iptables: add ip[6|]tables-compat packages + libxtables-compat depends on IPTABLES_NFTABLES

allows iptables-compat to use nft packet filtering allows to translate iptables-style to nft-style Signed-off-by: Martin Strobel <arctus@crza.de>
2025-11-03 22:44:27 -05:00 · 2018-07-07 09:24:30 +02:00 · 2018-07-07 09:24:30 +02:00 · 7d7323bccd
commit 7d7323bccd
parent 7bbd1855cd
1 changed files with 59 additions and 0 deletions
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@ -106,6 +106,21 @@ IP firewall administration tool.

 endef

+define Package/iptables-compat
+$(call Package/iptables/Default)
+  TITLE:=IP firewall administration tool compat
+  DEPENDS:=iptables @IPTABLES_NFTABLES +libxtables-compat
+endef
+
+define Package/iptables-compat/description
+Extra iptables nftables compat binaries.
+  iptables-compat
+  iptables-compat-restore
+  iptables-compat-save
+  iptables-translate
+  iptables-restore-translate
+endef
+
 define Package/iptables-mod-conntrack-extra
 $(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
  TITLE:=Extra connection tracking extensions
@ -438,6 +453,20 @@ $(call Package/iptables/Default)
  MENU:=1
 endef

+define Package/ip6tables-compat
+$(call Package/iptables/Default)
+  DEPENDS:=ip6tables @IPTABLES_NFTABLES +libxtables-compat
+  TITLE:=IP firewall administration tool compat
+endef
+
+define Package/ip6tables-compat/description
+Extra ip6tables nftables compat binaries.
+  iptables-compat
+  iptables-compat-restore
+  iptables-compat-save
+  iptables-translate
+  iptables-restore-translate
+endef

 define Package/ip6tables-extra
 $(call Package/iptables/Default)
@ -497,6 +526,15 @@ define Package/libxtables
 	+IPTABLES_NFTABLES:libnftnl
 endef

+define Package/libxtables-compat
+ $(call Package/iptables/Default)
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=IPv4/IPv6 firewall - shared xtables compat library
+ ABI_VERSION:=$(PKG_VERSION)
+ DEPENDS:=libxtables
+endef
+
 TARGET_CPPFLAGS := \
 	-I$(PKG_BUILD_DIR)/include \
 	-I$(LINUX_DIR)/user_headers/include \
@ -574,11 +612,24 @@ define Package/iptables/install
 	$(INSTALL_DIR) $(1)/usr/lib/iptables
 endef

+define Package/iptables-compat/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-compat-multi $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables-compat{,-restore,-save} $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore}-translate $(1)/usr/sbin/
+endef
+
 define Package/ip6tables/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
 endef

+define Package/ip6tables-compat/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables-compat{,-restore,-save} $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
+endef
+
 define Package/libiptc/install
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
@ -602,6 +653,11 @@ define Package/libxtables/install
 	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext.so $(1)/usr/lib/
 endef

+define Package/libxtables-compat/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_BUILD_DIR)/extensions/libiptext_*.so $(1)/usr/lib/
+endef
+
 define BuildPlugin
  define Package/$(1)/install
 	$(INSTALL_DIR) $$(1)/usr/lib/iptables
@ -617,6 +673,7 @@ define BuildPlugin
 endef

 $(eval $(call BuildPackage,iptables))
+$(eval $(call BuildPackage,iptables-compat))
 $(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
 $(eval $(call BuildPlugin,iptables-mod-conntrack-label,$(IPT_CONNTRACK_LABEL-m)))
 $(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
@ -640,9 +697,11 @@ $(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
 $(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
 $(eval $(call BuildPlugin,iptables-mod-checksum,$(IPT_CHECKSUM-m)))
 $(eval $(call BuildPackage,ip6tables))
+$(eval $(call BuildPackage,ip6tables-compat))
 $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
 $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
 $(eval $(call BuildPackage,libiptc))
 $(eval $(call BuildPackage,libip4tc))
 $(eval $(call BuildPackage,libip6tc))
 $(eval $(call BuildPackage,libxtables))
+$(eval $(call BuildPackage,libxtables-compat))