diff options
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | patches/iptables-1.3.7/generic/iptables-1.3.8.DF-patch.diff | 156 | ||||
| -rw-r--r-- | rules/iptables.in | 318 | ||||
| -rw-r--r-- | rules/iptables.make | 110 |
4 files changed, 477 insertions, 118 deletions
@@ -1,3 +1,14 @@ +2007-10-08 Robert Schwebel <r.schwebel@pengutronix.de> + + * iptables: update the iptables package to 1.3.8 and updates + iptables.in and iptables.make to match this version. Updated + menu structure to reflect the current iptables modules. + Added ipt_DF module as patch - it's some ugly hack to remove + the DF bit from connections. It's sometimes required for + broken TCP stacks behind routers, which ignore ICMP no + fragmentation replies and insist on sending large pakets with + DF flag set. Patch by Carsten Schlote. + 2007-10-01 Robert Schwebel <r.schwebel@pengutronix.de> * gawk: updated and targetinstall completed. Simply completes diff --git a/patches/iptables-1.3.7/generic/iptables-1.3.8.DF-patch.diff b/patches/iptables-1.3.7/generic/iptables-1.3.8.DF-patch.diff new file mode 100644 index 000000000..a048d9dea --- /dev/null +++ b/patches/iptables-1.3.7/generic/iptables-1.3.8.DF-patch.diff @@ -0,0 +1,156 @@ + +This patch adds support for ipt_DF kernel module to iptables 1.3.7 (backport). + +--- + extensions/Makefile | 2 + extensions/libipt_DF.c | 112 ++++++++++++++++++++++++++++++++++ + include/linux/netfilter_ipv4/ipt_DF.h | 12 +++ + 3 files changed, 125 insertions(+), 1 deletion(-) + +Index: iptables-1.3.7/extensions/libipt_DF.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/extensions/libipt_DF.c 2007-09-21 11:13:28.000000000 +0200 +@@ -0,0 +1,112 @@ ++/* Shared library add-on to iptables for the DF target ++ * (C) 2002 by Dmitry Labutcky <avl@strace.net> ++ * ++ * $Id: libipt_DF.c,v 1.6 2002/05/29 13:08:16 laforge Exp $ ++ * ++ * This program is distributed under the terms of GNU GPL ++ */ ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#include <getopt.h> ++#include <iptables.h> ++ ++#include <linux/netfilter_ipv4/ip_tables.h> ++#include <linux/netfilter_ipv4/ipt_DF.h> ++ ++static void help(void) ++{ ++ ++ printf( ++"DF target v%s options\n" ++" --clear Clear DF flag\n" ++, IPTABLES_VERSION); ++} ++ ++static struct option opts[] = { ++ { "clear", 0, 0, '%' }, ++ { 0 } ++}; ++ ++static void init(struct ipt_entry_target *t, unsigned int *nfcache) ++{ ++} ++ ++static int parse(int c, char **argv, int invert, unsigned int *flags, ++ const struct ipt_entry *entry, ++ struct ipt_entry_target **target) ++{ ++ ++ struct ipt_DF_info *info = (struct ipt_DF_info *) (*target)->data; ++ ++ switch (c) { ++ case '%': ++ if (invert) ++ exit_error(PARAMETER_PROBLEM,"DF: unexpected `!' with --clear"); ++ if (*flags & IPT_DF_CLEAR) ++ exit_error(PARAMETER_PROBLEM, "DF: Can't specify --clear twice"); ++ info->mode = IPT_DF_CLEAR; ++ *flags |= IPT_DF_CLEAR; ++ break; ++ default: ++ return 0; ++ ++ } ++ ++ return 1; ++} ++ ++static void final_check(unsigned int flags) ++{ ++ if (!flags) ++ exit_error(PARAMETER_PROBLEM, ++ "DF target: Parameter --clear is required"); ++} ++ ++static void save(const struct ipt_ip *ip, ++ const struct ipt_entry_target *target) ++{ ++ const struct ipt_DF_info *info = ++ (struct ipt_DF_info *) target->data; ++ ++ switch (info->mode) { ++ case IPT_DF_CLEAR: ++ printf("--clear "); ++ break; ++ } ++} ++ ++static void print(const struct ipt_ip *ip, ++ const struct ipt_entry_target *target, int numeric) ++{ ++ const struct ipt_DF_info *info = ++ (struct ipt_DF_info *) target->data; ++ ++ printf("DF "); ++ switch (info->mode) { ++ ++ case IPT_DF_CLEAR: ++ printf("clear df "); ++ break; ++ } ++} ++ ++static struct iptables_target DF = { ++ .next = NULL, ++ .name = "DF", ++ .version = IPTABLES_VERSION, ++ .size = IPT_ALIGN(sizeof(struct ipt_DF_info)), ++ .userspacesize = IPT_ALIGN(sizeof(struct ipt_DF_info)), ++ .help = &help, ++ .init = &init, ++ .parse = &parse, ++ .final_check = &final_check, ++ .print = &print, ++ .save = &save, ++ .extra_opts = opts ++}; ++ ++void _init(void) ++{ ++ register_target(&DF); ++} +Index: iptables-1.3.7/extensions/Makefile +=================================================================== +--- iptables-1.3.7.orig/extensions/Makefile 2006-12-04 12:15:19.000000000 +0100 ++++ iptables-1.3.7/extensions/Makefile 2007-09-21 11:14:27.000000000 +0200 +@@ -5,7 +5,7 @@ + # header files are present in the include/linux directory of this iptables + # package (HW) + # +-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG ++PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG DF + PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE + + ifeq ($(DO_SELINUX), 1) +Index: iptables-1.3.7/include/linux/netfilter_ipv4/ipt_DF.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ iptables-1.3.7/include/linux/netfilter_ipv4/ipt_DF.h 2007-09-21 11:13:28.000000000 +0200 +@@ -0,0 +1,12 @@ ++#ifndef _IPT_DF_H ++#define _IPT_DF_H ++ ++enum { ++ IPT_DF_CLEAR = 1 ++}; ++ ++struct ipt_DF_info { ++ u_int8_t mode; ++}; ++ ++#endif diff --git a/rules/iptables.in b/rules/iptables.in index 95001c82f..65efed27c 100644 --- a/rules/iptables.in +++ b/rules/iptables.in @@ -49,13 +49,13 @@ config IPTABLES_INSTALL_libipt_addrtype help FIXME: This item needs to be documented -#config IPTABLES_INSTALL_libipt_ah -# bool -# prompt "install libipt_ah.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IPTABLES -# help -# FIXME: This item needs to be documented +config IPTABLES_INSTALL_libipt_ah + bool + prompt "install libipt_ah.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented config IPTABLES_INSTALL_libipt_CLASSIFY bool @@ -65,17 +65,25 @@ config IPTABLES_INSTALL_libipt_CLASSIFY help FIXME: This item needs to be documented -#config IPTABLES_INSTALL_libipt_CLUSTERIP -# bool -# prompt "install libipt_CLUSTERIP.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IPTABLES -# help -# FIXME: This item needs to be documented +config IPTABLES_INSTALL_libipt_CLUSTERIP + bool + prompt "install libipt_CLUSTERIP.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libipt_comment + bool + prompt "install libipt_comment.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented -config IPTABLES_INSTALL_libipt_connlimit +config IPTABLES_INSTALL_libipt_connbytes bool - prompt "install libipt_connlimit.so" + prompt "install libipt_connbytes.so" depends on IPTABLES depends on IPTABLES_INSTALL_IPTABLES help @@ -105,6 +113,22 @@ config IPTABLES_INSTALL_libipt_conntrack help FIXME: This item needs to be documented +config IPTABLES_INSTALL_libipt_dccp + bool + prompt "install libipt_dccp.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libipt_DF + bool + prompt "install libipt_DF.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented + config IPTABLES_INSTALL_libipt_DNAT bool prompt "install libipt_DNAT.so" @@ -153,6 +177,14 @@ config IPTABLES_INSTALL_libipt_esp help FIXME: This item needs to be documented +config IPTABLES_INSTALL_libipt_hashlimit + bool + prompt "install libipt_hashlimit.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented + config IPTABLES_INSTALL_libipt_helper bool prompt "install libipt_helper.so" @@ -257,6 +289,22 @@ config IPTABLES_INSTALL_libipt_NETMAP help FIXME: This item needs to be documented +config IPTABLES_INSTALL_libipt_NFLOG + bool + prompt "install libipt_NFLOG.so" + depends on IPTABLES_INSTALL_IPTABLES + depends on IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libipt_NFQUEUE + bool + prompt "install libipt_NFQUEUE.so" + depends on IPTABLES_INSTALL_IPTABLES + depends on IPTABLES + help + FIXME: This item needs to be documented + config IPTABLES_INSTALL_libipt_NOTRACK bool prompt "install libipt_NOTRACK.so" @@ -289,6 +337,22 @@ config IPTABLES_INSTALL_libipt_pkttype help FIXME: This item needs to be documented +config IPTABLES_INSTALL_libipt_policy + bool + prompt "install libipt_policy.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libipt_quota + bool + prompt "install libipt_quota.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented + config IPTABLES_INSTALL_libipt_realm bool prompt "install libipt_realm.so" @@ -297,33 +361,25 @@ config IPTABLES_INSTALL_libipt_realm help FIXME: This item needs to be documented -#config IPTABLES_INSTALL_libipt_recent -# bool -# prompt "install libipt_recent.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IPTABLES -# help -# FIXME: This item needs to be documented - -config IPTABLES_INSTALL_libipt_REDIRECT +config IPTABLES_INSTALL_libipt_recent bool - prompt "install libipt_REDIRECT.so" + prompt "install libipt_recent.so" depends on IPTABLES depends on IPTABLES_INSTALL_IPTABLES help FIXME: This item needs to be documented -config IPTABLES_INSTALL_libipt_REJECT +config IPTABLES_INSTALL_libipt_REDIRECT bool - prompt "install libipt_REJECT.so" + prompt "install libipt_REDIRECT.so" depends on IPTABLES depends on IPTABLES_INSTALL_IPTABLES help FIXME: This item needs to be documented -config IPTABLES_INSTALL_libipt_rpc +config IPTABLES_INSTALL_libipt_REJECT bool - prompt "install libipt_rpc.so" + prompt "install libipt_REJECT.so" depends on IPTABLES depends on IPTABLES_INSTALL_IPTABLES help @@ -369,9 +425,17 @@ config IPTABLES_INSTALL_libipt_state help FIXME: This item needs to be documented -config IPTABLES_INSTALL_libipt_TARPIT +config IPTABLES_INSTALL_libipt_statistics bool - prompt "install libipt_TARPIT.so" + prompt "install libipt_statistics.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libipt_string + bool + prompt "install libipt_string.so" depends on IPTABLES depends on IPTABLES_INSTALL_IPTABLES help @@ -417,14 +481,6 @@ config IPTABLES_INSTALL_libipt_TOS help FIXME: This item needs to be documented -config IPTABLES_INSTALL_libipt_TRACE - bool - prompt "install libipt_TRACE.so" - depends on IPTABLES - depends on IPTABLES_INSTALL_IPTABLES - help - FIXME: This item needs to be documented - config IPTABLES_INSTALL_libipt_ttl bool prompt "install libipt_ttl.so" @@ -468,29 +524,37 @@ config IPTABLES_INSTALL_libipt_unclean comment "----------------------------------" depends on IPTABLES -#config IPTABLES_INSTALL_libip6t_ah -# bool -# prompt "install libip6t_ah.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IP6TABLES -# help -# FIXME: This item needs to be documented - -#config IPTABLES_INSTALL_libip6t_dst -# bool -# prompt "install libip6t_dst.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IP6TABLES -# help -# FIXME: This item needs to be documented - -#config IPTABLES_INSTALL_libip6t_esp -# bool -# prompt "install libip6t_esp.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IP6TABLES -# help -# FIXME: This item needs to be documented +config IPTABLES_INSTALL_libip6t_ah + bool + prompt "install libip6t_ah.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_connmark + bool + prompt "install libip6t_connmark.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_CONNMARK + bool + prompt "install libip6t_CONNMARK.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_esp + bool + prompt "install libip6t_esp.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented config IPTABLES_INSTALL_libip6t_eui64 bool @@ -500,21 +564,21 @@ config IPTABLES_INSTALL_libip6t_eui64 help FIXME: This item needs to be documented -#config IPTABLES_INSTALL_libip6t_frag -# bool -# prompt "install libip6t_frag.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IP6TABLES -# help -# FIXME: This item needs to be documented +config IPTABLES_INSTALL_libip6t_frag + bool + prompt "install libip6t_frag.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented -#config IPTABLES_INSTALL_libip6t_hbh -# bool -# prompt "install libip6t_hbh.so" -# depends on IPTABLES_INSTALL_IP6TABLES -# depends on IPTABLES -# help -# FIXME: This item needs to be documented +config IPTABLES_INSTALL_libip6t_hashlimit + bool + prompt "install libip6t_hashlimit.so" + depends on IPTABLES_INSTALL_IP6TABLES + depends on IPTABLES + help + FIXME: This item needs to be documented config IPTABLES_INSTALL_libip6t_hl bool @@ -540,13 +604,13 @@ config IPTABLES_INSTALL_libip6t_icmp6 help FIXME: This item needs to be documented -#config IPTABLES_INSTALL_libip6t_ipv6header -# bool -# prompt "install libip6t_ipv6header.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IP6TABLES -# help -# FIXME: This item needs to be documented +config IPTABLES_INSTALL_libip6t_ipv6header + bool + prompt "install libip6t_ipv6header.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented config IPTABLES_INSTALL_libip6t_length bool @@ -596,6 +660,14 @@ config IPTABLES_INSTALL_libip6t_MARK help FIXME: This item needs to be documented +config IPTABLES_INSTALL_libip6t_mh + bool + prompt "install libip6t_mh.so" + depends on IPTABLES_INSTALL_IP6TABLES + depends on IPTABLES + help + FIXME: This item needs to be documented + config IPTABLES_INSTALL_libip6t_multiport bool prompt "install libip6t_multiport.so" @@ -604,6 +676,22 @@ config IPTABLES_INSTALL_libip6t_multiport help FIXME: This item needs to be documented +config IPTABLES_INSTALL_libip6t_NFLOG + bool + prompt "install libip6t_NFLOG.so" + depends on IPTABLES_INSTALL_IP6TABLES + depends on IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_NFQUEUE + bool + prompt "install libip6t_NFQUEUE.so" + depends on IPTABLES_INSTALL_IP6TABLES + depends on IPTABLES + help + FIXME: This item needs to be documented + config IPTABLES_INSTALL_libip6t_owner bool prompt "install libip6t_owner.so" @@ -612,13 +700,45 @@ config IPTABLES_INSTALL_libip6t_owner help FIXME: This item needs to be documented -#config IPTABLES_INSTALL_libip6t_rt -# bool -# prompt "install libip6t_rt.so" -# depends on IPTABLES -# depends on IPTABLES_INSTALL_IP6TABLES -# help -# FIXME: This item needs to be documented +config IPTABLES_INSTALL_libip6t_physdev + bool + prompt "install libip6t_physdev.so" + depends on IPTABLES_INSTALL_IP6TABLES + depends on IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_policy + bool + prompt "install libip6t_policy.so" + depends on IPTABLES_INSTALL_IP6TABLES + depends on IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_REJECT + bool + prompt "install libip6t_REJECT.so" + depends on IPTABLES_INSTALL_IP6TABLES + depends on IPTABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_rt + bool + prompt "install libip6t_rt.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_sctp + bool + prompt "install libip6t_sctp.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented config IPTABLES_INSTALL_libip6t_standard bool @@ -628,17 +748,25 @@ config IPTABLES_INSTALL_libip6t_standard help FIXME: This item needs to be documented -config IPTABLES_INSTALL_libip6t_tcp +config IPTABLES_INSTALL_libip6t_state bool - prompt "install libip6t_tcp.so" + prompt "install libip6t_state.so" + depends on IPTABLES + depends on IPTABLES_INSTALL_IP6TABLES + help + FIXME: This item needs to be documented + +config IPTABLES_INSTALL_libip6t_TCPMSS + bool + prompt "install libip6t_TCPMSS.so" depends on IPTABLES depends on IPTABLES_INSTALL_IP6TABLES help FIXME: This item needs to be documented -config IPTABLES_INSTALL_libip6t_TRACE +config IPTABLES_INSTALL_libip6t_tcp bool - prompt "install libip6t_TRACE.so" + prompt "install libip6t_tcp.so" depends on IPTABLES depends on IPTABLES_INSTALL_IP6TABLES help diff --git a/rules/iptables.make b/rules/iptables.make index 2425cd32a..45c050979 100644 --- a/rules/iptables.make +++ b/rules/iptables.make @@ -2,6 +2,7 @@ # $Id$ # # Copyright (C) 2004 by Robert Schwebel +# Copyright (C) 2007 by Carsten Schlote, konzeptpark # # See CREDITS for details about who has contributed to this project. # @@ -17,7 +18,7 @@ PACKAGES-$(PTXCONF_IPTABLES) += iptables # # Paths and names # -IPTABLES_VERSION = 1.3.7 +IPTABLES_VERSION = 1.3.8 IPTABLES = iptables-$(IPTABLES_VERSION) IPTABLES_SUFFIX = tar.bz2 IPTABLES_URL = http://ftp.netfilter.org/pub/iptables/$(IPTABLES).$(IPTABLES_SUFFIX) @@ -120,7 +121,7 @@ ifdef PTXCONF_IPTABLES_INSTALL_IPTABLES_SAVE @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/iptables-save, /sbin/iptables-save) endif -# --- iptables stuff +# --- iptables stuff - commented entries no longer available ifdef PTXCONF_IPTABLES_INSTALL_libipt_addrtype @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_addrtype.so, /usr/lib/iptables/libipt_addrtype.so, n) @@ -138,8 +139,12 @@ ifdef PTXCONF_IPTABLES_INSTALL_libipt_CLUSTERIP @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_CLUSTERIP.so, /usr/lib/iptables/libipt_CLUSTERIP.so, n) endif -ifdef PTXCONF_IPTABLES_INSTALL_libipt_connlimit - @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_connlimit.so, /usr/lib/iptables/libipt_connlimit.so, n) +ifdef PTXCONF_IPTABLES_INSTALL_libipt_comment + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_comment.so, /usr/lib/iptables/libipt_comment.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libipt_connbytes + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_connbytes.so, /usr/lib/iptables/libipt_connbytes.so, n) endif ifdef PTXCONF_IPTABLES_INSTALL_libipt_connmark @@ -154,6 +159,14 @@ ifdef PTXCONF_IPTABLES_INSTALL_libipt_conntrack @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_conntrack.so, /usr/lib/iptables/libipt_conntrack.so, n) endif +ifdef PTXCONF_IPTABLES_INSTALL_libipt_dccp + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_dccp.so, /usr/lib/iptables/libipt_dccp.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libipt_DF + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_DF.so, /usr/lib/iptables/libipt_DF.so, n) +endif + ifdef PTXCONF_IPTABLES_INSTALL_libipt_DNAT @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_DNAT.so, /usr/lib/iptables/libipt_DNAT.so, n) endif @@ -178,6 +191,10 @@ ifdef PTXCONF_IPTABLES_INSTALL_libipt_esp @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_esp.so, /usr/lib/iptables/libipt_esp.so, n) endif +ifdef PTXCONF_IPTABLES_INSTALL_libipt_hashlimit + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_hashlimit.so, /usr/lib/iptables/libipt_hashlimit.so, n) +endif + ifdef PTXCONF_IPTABLES_INSTALL_libipt_helper @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_helper.so, /usr/lib/iptables/libipt_helper.so, n) endif @@ -230,6 +247,14 @@ ifdef PTXCONF_IPTABLES_INSTALL_libipt_NETMAP @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_NETMAP.so, /usr/lib/iptables/libipt_NETMAP.so, n) endif +ifdef PTXCONF_IPTABLES_INSTALL_libipt_NFLOG + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_NFLOG.so, /usr/lib/iptables/libipt_NFLOG.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libipt_NFQUEUE + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_NFQUEUE.so, /usr/lib/iptables/libipt_NFQUEUE.so, n) +endif + ifdef PTXCONF_IPTABLES_INSTALL_libipt_NOTRACK @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_NOTRACK.so, /usr/lib/iptables/libipt_NOTRACK.so, n) endif @@ -246,6 +271,14 @@ ifdef PTXCONF_IPTABLES_INSTALL_libipt_pkttype @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_pkttype.so, /usr/lib/iptables/libipt_pkttype.so, n) endif +ifdef PTXCONF_IPTABLES_INSTALL_libipt_policy + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_policy.so, /usr/lib/iptables/libipt_policy.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libipt_quota + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_quota.so, /usr/lib/iptables/libipt_quota.so, n) +endif + ifdef PTXCONF_IPTABLES_INSTALL_libipt_realm @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_realm.so, /usr/lib/iptables/libipt_realm.so, n) endif @@ -262,10 +295,6 @@ ifdef PTXCONF_IPTABLES_INSTALL_libipt_REJECT @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_REJECT.so, /usr/lib/iptables/libipt_REJECT.so, n) endif -ifdef PTXCONF_IPTABLES_INSTALL_libipt_rpc - @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_rpc.so, /usr/lib/iptables/libipt_rpc.so, n) -endif - ifdef PTXCONF_IPTABLES_INSTALL_libipt_SAME @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_SAME.so, /usr/lib/iptables/libipt_SAME.so, n) endif @@ -286,8 +315,12 @@ ifdef PTXCONF_IPTABLES_INSTALL_libipt_state @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_state.so, /usr/lib/iptables/libipt_state.so, n) endif -ifdef PTXCONF_IPTABLES_INSTALL_libipt_TARPIT - @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_TARPIT.so, /usr/lib/iptables/libipt_TARPIT.so, n) +ifdef PTXCONF_IPTABLES_INSTALL_libipt_statistic + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_statistic.so, /usr/lib/iptables/libipt_statistic.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libipt_string + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_string.so, /usr/lib/iptables/libipt_string.so, n) endif ifdef PTXCONF_IPTABLES_INSTALL_libipt_tcpmss @@ -310,10 +343,6 @@ ifdef PTXCONF_IPTABLES_INSTALL_libipt_TOS @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_TOS.so, /usr/lib/iptables/libipt_TOS.so, n) endif -ifdef PTXCONF_IPTABLES_INSTALL_libipt_TRACE - @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_TRACE.so, /usr/lib/iptables/libipt_TRACE.so, n) -endif - ifdef PTXCONF_IPTABLES_INSTALL_libipt_ttl @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libipt_ttl.so, /usr/lib/iptables/libipt_ttl.so, n) endif @@ -340,8 +369,12 @@ ifdef PTXCONF_IPTABLES_INSTALL_libip6t_ah @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_ah.so, /usr/lib/iptables/libip6t_ah.so, n) endif -ifdef PTXCONF_IPTABLES_INSTALL_libip6t_dst - @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_dst.so, /usr/lib/iptables/libip6t_dst.so, n) +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_connmark + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_connmark.so, /usr/lib/iptables/libip6t_connmark.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_CONNMARK + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_CONNMARK.so, /usr/lib/iptables/libip6t_CONNMARK.so, n) endif ifdef PTXCONF_IPTABLES_INSTALL_libip6t_esp @@ -356,8 +389,8 @@ ifdef PTXCONF_IPTABLES_INSTALL_libip6t_frag @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_frag.so, /usr/lib/iptables/libip6t_frag.so, n) endif -ifdef PTXCONF_IPTABLES_INSTALL_libip6t_hbh - @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_hbh.so, /usr/lib/iptables/libip6t_hbh.so, n) +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_hashlimit + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_hashlimit.so, /usr/lib/iptables/libip6t_hashlimit.so, n) endif ifdef PTXCONF_IPTABLES_INSTALL_libip6t_hl @@ -400,28 +433,60 @@ ifdef PTXCONF_IPTABLES_INSTALL_libip6t_MARK @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_MARK.so, /usr/lib/iptables/libip6t_MARK.so, n) endif +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_mh + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_mh.so, /usr/lib/iptables/libip6t_mh.so, n) +endif + ifdef PTXCONF_IPTABLES_INSTALL_libip6t_multiport @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_multiport.so, /usr/lib/iptables/libip6t_multiport.so, n) endif +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_NFLOG + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_NFLOG.so, /usr/lib/iptables/libip6t_NFLOG.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_NFQUEUE + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_NFQUEUE.so, /usr/lib/iptables/libip6t_NFQUEUE.so, n) +endif + ifdef PTXCONF_IPTABLES_INSTALL_libip6t_owner @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_owner.so, /usr/lib/iptables/libip6t_owner.so, n) endif +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_physdev + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_physdev.so, /usr/lib/iptables/libip6t_physdev.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_policy + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_policy.so, /usr/lib/iptables/libip6t_policy.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_REJECT + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_REJECT.so, /usr/lib/iptables/libip6t_REJECT.so, n) +endif + ifdef PTXCONF_IPTABLES_INSTALL_libip6t_rt @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_rt.so, /usr/lib/iptables/libip6t_rt.so, n) endif +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_sctp + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_sctp.so, /usr/lib/iptables/libip6t_sctp.so, n) +endif + ifdef PTXCONF_IPTABLES_INSTALL_libip6t_standard @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_standard.so, /usr/lib/iptables/libip6t_standard.so, n) endif -ifdef PTXCONF_IPTABLES_INSTALL_libip6t_tcp - @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_tcp.so, /usr/lib/iptables/libip6t_tcp.so, n) +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_state + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_state.so, /usr/lib/iptables/libip6t_state.so, n) endif -ifdef PTXCONF_IPTABLES_INSTALL_libip6t_TRACE - @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_TRACE.so, /usr/lib/iptables/libip6t_TRACE.so, n) +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_TCPMSS + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_TCPMSS.so, /usr/lib/iptables/libip6t_TCPMSS.so, n) +endif + +ifdef PTXCONF_IPTABLES_INSTALL_libip6t_tcp + @$(call install_copy, iptables, 0, 0, 0755, $(IPTABLES_DIR)/extensions/libip6t_tcp.so, /usr/lib/iptables/libip6t_tcp.so, n) endif ifdef PTXCONF_IPTABLES_INSTALL_libip6t_udp @@ -430,7 +495,6 @@ endif @$(call install_finish, iptables) - @$(call touch, $@) # ---------------------------------------------------------------------------- |