blob: dc91973548e75c68d7367d6a892b5b83b77d22f6 [file] [log] [blame]
Andrew Geissler82c905d2020-04-13 13:39:40 -05001SUMMARY = "Tools for managing kernel packet filtering capabilities"
2DESCRIPTION = "iptables is the userspace command line program used to configure and control network packet \
3filtering code in Linux."
4HOMEPAGE = "http://www.netfilter.org/"
5BUGTRACKER = "http://bugzilla.netfilter.org/"
Andrew Geissler7e0e3c02022-02-25 20:34:39 +00006LICENSE = "GPL-2.0-or-later"
Andrew Geissler82c905d2020-04-13 13:39:40 -05007LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
8 file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc \
9"
10
Andrew Geisslerfc113ea2023-03-31 09:59:46 -050011SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.xz \
Andrew Geissler82c905d2020-04-13 13:39:40 -050012 file://iptables.service \
13 file://iptables.rules \
14 file://ip6tables.service \
15 file://ip6tables.rules \
Andrew Geisslerfc113ea2023-03-31 09:59:46 -050016 file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
17 file://0002-iptables-xshared.h-add-missing-sys.types.h-include.patch \
18 file://0003-Makefile.am-do-not-install-etc-ethertypes.patch \
19 file://0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch \
20 file://format-security.patch \
Andrew Geissler6ce62a22020-11-30 19:58:47 -060021 "
Andrew Geisslerfc113ea2023-03-31 09:59:46 -050022SRC_URI[sha256sum] = "ef6639a43be8325a4f8ea68123ffac236cb696e8c78501b64e8106afb008c87f"
Andrew Geissler82c905d2020-04-13 13:39:40 -050023
Patrick Williams213cb262021-08-07 19:21:33 -050024SYSTEMD_SERVICE:${PN} = "\
Andrew Geissler82c905d2020-04-13 13:39:40 -050025 iptables.service \
26 ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'ip6tables.service', '', d)} \
27"
28
29inherit autotools pkgconfig systemd
30
31EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR}"
32
Andrew Geisslerd5838332022-05-27 11:33:10 -050033CFLAGS:append:libc-musl = " -D__UAPI_DEF_ETHHDR=0"
34
Andrew Geissler82c905d2020-04-13 13:39:40 -050035PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
36PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
37
38# libnfnetlink recipe is in meta-networking layer
39PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink libnetfilter-conntrack"
40
41# libnftnl recipe is in meta-networking layer(previously known as libnftables)
42PACKAGECONFIG[libnftnl] = "--enable-nftables,--disable-nftables,libnftnl"
43
Patrick Williams213cb262021-08-07 19:21:33 -050044do_configure:prepend() {
Andrew Geissler82c905d2020-04-13 13:39:40 -050045 # Remove some libtool m4 files
46 # Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
47 rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
Andrew Geisslerd5838332022-05-27 11:33:10 -050048
49 # Copy a header to fix out of tree builds
50 cp -f ${S}/libiptc/linux_list.h ${S}/include/libiptc/
Andrew Geissler82c905d2020-04-13 13:39:40 -050051}
52
53IPTABLES_RULES_DIR ?= "${sysconfdir}/${BPN}"
54
Patrick Williams213cb262021-08-07 19:21:33 -050055do_install:append() {
Andrew Geissler82c905d2020-04-13 13:39:40 -050056 install -d ${D}${IPTABLES_RULES_DIR}
57 install -m 0644 ${WORKDIR}/iptables.rules ${D}${IPTABLES_RULES_DIR}
58
59 install -d ${D}${systemd_system_unitdir}
60 install -m 0644 ${WORKDIR}/iptables.service ${D}${systemd_system_unitdir}
61
62 sed -i \
63 -e 's,@SBINDIR@,${sbindir},g' \
64 -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \
65 ${D}${systemd_system_unitdir}/iptables.service
66
67 if ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', 'true', 'false', d)} ; then
68 install -m 0644 ${WORKDIR}/ip6tables.rules ${D}${IPTABLES_RULES_DIR}
69 install -m 0644 ${WORKDIR}/ip6tables.service ${D}${systemd_system_unitdir}
70
71 sed -i \
72 -e 's,@SBINDIR@,${sbindir},g' \
73 -e 's,@RULESDIR@,${IPTABLES_RULES_DIR},g' \
74 ${D}${systemd_system_unitdir}/ip6tables.service
75 fi
Andrew Geissler9aee5002022-03-30 16:27:02 +000076
77 # if libnftnl is included, make the iptables symlink point to the nft-based binary by default
78 if ${@bb.utils.contains('PACKAGECONFIG', 'libnftnl', 'true', 'false', d)} ; then
79 ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables
80 fi
Andrew Geissler82c905d2020-04-13 13:39:40 -050081}
82
Andrew Geisslerd25ed322020-06-27 00:28:28 -050083PACKAGES =+ "${PN}-modules ${PN}-apply"
Andrew Geissler82c905d2020-04-13 13:39:40 -050084PACKAGES_DYNAMIC += "^${PN}-module-.*"
85
Patrick Williams213cb262021-08-07 19:21:33 -050086python populate_packages:prepend() {
Andrew Geissler82c905d2020-04-13 13:39:40 -050087 modules = do_split_packages(d, '${libdir}/xtables', r'lib(.*)\.so$', '${PN}-module-%s', '${PN} module %s', extra_depends='')
88 if modules:
89 metapkg = d.getVar('PN') + '-modules'
Patrick Williams213cb262021-08-07 19:21:33 -050090 d.appendVar('RDEPENDS:' + metapkg, ' ' + ' '.join(modules))
Andrew Geissler82c905d2020-04-13 13:39:40 -050091}
92
Patrick Williams213cb262021-08-07 19:21:33 -050093RDEPENDS:${PN} = "${PN}-module-xt-standard"
94RRECOMMENDS:${PN} = " \
Andrew Geissler82c905d2020-04-13 13:39:40 -050095 ${PN}-modules \
96 kernel-module-x-tables \
97 kernel-module-ip-tables \
98 kernel-module-iptable-filter \
99 kernel-module-iptable-nat \
100 kernel-module-nf-defrag-ipv4 \
101 kernel-module-nf-conntrack \
102 kernel-module-nf-conntrack-ipv4 \
103 kernel-module-nf-nat \
104 kernel-module-ipt-masquerade \
105 ${@bb.utils.contains('PACKAGECONFIG', 'ipv6', '\
106 kernel-module-ip6table-filter \
107 kernel-module-ip6-tables \
108 ', '', d)} \
109"
110
Patrick Williams213cb262021-08-07 19:21:33 -0500111FILES:${PN} += "${datadir}/xtables"
Andrew Geissler82c905d2020-04-13 13:39:40 -0500112
Patrick Williams213cb262021-08-07 19:21:33 -0500113FILES:${PN}-apply = "${sbindir}/ip*-apply"
114RDEPENDS:${PN}-apply = "${PN} bash"
Andrew Geisslerd25ed322020-06-27 00:28:28 -0500115
Andrew Geissler82c905d2020-04-13 13:39:40 -0500116# Include the symlinks as well in respective packages
Patrick Williams213cb262021-08-07 19:21:33 -0500117FILES:${PN}-module-xt-conntrack += "${libdir}/xtables/libxt_state.so"
Andrew Geisslerd5838332022-05-27 11:33:10 -0500118FILES:${PN}-module-xt-ct += "${libdir}/xtables/libxt_NOTRACK.so ${libdir}/xtables/libxt_REDIRECT.so"
Andrew Geisslerfc113ea2023-03-31 09:59:46 -0500119FILES:${PN}-module-xt-nat += "${libdir}/xtables/libxt_SNAT.so ${libdir}/xtables/libxt_DNAT.so ${libdir}/xtables/libxt_MASQUERADE.so"
Andrew Geissler82c905d2020-04-13 13:39:40 -0500120
Patrick Williams213cb262021-08-07 19:21:33 -0500121ALLOW_EMPTY:${PN}-modules = "1"
Andrew Geissler82c905d2020-04-13 13:39:40 -0500122
Patrick Williams213cb262021-08-07 19:21:33 -0500123INSANE_SKIP:${PN}-module-xt-conntrack = "dev-so"
124INSANE_SKIP:${PN}-module-xt-ct = "dev-so"
Andrew Geisslerfc113ea2023-03-31 09:59:46 -0500125INSANE_SKIP:${PN}-module-xt-nat = "dev-so"