xtables-addons: New package.
authorStefan Schantl <stefan.schantl@ipfire.org>
Sat, 3 Jan 2015 13:07:49 +0000 (14:07 +0100)
committerStefan Schantl <stefan.schantl@ipfire.org>
Sat, 3 Jan 2015 13:07:49 +0000 (14:07 +0100)
The xtables-addons package provides many additional filter modules for iptables.
Currently we are only building the "geoip" module which can be used to create
firewall rules which will do actions based on the country membership of the senders/targets
address.

In order to build the required kernel modules I had to change build order for
several packages as well.

config/rootfiles/common/xtables-addons [new file with mode: 0644]
config/xtables-addons/mconfig [new file with mode: 0644]
lfs/xtables-addons [new file with mode: 0644]
make.sh

diff --git a/config/rootfiles/common/xtables-addons b/config/rootfiles/common/xtables-addons
new file mode 100644 (file)
index 0000000..9053c28
--- /dev/null
@@ -0,0 +1,7 @@
+lib/xtables/libxt_geoip.so
+#usr/libexec/xtables-addons
+usr/libexec/xtables-addons/xt_geoip_build
+usr/libexec/xtables-addons/xt_geoip_dl
+#usr/share/man/man1/xt_geoip_build.1
+#usr/share/man/man1/xt_geoip_dl.1
+#usr/share/man/man8/xtables-addons.8
diff --git a/config/xtables-addons/mconfig b/config/xtables-addons/mconfig
new file mode 100644 (file)
index 0000000..92e47f0
--- /dev/null
@@ -0,0 +1,24 @@
+# -*- Makefile -*-
+#
+build_ACCOUNT=n
+build_CHAOS=n
+build_DELUDE=n
+build_DHCPMAC=n
+build_DNETMAP=n
+build_ECHO=n
+build_IPMARK=n
+build_LOGMARK=n
+build_SYSRQ=n
+build_TARPIT=n
+build_condition=n
+build_fuzzy=n
+build_geoip=m
+build_gradm=n
+build_iface=n
+build_ipp2p=n
+build_ipv4options=n
+build_length2=n
+build_lscan=n
+build_pknock=n
+build_psd=n
+build_quota2=n
diff --git a/lfs/xtables-addons b/lfs/xtables-addons
new file mode 100644 (file)
index 0000000..1848dc9
--- /dev/null
@@ -0,0 +1,110 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2014  IPFire Team <info@ipfire.org>                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VERSUFIX = ipfire$(KCFG)
+MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/
+
+VER        = 2.6
+
+THISAPP    = xtables-addons-$(VER)
+DL_FILE    = $(THISAPP).tar.xz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+
+ifeq "$(USPACE)" "1"
+  TARGET = $(DIR_INFO)/$(THISAPP)
+else
+  TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX)
+endif
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 087835ba7e564481b6fd398692268340
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+       $(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+       # Only build the specified modules.
+       cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \
+               $(DIR_APP)/mconfig
+
+# Check if we build the modules for a kernel or the userspace parts.
+ifeq "$(USPACE)" "1"
+       cd $(DIR_APP) && ./configure \
+               --prefix=/usr \
+               --without-kbuild
+
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+else
+       cd $(DIR_APP) && ./configure \
+               --with-kbuild=/usr/src/linux-$(KVER)/
+
+       cd $(DIR_APP) && make $(MAKETUNING)
+
+       # Install the built kernel modules.
+       cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \
+               install -m 644 $$f $(MODPATH); \
+       done
+endif
+
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index a5e847e..d4899f9 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -383,6 +383,7 @@ buildipfire() {
   export LOGFILE
   ipfiremake configroot
   ipfiremake backup
+  ipfiremake pkg-config
   ipfiremake libusb
   ipfiremake libusbx
   ipfiremake libpcap
@@ -403,6 +404,8 @@ buildipfire() {
   ipfiremake multipath-tools
   ipfiremake freetype
   ipfiremake grub
+  ipfiremake libmnl
+  ipfiremake iptables
 
   case "${TARGET_ARCH}" in
        i586)
@@ -412,6 +415,7 @@ buildipfire() {
                ipfiremake e1000e                       KCFG="-pae"
                ipfiremake igb                          KCFG="-pae"
                ipfiremake ixgbe                        KCFG="-pae"
+               ipfiremake xtables-addons               KCFG="-pae"
                ipfiremake linux-initrd                 KCFG="-pae"
 
                # x86 kernel build
@@ -420,6 +424,7 @@ buildipfire() {
                ipfiremake e1000e                       KCFG=""
                ipfiremake igb                          KCFG=""
                ipfiremake ixgbe                        KCFG=""
+               ipfiremake xtables-addons               KCFG=""
                ipfiremake linux-initrd                 KCFG=""
                ;;
 
@@ -427,6 +432,7 @@ buildipfire() {
                # arm-rpi (Raspberry Pi) kernel build
                ipfiremake linux                        KCFG="-rpi"
                ipfiremake cryptodev                    KCFG="-rpi"
+               ipfiremake xtables-addons               KCFG="-rpi"
                ipfiremake linux-initrd                 KCFG="-rpi"
 
                # arm multi platform (Panda, Wandboard ...) kernel build
@@ -435,6 +441,7 @@ buildipfire() {
                ipfiremake e1000e                       KCFG="-multi"
                ipfiremake igb                          KCFG="-multi"
                ipfiremake ixgbe                        KCFG="-multi"
+               ipfiremake xtables-addons               KCFG="-multi"
                ipfiremake linux-initrd                 KCFG="-multi"
 
                # arm-kirkwood (Dreamplug, ICY-Box ...) kernel build
@@ -443,10 +450,11 @@ buildipfire() {
                ipfiremake e1000e                       KCFG="-kirkwood"
                ipfiremake igb                          KCFG="-kirkwood"
                ipfiremake ixgbe                        KCFG="-kirkwood"
+               ipfiremake xtables-addons               KCFG="-kirkwood"
                ipfiremake linux-initrd                 KCFG="-kirkwood"
                ;;
   esac
-  ipfiremake pkg-config
+  ipfiremake xtables-addons                    USPACE="1"
   ipfiremake openssl
   ipfiremake openssl-compat
   ipfiremake libgpg-error
@@ -521,8 +529,6 @@ buildipfire() {
   ipfiremake mtools
   ipfiremake initscripts
   ipfiremake whatmask
-  ipfiremake libmnl
-  ipfiremake iptables
   ipfiremake conntrack-tools
   ipfiremake libupnp
   ipfiremake ipaddr