diff options
| author | Etienne Champetier <champetier.etienne@gmail.com> | 2022-06-26 04:54:45 +0000 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-06-29 22:39:56 +0200 |
| commit | fb3b9276435fff00ecf1c3fb9761ded625136b3b (patch) | |
| tree | 56fdc41c17d5bb7d0ca44fffa9504cf23f2788a2 /package | |
| parent | e4caacc88785b150bca868080160155692db33aa (diff) | |
| download | upstream-fb3b9276435fff00ecf1c3fb9761ded625136b3b.tar.gz upstream-fb3b9276435fff00ecf1c3fb9761ded625136b3b.tar.bz2 upstream-fb3b9276435fff00ecf1c3fb9761ded625136b3b.zip | |
iptables: default to ip(6)tables-nft
OpenWrt now uses firewall4 (nft) by default,
so iptables should also default to nftables backend.
When multiple packages provide the same virtual package,
opkg pick the first one by alphabetical order,
so we rename iptables-legacy to iptables-zz-legacy and add
iptables-legacy in PROVIDES.
We also need to remove IPTABLES_NFTABLES config as
this cause recursive dependencies.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 35fec487e30f05c81bd135326a993dad7f861812)
Diffstat (limited to 'package')
| -rw-r--r-- | package/network/utils/iptables/Makefile | 31 |
1 files changed, 12 insertions, 19 deletions
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index ea9561b6b9..6546067553 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -10,7 +10,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=iptables PKG_VERSION:=1.8.7 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 @@ -50,18 +50,18 @@ $(call Package/iptables/Default) DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libiptext +IPV6:libiptext6 +libxtables endef -define Package/iptables-legacy +define Package/iptables-zz-legacy $(call Package/iptables/Default) TITLE:=IP firewall administration tool DEPENDS+= +xtables-legacy - PROVIDES:=iptables + PROVIDES:=iptables iptables-legacy ALTERNATIVES:=\ 200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \ 200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \ 200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi endef -define Package/iptables-legacy/description +define Package/iptables-zz-legacy/description IP firewall administration tool. Matches: @@ -104,7 +104,7 @@ endef define Package/xtables-nft $(call Package/iptables/Default) TITLE:=IP firewall administration tool nft - DEPENDS:=@IPTABLES_NFTABLES +libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat + DEPENDS:=+libnftnl +libiptext +IPV6:libiptext6 +libiptext-nft +kmod-nft-compat endef define Package/arptables-nft @@ -483,12 +483,12 @@ define Package/iptables-mod-checksum/description iptables extension for the CHECKSUM calculation target endef -define Package/ip6tables-legacy +define Package/ip6tables-zz-legacy $(call Package/iptables/Default) DEPENDS:=@IPV6 +kmod-ip6tables +xtables-legacy CATEGORY:=Network TITLE:=IPv6 firewall administration tool - PROVIDES:=ip6tables + PROVIDES:=ip6tables ip6tables-legacy ALTERNATIVES:=\ 200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \ 200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \ @@ -575,7 +575,7 @@ define Package/libiptext-nft CATEGORY:=Libraries TITLE:=IPv4/IPv6 firewall - shared libiptext nft library ABI_VERSION:=0 - DEPENDS:=@IPTABLES_NFTABLES +libxtables + DEPENDS:=+libxtables endef define Package/libxtables @@ -594,12 +594,6 @@ define Package/libxtables/config default n help This enable connlabel support in iptables. - - config IPTABLES_NFTABLES - bool "Enable Nftables support" - default y - help - This enable nftables support in iptables. endef TARGET_CPPFLAGS := \ @@ -624,7 +618,6 @@ CONFIGURE_ARGS += \ --with-xtlibdir=/usr/lib/iptables \ --with-xt-lock-name=/var/run/xtables.lock \ $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \ - $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \ $(if $(CONFIG_IPV6),,--disable-ipv6) MAKE_FLAGS := \ @@ -677,7 +670,7 @@ define Package/xtables-legacy/install $(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/ endef -define Package/iptables-legacy/install +define Package/iptables-zz-legacy/install $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-legacy{,-restore,-save} $(1)/usr/sbin/ $(INSTALL_DIR) $(1)/usr/lib/iptables @@ -708,7 +701,7 @@ define Package/iptables-nft/install $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/ endef -define Package/ip6tables-legacy/install +define Package/ip6tables-zz-legacy/install $(INSTALL_DIR) $(1)/usr/sbin $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-legacy{,-restore,-save} $(1)/usr/sbin/ endef @@ -771,7 +764,7 @@ $(eval $(call BuildPackage,libiptext)) $(eval $(call BuildPackage,libiptext6)) $(eval $(call BuildPackage,libiptext-nft)) $(eval $(call BuildPackage,xtables-legacy)) -$(eval $(call BuildPackage,iptables-legacy)) +$(eval $(call BuildPackage,iptables-zz-legacy)) $(eval $(call BuildPackage,xtables-nft)) $(eval $(call BuildPackage,arptables-nft)) $(eval $(call BuildPackage,ebtables-nft)) @@ -799,7 +792,7 @@ $(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m))) $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m))) $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m))) $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m))) -$(eval $(call BuildPackage,ip6tables-legacy)) +$(eval $(call BuildPackage,ip6tables-zz-legacy)) $(eval $(call BuildPackage,ip6tables-nft)) $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m))) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) |