include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=iptables
-PKG_VERSION:=1.8.3
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.4
+PKG_RELEASE:=1
PKG_SOURCE_URL:=https://netfilter.org/projects/iptables/files
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80
+PKG_HASH:=993a3a5490a544c2cbf2ef15cf7e7ed21af1845baf228318d5c36ef8827e157c
PKG_FIXUP:=autoreconf
PKG_FLAGS:=nonshared
iptables extensions for IPv6-NAT targets.
endef
-define Package/libiptc
-$(call Package/iptables/Default)
- SECTION:=libs
- CATEGORY:=Libraries
- DEPENDS:=+libip4tc +libip6tc +libxtables
- ABI_VERSION:=0
- TITLE:=IPv4/IPv6 firewall - shared libiptc library (nf compatibility stub)
-endef
-
define Package/libip4tc
$(call Package/iptables/Default)
SECTION:=libs
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore}-translate $(1)/usr/sbin/
endef
-define Package/libiptc/install
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so.* $(1)/usr/lib/
-endef
-
define Package/libip4tc/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so.* $(1)/usr/lib/
$(eval $(call BuildPackage,ip6tables-nft))
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
-$(eval $(call BuildPackage,libiptc))
$(eval $(call BuildPackage,libip4tc))
$(eval $(call BuildPackage,libip6tc))
$(eval $(call BuildPackage,libxtables))
initextb_func := $(addprefix ebt_,${pfb_build_static})
--- a/iptables/Makefile.am
+++ b/iptables/Makefile.am
-@@ -8,19 +8,22 @@ BUILT_SOURCES =
+@@ -7,19 +7,22 @@ BUILT_SOURCES =
xtables_legacy_multi_SOURCES = xtables-legacy-multi.c iptables-xml.c
xtables_legacy_multi_CFLAGS = ${AM_CFLAGS}
endif
xtables_legacy_multi_SOURCES += xshared.c iptables-restore.c iptables-save.c
xtables_legacy_multi_LDADD += ../libxtables/libxtables.la -lm
-@@ -30,7 +33,8 @@ if ENABLE_NFTABLES
- BUILT_SOURCES += xtables-config-parser.h
+@@ -28,7 +31,8 @@ xtables_legacy_multi_LDADD += ../libxt
+ if ENABLE_NFTABLES
xtables_nft_multi_SOURCES = xtables-nft-multi.c iptables-xml.c
xtables_nft_multi_CFLAGS = ${AM_CFLAGS}
-xtables_nft_multi_LDADD = ../extensions/libext.a ../extensions/libext_ebt.a
if ENABLE_STATIC
xtables_nft_multi_CFLAGS += -DALL_INCLUSIVE
endif
-@@ -45,7 +49,8 @@ xtables_nft_multi_SOURCES += xtables-sav
+@@ -42,7 +46,8 @@ xtables_nft_multi_SOURCES += xtables-sav
xtables-eb-standalone.c xtables-eb.c \
xtables-eb-translate.c \
xtables-translate.c
-xtables_nft_multi_LDADD += ${libmnl_LIBS} ${libnftnl_LIBS} ${libnetfilter_conntrack_LIBS} ../extensions/libext4.a ../extensions/libext6.a ../extensions/libext_ebt.a ../extensions/libext_arpt.a
+xtables_nft_multi_LDADD += ${libmnl_LIBS} ${libnftnl_LIBS} ${libnetfilter_conntrack_LIBS}
+xtables_nft_multi_LDFLAGS += -liptext4 -liptext6 -liptext_arpt
- # yacc and lex generate dirty code
- xtables_nft_multi-xtables-config-parser.o xtables_nft_multi-xtables-config-syntax.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls
xtables_nft_multi_SOURCES += xshared.c
+ xtables_nft_multi_LDADD += ../libxtables/libxtables.la -lm
+ endif
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
-@@ -1389,6 +1389,7 @@ static int conntrack3_mt6_xlate(struct x
+@@ -1387,6 +1387,7 @@ static int conntrack3_mt6_xlate(struct x
}
static struct xtables_match conntrack_mt_reg[] = {
{
.version = XTABLES_VERSION,
.name = "conntrack",
-@@ -1464,6 +1465,7 @@ static struct xtables_match conntrack_mt
+@@ -1462,6 +1463,7 @@ static struct xtables_match conntrack_mt
.alias = conntrack_print_name_alias,
.x6_options = conntrack2_mt_opts,
},
{
.version = XTABLES_VERSION,
.name = "conntrack",
-@@ -1496,6 +1498,7 @@ static struct xtables_match conntrack_mt
+@@ -1494,6 +1496,7 @@ static struct xtables_match conntrack_mt
.x6_options = conntrack3_mt_opts,
.xlate = conntrack3_mt6_xlate,
},
{
.family = NFPROTO_UNSPEC,
.name = "state",
-@@ -1526,6 +1529,8 @@ static struct xtables_match conntrack_mt
+@@ -1524,6 +1527,8 @@ static struct xtables_match conntrack_mt
.x6_parse = state_ct23_parse,
.x6_options = state_opts,
},
{
.family = NFPROTO_UNSPEC,
.name = "state",
-@@ -1555,6 +1560,7 @@ static struct xtables_match conntrack_mt
+@@ -1553,6 +1558,7 @@ static struct xtables_match conntrack_mt
.x6_parse = state_parse,
.x6_options = state_opts,
},