firewall4: introduce package

This commit introduces firewall4, an nftables based reimplementation of the
UCI iptables firewall.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

1 files changed, 45 insertions, 0 deletions

diff --git a/package/network/config/firewall4/Makefile b/package/network/config/firewall4/Makefile
new file mode 100644
index 0000000000..cdc3ab9c56
--- /dev/null
+++ b/package/network/config/firewall4/Makefile
@@ -0,0 +1,45 @@
+#
+# Copyright (C) 2021 Jo-Philipp Wich <jo@mein.io>
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=firewall4
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall4.git
+PKG_SOURCE_DATE:=2021-03-19
+PKG_SOURCE_VERSION:=59dbb982b7fefa480196dec03ba51c4f8c4dd7ae
+PKG_MIRROR_HASH:=3f37bea16fa553539d820cc49be92e23d3e1fd9b52db57dcbd06e78070044930
+PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+PKG_LICENSE:=ISC
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/firewall4
+  SECTION:=net
+  CATEGORY:=Base system
+  TITLE:=OpenWrt 4th gen firewall
+  DEPENDS:=+ucode +ucode-mod-fs +ucode-mod-uci +ucode-mod-ubus +kmod-nft-core +kmod-nft-fib +kmod-nft-nat +kmod-nft-nat6 +nftables-json
+  CONFLICTS:=firewall kmod-ipt-nat
+endef
+
+define Package/firewall4/description
+ This package provides an nftables-based implementation of the UCI firewall
+ sharing the same configuration format.
+endef
+
+define Package/firewall4/conffiles
+/etc/config/firewall
+/etc/nftables.d/
+endef
+
+define Package/firewall4/install
+	$(CP) -a $(PKG_BUILD_DIR)/root/* $(1)/
+endef
+
+define Build/Compile
+endef
+
+$(eval $(call BuildPackage,firewall4))