aboutsummaryrefslogtreecommitdiffstats
path: root/package
diff options
context:
space:
mode:
Diffstat (limited to 'package')
-rw-r--r--package/network/utils/iptables/Makefile36
-rw-r--r--package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch4
-rw-r--r--package/network/utils/iptables/patches/030-no-libnfnetlink.patch94
-rw-r--r--package/network/utils/iptables/patches/050-optional-xml.patch2
-rw-r--r--package/network/utils/iptables/patches/100-bash-location.patch8
-rw-r--r--package/network/utils/iptables/patches/200-configurable_builtin.patch45
-rw-r--r--package/network/utils/iptables/patches/300-musl_fixes.patch127
-rw-r--r--package/network/utils/iptables/patches/600-shared-libext.patch40
-rw-r--r--package/network/utils/iptables/patches/700-disable-legacy-revisions.patch51
9 files changed, 103 insertions, 304 deletions
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index ac869f0385..2fef0aba19 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -9,17 +9,16 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
-PKG_VERSION:=1.4.21
-PKG_RELEASE:=2
+PKG_VERSION:=1.6.1
+PKG_RELEASE:=1
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
- ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
- ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
- ftp://ftp.no.netfilter.org/pub/netfilter/iptables/
-PKG_HASH:=52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://git.netfilter.org/iptables
+PKG_SOURCE_VERSION:=7df66f1c13563cfbab75246b009ce36f69ee4487
+PKG_MIRROR_HASH:=22f15ef41fd8e3724bedcee666b7b6a3491d2d038d580ef1fb032718dcb73f14
PKG_FIXUP:=autoreconf
+
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0
@@ -51,6 +50,20 @@ $(call Package/iptables/Default)
DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
endef
+define Package/iptables/config
+ config IPTABLES_CONNLABEL
+ bool "Enable Connlabel support"
+ default n
+ help
+ This enable connlabel support in iptables.
+
+ config IPTABLES_NFTABLES
+ bool "Enable Nftables support"
+ default n
+ help
+ This enable nftables support in iptables.
+endef
+
define Package/iptables/description
IP firewall administration tool.
@@ -413,6 +426,9 @@ define Package/libxtables
SECTION:=libs
CATEGORY:=Libraries
TITLE:=IPv4/IPv6 firewall - shared xtables library
+ DEPENDS:= \
+ +IPTABLES_CONNLABEL:libnetfilter-conntrack \
+ +IPTABLES_NFTABLES:libnfnetlink
endef
TARGET_CPPFLAGS := \
@@ -431,10 +447,12 @@ TARGET_LDFLAGS += \
CONFIGURE_ARGS += \
--enable-shared \
+ --enable-static \
--enable-devel \
--with-kernel="$(LINUX_DIR)/user_headers" \
--with-xtlibdir=/usr/lib/iptables \
- --enable-static \
+ $(if $(CONFIG_IPTABLES_CONNLABEL),,--disable-connlabel) \
+ $(if $(CONFIG_IPTABLES_NFTABLES),,--disable-nftables) \
$(if $(CONFIG_IPV6),,--disable-ipv6)
MAKE_FLAGS := \
diff --git a/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch b/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch
index 2b6c57ec9e..4add4ea5f3 100644
--- a/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch
+++ b/package/network/utils/iptables/patches/020-iptables-disable-modprobe.patch
@@ -1,6 +1,6 @@
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
-@@ -336,6 +336,7 @@ static char *get_modprobe(void)
+@@ -355,6 +355,7 @@ static char *get_modprobe(void)
int xtables_insmod(const char *modname, const char *modprobe, bool quiet)
{
@@ -8,7 +8,7 @@
char *buf = NULL;
char *argv[4];
int status;
-@@ -380,6 +381,7 @@ int xtables_insmod(const char *modname,
+@@ -395,6 +396,7 @@ int xtables_insmod(const char *modname,
free(buf);
if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
return 0;
diff --git a/package/network/utils/iptables/patches/030-no-libnfnetlink.patch b/package/network/utils/iptables/patches/030-no-libnfnetlink.patch
deleted file mode 100644
index 50542ac0b5..0000000000
--- a/package/network/utils/iptables/patches/030-no-libnfnetlink.patch
+++ /dev/null
@@ -1,94 +0,0 @@
---- a/configure
-+++ b/configure
-@@ -12367,77 +12367,7 @@ fi
- fi
-
-
--pkg_failed=no
--{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnfnetlink" >&5
--$as_echo_n "checking for libnfnetlink... " >&6; }
--
--if test -n "$libnfnetlink_CFLAGS"; then
-- pkg_cv_libnfnetlink_CFLAGS="$libnfnetlink_CFLAGS"
-- elif test -n "$PKG_CONFIG"; then
-- if test -n "$PKG_CONFIG" && \
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\""; } >&5
-- ($PKG_CONFIG --exists --print-errors "libnfnetlink >= 1.0") 2>&5
-- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; then
-- pkg_cv_libnfnetlink_CFLAGS=`$PKG_CONFIG --cflags "libnfnetlink >= 1.0" 2>/dev/null`
-- test "x$?" != "x0" && pkg_failed=yes
--else
-- pkg_failed=yes
--fi
-- else
-- pkg_failed=untried
--fi
--if test -n "$libnfnetlink_LIBS"; then
-- pkg_cv_libnfnetlink_LIBS="$libnfnetlink_LIBS"
-- elif test -n "$PKG_CONFIG"; then
-- if test -n "$PKG_CONFIG" && \
-- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnfnetlink >= 1.0\""; } >&5
-- ($PKG_CONFIG --exists --print-errors "libnfnetlink >= 1.0") 2>&5
-- ac_status=$?
-- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-- test $ac_status = 0; }; then
-- pkg_cv_libnfnetlink_LIBS=`$PKG_CONFIG --libs "libnfnetlink >= 1.0" 2>/dev/null`
-- test "x$?" != "x0" && pkg_failed=yes
--else
-- pkg_failed=yes
--fi
-- else
-- pkg_failed=untried
--fi
--
--
--
--if test $pkg_failed = yes; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
--
--if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
-- _pkg_short_errors_supported=yes
--else
-- _pkg_short_errors_supported=no
--fi
-- if test $_pkg_short_errors_supported = yes; then
-- libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnfnetlink >= 1.0" 2>&1`
-- else
-- libnfnetlink_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnfnetlink >= 1.0" 2>&1`
-- fi
-- # Put the nasty error message in config.log where it belongs
-- echo "$libnfnetlink_PKG_ERRORS" >&5
--
-- nfnetlink=0
--elif test $pkg_failed = untried; then
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
--$as_echo "no" >&6; }
-- nfnetlink=0
--else
-- libnfnetlink_CFLAGS=$pkg_cv_libnfnetlink_CFLAGS
-- libnfnetlink_LIBS=$pkg_cv_libnfnetlink_LIBS
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--$as_echo "yes" >&6; }
-- nfnetlink=1
--fi
-- if test "$nfnetlink" = 1; then
-+if false; then
- HAVE_LIBNFNETLINK_TRUE=
- HAVE_LIBNFNETLINK_FALSE='#'
- else
---- a/configure.ac
-+++ b/configure.ac
-@@ -111,9 +111,7 @@ if test "x$enable_bpfc" = "xyes" || test
- AC_CHECK_LIB(pcap, pcap_compile,, AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool))
- fi
-
--PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
-- [nfnetlink=1], [nfnetlink=0])
--AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
-+AM_CONDITIONAL([HAVE_LIBNFNETLINK], [false])
-
- regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
- -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
diff --git a/package/network/utils/iptables/patches/050-optional-xml.patch b/package/network/utils/iptables/patches/050-optional-xml.patch
index 11311ddb47..b782bbf13a 100644
--- a/package/network/utils/iptables/patches/050-optional-xml.patch
+++ b/package/network/utils/iptables/patches/050-optional-xml.patch
@@ -1,6 +1,6 @@
--- a/iptables/xtables-multi.c
+++ b/iptables/xtables-multi.c
-@@ -22,8 +22,10 @@ static const struct subcommand multi_sub
+@@ -26,8 +26,10 @@ static const struct subcommand multi_sub
{"iptables-restore", iptables_restore_main},
{"restore4", iptables_restore_main},
#endif
diff --git a/package/network/utils/iptables/patches/100-bash-location.patch b/package/network/utils/iptables/patches/100-bash-location.patch
deleted file mode 100644
index 02ee45ba1e..0000000000
--- a/package/network/utils/iptables/patches/100-bash-location.patch
+++ /dev/null
@@ -1,8 +0,0 @@
---- a/iptables/iptables-apply
-+++ b/iptables/iptables-apply
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/usr/bin/env bash
- #
- # iptables-apply -- a safer way to update iptables remotely
- #
diff --git a/package/network/utils/iptables/patches/200-configurable_builtin.patch b/package/network/utils/iptables/patches/200-configurable_builtin.patch
index d35bc5a85d..9c53c2bfed 100644
--- a/package/network/utils/iptables/patches/200-configurable_builtin.patch
+++ b/package/network/utils/iptables/patches/200-configurable_builtin.patch
@@ -1,58 +1,75 @@
--- a/extensions/GNUmakefile.in
+++ b/extensions/GNUmakefile.in
-@@ -45,9 +45,24 @@ pfx_symlinks := NOTRACK state
- pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod})
- pf4_build_mod := $(filter-out @blacklist_modules@,${pf4_build_mod})
- pf6_build_mod := $(filter-out @blacklist_modules@,${pf6_build_mod})
+@@ -50,11 +50,31 @@ pfb_build_mod := $(filter-out @blacklist
+ pfa_build_mod := $(filter-out @blacklist_modules@ @blacklist_a_modules@,${pfa_build_mod})
+ pf4_build_mod := $(filter-out @blacklist_modules@ @blacklist_4_modules@,${pf4_build_mod})
+ pf6_build_mod := $(filter-out @blacklist_modules@ @blacklist_6_modules@,${pf6_build_mod})
-pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_mod})
+-pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_mod})
+-pfa_objs := $(patsubst %,libarpt_%.o,${pfa_build_mod})
-pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_mod})
-pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_mod})
-+
+ifdef BUILTIN_MODULES
+pfx_build_static := $(filter $(BUILTIN_MODULES),${pfx_build_mod})
++pfb_build_static := $(filter $(BUILTIN_MODULES),${pfb_build_mod})
++pfa_build_static := $(filter $(BUILTIN_MODULES),${pfa_build_mod})
+pf4_build_static := $(filter $(BUILTIN_MODULES),${pf4_build_mod})
+pf6_build_static := $(filter $(BUILTIN_MODULES),${pf6_build_mod})
+else
+@ENABLE_STATIC_TRUE@ pfx_build_static := $(pfx_build_mod)
++@ENABLE_STATIC_TRUE@ pfb_build_static := $(pfb_build_mod)
++@ENABLE_STATIC_TRUE@ pfa_build_static := $(pfa_build_mod)
+@ENABLE_STATIC_TRUE@ pf4_build_static := $(pf4_build_mod)
+@ENABLE_STATIC_TRUE@ pf6_build_static := $(pf6_build_mod)
+endif
+
+pfx_build_mod := $(filter-out $(pfx_build_static),$(pfx_build_mod))
++pfb_build_mod := $(filter-out $(pfb_build_static),$(pfb_build_mod))
++pfa_build_mod := $(filter-out $(pfa_build_static),$(pfa_build_mod))
+pf4_build_mod := $(filter-out $(pf4_build_static),$(pf4_build_mod))
+pf6_build_mod := $(filter-out $(pf6_build_static),$(pf6_build_mod))
+
+pfx_objs := $(patsubst %,libxt_%.o,${pfx_build_static})
++pfb_objs := $(patsubst %,libebt_%.o,${pfb_build_static})
++pfa_objs := $(patsubst %,libarpt_%.o,${pfa_build_static})
+pf4_objs := $(patsubst %,libipt_%.o,${pf4_build_static})
+pf6_objs := $(patsubst %,libip6t_%.o,${pf6_build_static})
pfx_solibs := $(patsubst %,libxt_%.so,${pfx_build_mod} ${pfx_symlinks})
- pf4_solibs := $(patsubst %,libipt_%.so,${pf4_build_mod})
- pf6_solibs := $(patsubst %,libip6t_%.so,${pf6_build_mod})
-@@ -58,11 +73,11 @@ pf6_solibs := $(patsubst %,libip6t_%.
+ pfb_solibs := $(patsubst %,libebt_%.so,${pfb_build_mod})
+ pfa_solibs := $(patsubst %,libarpt_%.so,${pfa_build_mod})
+@@ -67,13 +87,13 @@ pf6_solibs := $(patsubst %,libip6t_%.
#
- targets := libext.a libext4.a libext6.a matches.man targets.man
+ targets := libext.a libext4.a libext6.a libext_ebt.a libext_arpt.a matches.man targets.man
targets_install :=
-@ENABLE_STATIC_TRUE@ libext_objs := ${pfx_objs}
+-@ENABLE_STATIC_TRUE@ libext_ebt_objs := ${pfb_objs}
+-@ENABLE_STATIC_TRUE@ libext_arpt_objs := ${pfa_objs}
-@ENABLE_STATIC_TRUE@ libext4_objs := ${pf4_objs}
-@ENABLE_STATIC_TRUE@ libext6_objs := ${pf6_objs}
--@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
--@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
+-@ENABLE_STATIC_FALSE@ targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
+-@ENABLE_STATIC_FALSE@ targets_install += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
+libext_objs := ${pfx_objs}
++libext_ebt_objs := ${pfb_objs}
++libext_arpt_objs := ${pfa_objs}
+libext4_objs := ${pf4_objs}
+libext6_objs := ${pf6_objs}
-+targets += ${pfx_solibs} ${pf4_solibs} ${pf6_solibs}
-+targets_install := $(strip ${targets_install} ${pfx_solibs} ${pf4_solibs} ${pf6_solibs})
++targets += ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs}
++targets_install := $(strip ${pfx_solibs} ${pfb_solibs} ${pf4_solibs} ${pf6_solibs} ${pfa_solibs})
.SECONDARY:
-@@ -126,9 +141,9 @@ libext4.a: initext4.o ${libext4_objs}
+@@ -141,11 +161,11 @@ libext4.a: initext4.o ${libext4_objs}
libext6.a: initext6.o ${libext6_objs}
${AM_VERBOSE_AR} ${AR} crs $@ $^;
-initext_func := $(addprefix xt_,${pfx_build_mod})
+-initextb_func := $(addprefix ebt_,${pfb_build_mod})
+-initexta_func := $(addprefix arpt_,${pfa_build_mod})
-initext4_func := $(addprefix ipt_,${pf4_build_mod})
-initext6_func := $(addprefix ip6t_,${pf6_build_mod})
+initext_func := $(addprefix xt_,${pfx_build_static})
++initextb_func := $(addprefix ebt_,${pfb_build_static})
++initexta_func := $(addprefix arpt_,${pfa_build_static})
+initext4_func := $(addprefix ipt_,${pf4_build_static})
+initext6_func := $(addprefix ip6t_,${pf6_build_static})
diff --git a/package/network/utils/iptables/patches/300-musl_fixes.patch b/package/network/utils/iptables/patches/300-musl_fixes.patch
deleted file mode 100644
index a78eda775d..0000000000
--- a/package/network/utils/iptables/patches/300-musl_fixes.patch
+++ /dev/null
@@ -1,127 +0,0 @@
---- a/extensions/libip6t_ipv6header.c
-+++ b/extensions/libip6t_ipv6header.c
-@@ -10,6 +10,9 @@ on whether they contain certain headers
- #include <netdb.h>
- #include <xtables.h>
- #include <linux/netfilter_ipv6/ip6t_ipv6header.h>
-+#ifndef IPPROTO_HOPOPTS
-+# define IPPROTO_HOPOPTS 0
-+#endif
-
- enum {
- O_HEADER = 0,
---- a/extensions/libxt_TCPOPTSTRIP.c
-+++ b/extensions/libxt_TCPOPTSTRIP.c
-@@ -12,6 +12,21 @@
- #ifndef TCPOPT_MD5SIG
- # define TCPOPT_MD5SIG 19
- #endif
-+#ifndef TCPOPT_MAXSEG
-+# define TCPOPT_MAXSEG 2
-+#endif
-+#ifndef TCPOPT_WINDOW
-+# define TCPOPT_WINDOW 3
-+#endif
-+#ifndef TCPOPT_SACK_PERMITTED
-+# define TCPOPT_SACK_PERMITTED 4
-+#endif
-+#ifndef TCPOPT_SACK
-+# define TCPOPT_SACK 5
-+#endif
-+#ifndef TCPOPT_TIMESTAMP
-+# define TCPOPT_TIMESTAMP 8
-+#endif
-
- enum {
- O_STRIP_OPTION = 0,
---- a/include/libiptc/ipt_kernel_headers.h
-+++ b/include/libiptc/ipt_kernel_headers.h
-@@ -5,7 +5,6 @@
-
- #include <limits.h>
-
--#if defined(__GLIBC__) && __GLIBC__ == 2
- #include <netinet/ip.h>
- #include <netinet/in.h>
- #include <netinet/ip_icmp.h>
-@@ -13,15 +12,4 @@
- #include <netinet/udp.h>
- #include <net/if.h>
- #include <sys/types.h>
--#else /* libc5 */
--#include <sys/socket.h>
--#include <linux/ip.h>
--#include <linux/in.h>
--#include <linux/if.h>
--#include <linux/icmp.h>
--#include <linux/tcp.h>
--#include <linux/udp.h>
--#include <linux/types.h>
--#include <linux/in6.h>
--#endif
- #endif
---- a/include/linux/netfilter_ipv4/ip_tables.h
-+++ b/include/linux/netfilter_ipv4/ip_tables.h
-@@ -16,6 +16,7 @@
- #define _IPTABLES_H
-
- #include <linux/types.h>
-+#include <sys/types.h>
-
- #include <linux/netfilter_ipv4.h>
-
---- a/iptables/ip6tables-restore.c
-+++ b/iptables/ip6tables-restore.c
-@@ -9,7 +9,7 @@
- */
-
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <stdbool.h>
- #include <string.h>
- #include <stdio.h>
---- a/iptables/ip6tables-save.c
-+++ b/iptables/ip6tables-save.c
-@@ -6,7 +6,7 @@
- * This code is distributed under the terms of GNU GPL v2
- */
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <stdio.h>
- #include <fcntl.h>
- #include <stdlib.h>
---- a/iptables/iptables-restore.c
-+++ b/iptables/iptables-restore.c
-@@ -6,7 +6,7 @@
- */
-
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <stdbool.h>
- #include <string.h>
- #include <stdio.h>
---- a/iptables/iptables-save.c
-+++ b/iptables/iptables-save.c
-@@ -6,7 +6,7 @@
- *
- */
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <stdio.h>
- #include <fcntl.h>
- #include <stdlib.h>
---- a/iptables/iptables-xml.c
-+++ b/iptables/iptables-xml.c
-@@ -7,7 +7,7 @@
- */
-
- #include <getopt.h>
--#include <sys/errno.h>
-+#include <errno.h>
- #include <string.h>
- #include <stdio.h>
- #include <stdlib.h>
diff --git a/package/network/utils/iptables/patches/600-shared-libext.patch b/package/network/utils/iptables/patches/600-shared-libext.patch
index 92f5485399..2071ebd868 100644
--- a/package/network/utils/iptables/patches/600-shared-libext.patch
+++ b/package/network/utils/iptables/patches/600-shared-libext.patch
@@ -1,17 +1,15 @@
-Index: iptables-1.4.21/extensions/GNUmakefile.in
-===================================================================
---- iptables-1.4.21.orig/extensions/GNUmakefile.in
-+++ iptables-1.4.21/extensions/GNUmakefile.in
-@@ -71,7 +71,7 @@ pf6_solibs := $(patsubst %,libip6t_%.
+--- a/extensions/GNUmakefile.in
++++ b/extensions/GNUmakefile.in
+@@ -85,7 +85,7 @@ pf6_solibs := $(patsubst %,libip6t_%.
#
# Building blocks
#
--targets := libext.a libext4.a libext6.a matches.man targets.man
-+targets := libiptext.so libiptext4.so libiptext6.so matches.man targets.man
+-targets := libext.a libext4.a libext6.a libext_ebt.a libext_arpt.a matches.man targets.man
++targets := libiptext.so libiptext4.so libiptext6.so libiptext_ebt.so libiptext_arpt.so matches.man targets.man
targets_install :=
libext_objs := ${pfx_objs}
- libext4_objs := ${pf4_objs}
-@@ -96,7 +96,7 @@ clean:
+ libext_ebt_objs := ${pfb_objs}
+@@ -112,7 +112,7 @@ clean:
distclean: clean
init%.o: init%.c
@@ -20,7 +18,7 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in
-include .*.d
-@@ -130,16 +130,16 @@ xt_statistic_LIBADD = -lm
+@@ -144,22 +144,22 @@ xt_connlabel_LIBADD = @libnetfilter_conn
# handling code in the Makefiles.
#
lib%.o: ${srcdir}/lib%.c
@@ -32,6 +30,16 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in
+libiptext.so: initext.o ${libext_objs}
+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD};
+-libext_ebt.a: initextb.o ${libext_ebt_objs}
+- ${AM_VERBOSE_AR} ${AR} crs $@ $^;
++libiptext_ebt.so: initextb.o ${libext_ebt__objs}
++ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD};
+
+-libext_arpt.a: initexta.o ${libext_arpt_objs}
+- ${AM_VERBOSE_AR} ${AR} crs $@ $^;
++libiptext_arpt.so: initexta.o ${libext_arpt__objs}
++ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD};
+
-libext4.a: initext4.o ${libext4_objs}
- ${AM_VERBOSE_AR} ${AR} crs $@ $^;
+libiptext4.so: initext4.o ${libext4_objs}
@@ -43,12 +51,10 @@ Index: iptables-1.4.21/extensions/GNUmakefile.in
+ ${AM_VERBOSE_CCLD} ${CCLD} ${AM_LDFLAGS} -shared ${LDFLAGS} -o $@ $^ -L../libxtables/.libs -lxtables ${$*_LIBADD};
initext_func := $(addprefix xt_,${pfx_build_static})
- initext4_func := $(addprefix ipt_,${pf4_build_static})
-Index: iptables-1.4.21/iptables/Makefile.am
-===================================================================
---- iptables-1.4.21.orig/iptables/Makefile.am
-+++ iptables-1.4.21/iptables/Makefile.am
-@@ -5,7 +5,8 @@ AM_CPPFLAGS = ${regular_CPPFLAGS} -
+ initextb_func := $(addprefix ebt_,${pfb_build_static})
+--- a/iptables/Makefile.am
++++ b/iptables/Makefile.am
+@@ -8,7 +8,8 @@ BUILT_SOURCES =
xtables_multi_SOURCES = xtables-multi.c iptables-xml.c
xtables_multi_CFLAGS = ${AM_CFLAGS}
@@ -58,7 +64,7 @@ Index: iptables-1.4.21/iptables/Makefile.am
if ENABLE_STATIC
xtables_multi_CFLAGS += -DALL_INCLUSIVE
endif
-@@ -13,13 +14,15 @@ if ENABLE_IPV4
+@@ -16,13 +17,15 @@ if ENABLE_IPV4
xtables_multi_SOURCES += iptables-save.c iptables-restore.c \
iptables-standalone.c iptables.c
xtables_multi_CFLAGS += -DENABLE_IPV4
diff --git a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
index 342c3b013a..6800ca5ece 100644
--- a/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
+++ b/package/network/utils/iptables/patches/700-disable-legacy-revisions.patch
@@ -1,8 +1,6 @@
-Index: iptables-1.4.21/extensions/libxt_conntrack.c
-===================================================================
---- iptables-1.4.21.orig/extensions/libxt_conntrack.c
-+++ iptables-1.4.21/extensions/libxt_conntrack.c
-@@ -1157,6 +1157,7 @@ static void state_save(const void *ip, c
+--- a/extensions/libxt_conntrack.c
++++ b/extensions/libxt_conntrack.c
+@@ -1397,6 +1397,7 @@ static int conntrack3_mt6_xlate(struct x
}
static struct xtables_match conntrack_mt_reg[] = {
@@ -10,7 +8,7 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c
{
.version = XTABLES_VERSION,
.name = "conntrack",
-@@ -1232,6 +1233,7 @@ static struct xtables_match conntrack_mt
+@@ -1472,6 +1473,7 @@ static struct xtables_match conntrack_mt
.alias = conntrack_print_name_alias,
.x6_options = conntrack2_mt_opts,
},
@@ -18,31 +16,24 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c
{
.version = XTABLES_VERSION,
.name = "conntrack",
-@@ -1262,6 +1264,7 @@ static struct xtables_match conntrack_mt
- .alias = conntrack_print_name_alias,
+@@ -1504,6 +1506,7 @@ static struct xtables_match conntrack_mt
.x6_options = conntrack3_mt_opts,
+ .xlate = conntrack3_mt6_xlate,
},
+#ifndef NO_LEGACY
{
.family = NFPROTO_UNSPEC,
.name = "state",
-@@ -1292,6 +1295,7 @@ static struct xtables_match conntrack_mt
+@@ -1534,6 +1537,8 @@ static struct xtables_match conntrack_mt
.x6_parse = state_ct23_parse,
.x6_options = state_opts,
},
+#endif
- {
- .family = NFPROTO_UNSPEC,
- .name = "state",
-@@ -1307,6 +1311,7 @@ static struct xtables_match conntrack_mt
- .x6_parse = state_ct23_parse,
- .x6_options = state_opts,
- },
+#ifndef NO_LEGACY
{
.family = NFPROTO_UNSPEC,
.name = "state",
-@@ -1320,6 +1325,7 @@ static struct xtables_match conntrack_mt
+@@ -1563,6 +1568,7 @@ static struct xtables_match conntrack_mt
.x6_parse = state_parse,
.x6_options = state_opts,
},
@@ -50,11 +41,9 @@ Index: iptables-1.4.21/extensions/libxt_conntrack.c
};
void _init(void)
-Index: iptables-1.4.21/extensions/libxt_CT.c
-===================================================================
---- iptables-1.4.21.orig/extensions/libxt_CT.c
-+++ iptables-1.4.21/extensions/libxt_CT.c
-@@ -290,6 +290,7 @@ static void notrack_ct2_tg_init(struct x
+--- a/extensions/libxt_CT.c
++++ b/extensions/libxt_CT.c
+@@ -349,6 +349,7 @@ static void notrack_ct2_tg_init(struct x
}
static struct xtables_target ct_target_reg[] = {
@@ -62,7 +51,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c
{
.family = NFPROTO_UNSPEC,
.name = "CT",
-@@ -315,6 +316,7 @@ static struct xtables_target ct_target_r
+@@ -374,6 +375,7 @@ static struct xtables_target ct_target_r
.x6_parse = ct_parse_v1,
.x6_options = ct_opts_v1,
},
@@ -70,7 +59,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c
{
.family = NFPROTO_UNSPEC,
.name = "CT",
-@@ -329,6 +331,7 @@ static struct xtables_target ct_target_r
+@@ -388,6 +390,7 @@ static struct xtables_target ct_target_r
.x6_parse = ct_parse_v1,
.x6_options = ct_opts_v1,
},
@@ -78,7 +67,7 @@ Index: iptables-1.4.21/extensions/libxt_CT.c
{
.family = NFPROTO_UNSPEC,
.name = "NOTRACK",
-@@ -366,6 +369,7 @@ static struct xtables_target ct_target_r
+@@ -425,6 +428,7 @@ static struct xtables_target ct_target_r
.revision = 0,
.version = XTABLES_VERSION,
},
@@ -86,11 +75,9 @@ Index: iptables-1.4.21/extensions/libxt_CT.c
};
void _init(void)
-Index: iptables-1.4.21/extensions/libxt_multiport.c
-===================================================================
---- iptables-1.4.21.orig/extensions/libxt_multiport.c
-+++ iptables-1.4.21/extensions/libxt_multiport.c
-@@ -469,6 +469,7 @@ static void multiport_save6_v1(const voi
+--- a/extensions/libxt_multiport.c
++++ b/extensions/libxt_multiport.c
+@@ -571,6 +571,7 @@ static int multiport_xlate6_v1(struct xt
}
static struct xtables_match multiport_mt_reg[] = {
@@ -98,9 +85,9 @@ Index: iptables-1.4.21/extensions/libxt_multiport.c
{
.family = NFPROTO_IPV4,
.name = "multiport",
-@@ -497,6 +498,7 @@ static struct xtables_match multiport_mt
- .save = multiport_save6,
+@@ -601,6 +602,7 @@ static struct xtables_match multiport_mt
.x6_options = multiport_opts,
+ .xlate = multiport_xlate6,
},
+#endif
{