input_rule -i $WAN -p tcp -s <a.b.c.d> --dport 22 -j ACCEPT
-
-# IPSec
-#ip6tables -A input_rule -i $WAN -p esp -s <a.b.c.d> -j ACCEPT
-#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 500 -j ACCEPT
-
-# OpenVPN
-#ip6tables -A input_rule -i $WAN -p udp -s <a.b.c.d> --dport 1194 -j ACCEPT
-
-# PPTP
-#ip6tables -A input_rule -i $WAN -p gre -j ACCEPT
-#ip6tables -A input_rule -i $WAN -p tcp --dport 1723 -j ACCEPT
-
-###
-### VPN traffic
-###
-
-# IPSec
-#ip6tables -A forwarding_rule -o ipsec+ -j ACCEPT
-#ip6tables -A forwarding_rule -i ipsec+ -j ACCEPT
-
-# OpenVPN
-#ip6tables -A forwarding_rule -o tun+ -j ACCEPT
-#ip6tables -A forwarding_rule -i tun+ -j ACCEPT
diff --git a/package/iptables/files/firewall6.init b/package/iptables/files/firewall6.init
deleted file mode 100755
index 55631ecc9..000000000
--- a/package/iptables/files/firewall6.init
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-#PKG ip6tables
-#INIT 45
-. /etc/rc.conf
-
-case $1 in
-autostop) ;;
-autostart)
- test x"${firewall6:-NO}" = x"NO" && exit 0
- test x"$firewall6" = x"DAEMON" && test -x /bin/mksh && exec mksh -T- $0 start
- exec sh $0 start
- ;;
-start)
- . /etc/firewall6.conf
- ;;
-stop)
- ### Clear tables
- ip6tables -F
- ip6tables -X
- ip6tables -P INPUT ACCEPT
- ip6tables -P FORWARD ACCEPT
- ip6tables -P OUTPUT ACCEPT
- ;;
-restart)
- sh $0 stop
- sh $0 start
- ;;
-*)
- echo "Usage: $0 {start | stop | restart}"
- ;;
-esac
-exit $?
diff --git a/package/iptables/files/ip6tables.postinst b/package/iptables/files/ip6tables.postinst
deleted file mode 100644
index 90aa932a4..000000000
--- a/package/iptables/files/ip6tables.postinst
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-. $IPKG_INSTROOT/etc/functions.sh
-add_rcconf firewall6 NO