From 8f8b00b326f9c25fedeb0054702f44ac4e91a038 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Tue, 27 Aug 2013 20:19:58 +0200 Subject: [PATCH] iptables: updated to 1.4.20. --- config/rootfiles/common/iptables | 52 +++++++++----------------------- lfs/iptables | 40 ++++++++++++------------ 2 files changed, 33 insertions(+), 59 deletions(-) diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables index 39225a43b..907783052 100644 --- a/config/rootfiles/common/iptables +++ b/config/rootfiles/common/iptables @@ -16,12 +16,19 @@ lib/libiptc.so.0 lib/libiptc.so.0.0.0 #lib/libxtables.la lib/libxtables.so -lib/libxtables.so.7 -lib/libxtables.so.7.0.0 +lib/libxtables.so.10 +lib/libxtables.so.10.0.0 lib/xtables +#lib/xtables/libip6t_DNAT.so +#lib/xtables/libip6t_DNPT.so #lib/xtables/libip6t_HL.so #lib/xtables/libip6t_LOG.so +#lib/xtables/libip6t_MASQUERADE.so +#lib/xtables/libip6t_NETMAP.so +#lib/xtables/libip6t_REDIRECT.so #lib/xtables/libip6t_REJECT.so +#lib/xtables/libip6t_SNAT.so +#lib/xtables/libip6t_SNPT.so #lib/xtables/libip6t_ah.so #lib/xtables/libip6t_dst.so #lib/xtables/libip6t_eui64.so @@ -58,6 +65,7 @@ lib/xtables #lib/xtables/libxt_CONNSECMARK.so #lib/xtables/libxt_CT.so #lib/xtables/libxt_DSCP.so +#lib/xtables/libxt_HMARK.so #lib/xtables/libxt_IDLETIMER.so #lib/xtables/libxt_IMQ.so #lib/xtables/libxt_LED.so @@ -75,6 +83,7 @@ lib/xtables #lib/xtables/libxt_TPROXY.so #lib/xtables/libxt_TRACE.so #lib/xtables/libxt_addrtype.so +#lib/xtables/libxt_bpf.so #lib/xtables/libxt_cluster.so #lib/xtables/libxt_comment.so #lib/xtables/libxt_connbytes.so @@ -128,9 +137,6 @@ sbin/iptables-restore sbin/iptables-save sbin/iptables-xml sbin/xtables-multi -#usr/include/iptables -#usr/include/iptables.h -#usr/include/iptables/internal.h #usr/include/libipq.h #usr/include/libiptc #usr/include/libiptc/ipt_kernel_headers.h @@ -138,8 +144,6 @@ sbin/xtables-multi #usr/include/libiptc/libiptc.h #usr/include/libiptc/libxtc.h #usr/include/libiptc/xtcshared.h -#usr/include/libipulog -#usr/include/libipulog/libipulog.h #usr/include/libnetfilter_conntrack #usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h #usr/include/libnetfilter_conntrack/libnetfilter_conntrack_dccp.h @@ -153,36 +157,13 @@ sbin/xtables-multi #usr/include/libnetfilter_cttimeout #usr/include/libnetfilter_cttimeout/libnetfilter_cttimeout.h #usr/include/libnetfilter_queue -#usr/include/libnetfilter_queue/libipq.h #usr/include/libnetfilter_queue/libnetfilter_queue.h #usr/include/libnetfilter_queue/linux_nfnetlink_queue.h #usr/include/libnfnetlink #usr/include/libnfnetlink/libnfnetlink.h #usr/include/libnfnetlink/linux_nfnetlink.h #usr/include/libnfnetlink/linux_nfnetlink_compat.h -#usr/include/linux/netfilter/Kbuild -#usr/include/linux/netfilter/ipset/Kbuild -#usr/include/linux/netfilter/ipset/ip_set_ahash.h -#usr/include/linux/netfilter/ipset/ip_set_getport.h -#usr/include/linux/netfilter/ipset/ip_set_timeout.h -#usr/include/linux/netfilter/ipset/pfxlen.h -#usr/include/linux/netfilter/nf_conntrack_amanda.h -#usr/include/linux/netfilter/nf_conntrack_dccp.h -#usr/include/linux/netfilter/nf_conntrack_h323.h -#usr/include/linux/netfilter/nf_conntrack_h323_asn1.h -#usr/include/linux/netfilter/nf_conntrack_h323_types.h -#usr/include/linux/netfilter/nf_conntrack_irc.h -#usr/include/linux/netfilter/nf_conntrack_pptp.h -#usr/include/linux/netfilter/nf_conntrack_proto_gre.h -#usr/include/linux/netfilter/nf_conntrack_sane.h -#usr/include/linux/netfilter/nf_conntrack_sip.h -#usr/include/linux/netfilter/nf_conntrack_snmp.h -#usr/include/linux/netfilter/nf_conntrack_tftp.h -#usr/include/linux/netfilter/xt_IMQ.h -#usr/include/linux/netfilter/xt_layer7.h -#usr/include/net/netfilter -#usr/include/net/netfilter/nf_conntrack_tuple.h -#usr/include/net/netfilter/nf_nat.h +#usr/include/xtables-version.h #usr/include/xtables.h #usr/lib/libnetfilter_conntrack.la usr/lib/libnetfilter_conntrack.so @@ -192,16 +173,10 @@ usr/lib/libnetfilter_conntrack.so.3.4.0 usr/lib/libnetfilter_cttimeout.so usr/lib/libnetfilter_cttimeout.so.1 usr/lib/libnetfilter_cttimeout.so.1.0.0 -#usr/lib/libnetfilter_queue.a #usr/lib/libnetfilter_queue.la usr/lib/libnetfilter_queue.so usr/lib/libnetfilter_queue.so.1 -usr/lib/libnetfilter_queue.so.1.1.0 -#usr/lib/libnetfilter_queue_libipq.a -#usr/lib/libnetfilter_queue_libipq.la -usr/lib/libnetfilter_queue_libipq.so -usr/lib/libnetfilter_queue_libipq.so.1 -usr/lib/libnetfilter_queue_libipq.so.1.0.0 +usr/lib/libnetfilter_queue.so.1.2.0 #usr/lib/libnfnetlink.a #usr/lib/libnfnetlink.la usr/lib/libnfnetlink.so @@ -231,6 +206,7 @@ usr/lib/libnfnetlink.so.0.2.0 #usr/share/man/man8/ip6tables-restore.8 #usr/share/man/man8/ip6tables-save.8 #usr/share/man/man8/ip6tables.8 +#usr/share/man/man8/iptables-extensions.8 #usr/share/man/man8/iptables-restore.8 #usr/share/man/man8/iptables-save.8 #usr/share/man/man8/iptables.8 diff --git a/lfs/iptables b/lfs/iptables index a247ba7b3..f3fb70868 100644 --- a/lfs/iptables +++ b/lfs/iptables @@ -24,7 +24,7 @@ include Config -VER = 1.4.14 +VER = 1.4.20 THISAPP = iptables-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -38,21 +38,21 @@ TARGET = $(DIR_INFO)/$(THISAPP) objects = $(DL_FILE) \ netfilter-layer7-v2.22.tar.gz \ libnfnetlink-1.0.0.tar.bz2 \ - libnetfilter_queue-0.0.17.tar.bz2 \ + libnetfilter_queue-1.0.1.tar.bz2 \ libnetfilter_conntrack-1.0.2.tar.bz2 \ libnetfilter_cttimeout-1.0.0.tar.bz2 $(DL_FILE) = $(DL_FROM)/$(DL_FILE) netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz libnfnetlink-1.0.0.tar.bz2 = $(URL_IPFIRE)/libnfnetlink-1.0.0.tar.bz2 -libnetfilter_queue-0.0.17.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-0.0.17.tar.bz2 +libnetfilter_queue-1.0.1.tar.bz2 = $(URL_IPFIRE)/libnetfilter_queue-1.0.1.tar.bz2 libnetfilter_conntrack-1.0.2.tar.bz2 = $(URL_IPFIRE)/libnetfilter_conntrack-1.0.2.tar.bz2 libnetfilter_cttimeout-1.0.0.tar.bz2 = $(URL_IPFIRE)/libnetfilter_cttimeout-1.0.0.tar.bz2 -$(DL_FILE)_MD5 = 5ab24ad683f76689cfe7e0c73f44855d +$(DL_FILE)_MD5 = 387b92d3efcf4f07fe31c3bf0f1d18f5 netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f libnfnetlink-1.0.0.tar.bz2_MD5 = 016fdec8389242615024c529acc1adb8 -libnetfilter_queue-0.0.17.tar.bz2_MD5 = 2cde35e678ead3a8f9eb896bf807a159 +libnetfilter_queue-1.0.1.tar.bz2_MD5 = 08b968cb2d36c24deb7f26a69f5d8602 libnetfilter_conntrack-1.0.2.tar.bz2_MD5 = 447114b5d61bb9a9617ead3217c3d3ff libnetfilter_cttimeout-1.0.0.tar.bz2_MD5 = 7697437fc9ebb6f6b83df56a633db7f9 @@ -86,8 +86,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) $(DIR_SRC)/libnfnetlink-1.0.0 $(DIR_SRC)/netfilter-layer7* $(DIR_SRC)/libnetfilter_queue-0.0.17 @cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - -cd /usr/include && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.6-errorno_includes.patch - cp -rf /usr/src/linux/include/linux/netfilter /usr/include/linux +# cp -rf /usr/src/linux/include/linux/netfilter /usr/include/linux # Layer7 cd $(DIR_SRC) && tar zxf $(DIR_DL)/netfilter-layer7-v2.22.tar.gz @@ -99,7 +98,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # imq cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/iptables-1.4.12-IMQ-test4.diff -# chmod +x $(DIR_APP)/extensions/.IMQ-test* cd $(DIR_APP) && ./configure --prefix=/usr --with-ksource=/usr/src/linux \ --libdir=/lib --includedir=/usr/include --enable-libipq \ @@ -110,25 +108,25 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install # Iptables doesn't install all headers - mkdir -p /usr/include/net/netfilter - cp -f $(DIR_APP)/include/net/netfilter/*.h /usr/include/net/netfilter/ - mkdir -p /usr/include/iptables - cp -f $(DIR_APP)/include/iptables/*.h /usr/include/iptables/ - cp -f $(DIR_APP)/include/iptables.h /usr/include/ - mkdir -p /usr/include/libipulog - cp -f $(DIR_APP)/include/libipulog/*.h /usr/include/libipulog/ - mkdir -p /usr/include/libiptc - cp -f $(DIR_APP)/include/libiptc/*.h /usr/include/libiptc/ +# mkdir -p /usr/include/net/netfilter +# cp -f $(DIR_APP)/include/net/netfilter/*.h /usr/include/net/netfilter/ +# mkdir -p /usr/include/iptables +# cp -f $(DIR_APP)/include/iptables/*.h /usr/include/iptables/ +# cp -f $(DIR_APP)/include/iptables.h /usr/include/ +# mkdir -p /usr/include/libipulog +# cp -f $(DIR_APP)/include/libipulog/*.h /usr/include/libipulog/ +# mkdir -p /usr/include/libiptc +# cp -f $(DIR_APP)/include/libiptc/*.h /usr/include/libiptc/ cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnfnetlink-1.0.0.tar.bz2 cd $(DIR_SRC)/libnfnetlink-1.0.0 && ./configure --prefix=/usr cd $(DIR_SRC)/libnfnetlink-1.0.0 && make $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_SRC)/libnfnetlink-1.0.0 && make install - cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnetfilter_queue-0.0.17.tar.bz2 - cd $(DIR_SRC)/libnetfilter_queue-0.0.17 && ./configure --prefix=/usr - cd $(DIR_SRC)/libnetfilter_queue-0.0.17 && make $(MAKETUNING) $(EXTRA_MAKE) - cd $(DIR_SRC)/libnetfilter_queue-0.0.17 && make install + cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnetfilter_queue-1.0.1.tar.bz2 + cd $(DIR_SRC)/libnetfilter_queue-1.0.1 && ./configure --prefix=/usr + cd $(DIR_SRC)/libnetfilter_queue-1.0.1 && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_SRC)/libnetfilter_queue-1.0.1 && make install cd $(DIR_SRC) && tar xfj $(DIR_DL)/libnetfilter_conntrack-1.0.2.tar.bz2 cd $(DIR_SRC)/libnetfilter_conntrack-1.0.2 && ./configure --prefix=/usr -- 2.39.2