3 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
4 # - owner needs rewrite to xt
5 # - add manual sections from xtable-addons
6 # - ACCOUNT has been removed from iptables-20070806.patch, now should be taken
7 # from http://www.intra2net.com/de/produkte/opensource/ipt_account/libipt_ACCOUNT-1.3.tar.gz
10 %bcond_without doc # without documentation (HOWTOS) which needed TeX
11 %bcond_without dist_kernel # without distribution kernel
12 %bcond_without vserver # kernel build without vserver
13 %bcond_without batch # build iptables-batch
15 %define netfilter_snap 20070806
16 %define llh_version 7:2.6.22.1
17 %define name6 ip6tables
18 Summary: Extensible packet filtering system && extensible NAT system
19 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
20 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
21 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
22 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
23 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
28 Group: Networking/Daemons
29 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
30 # Source0-md5: 545698693b636cfc844aafc6729fd48a
31 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
32 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
34 Source3: %{name6}.init
35 Patch0: %{name}-%{netfilter_snap}.patch
36 Patch1: %{name}-man.patch
37 # based on http://www.linuximq.net/patchs/iptables-1.4.0-imq.diff
38 Patch2: %{name}-imq.patch
39 # http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.patch
40 Patch3: %{name}-tproxy.patch
41 Patch4: %{name}-stealth.patch
42 # almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
43 # http://switch.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
44 Patch5: %{name}-layer7.patch
45 Patch6: %{name}-old-1.3.7.patch
46 # based on http://www.svn.barbara.eu.org/ipt_account/attachment/wiki/Software/ipt_account-0.1.21-20070804164729.tar.gz?format=raw
47 Patch7: %{name}-account.patch
48 # http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch
49 Patch8: %{name}-1.3.5-owner-xid.patch
50 Patch9: %{name}-batch.patch
51 Patch10: %{name}-headers.patch
52 Patch11: %{name}-owner-struct-size-vs.patch
53 Patch999: %{name}-llh-dirty-hack.patch
54 URL: http://www.netfilter.org/
55 BuildRequires: autoconf
56 BuildRequires: automake
57 BuildRequires: libtool
59 BuildRequires: sed >= 4.0
60 BuildRequires: sgml-tools
62 BuildRequires: tetex-dvips
63 BuildRequires: tetex-format-latex
64 BuildRequires: tetex-latex
65 BuildRequires: tetex-tex-babel
67 %if %{with dist_kernel} && %{netfilter_snap} != 0
68 BuildRequires: kernel%{_alt_kernel}-headers(netfilter) >= %{netfilter_snap}
69 BuildRequires: kernel%{_alt_kernel}-source
71 #BuildRequires: linux-libc-headers >= %{llh_version}
72 BuildConflicts: kernel-headers < 2.3.0
73 Provides: firewall-userspace-tool
75 Obsoletes: iptables-ipp2p
76 Obsoletes: iptables24-compat
78 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
81 An extensible NAT system, and an extensible packet filtering system.
82 Replacement of ipchains in 2.4 and higher kernels.
84 %description -l pl.UTF-8
85 Wydajny system translacji adresów (NAT) oraz system filtrowania
86 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
88 %description -l pt_BR.UTF-8
89 Esta é a ferramenta que controla o código de filtragem de pacotes do
90 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
91 configurar filtros de pacotes, NAT, mascaramento (masquerading),
92 regras dinâmicas (stateful inspection), etc.
94 %description -l ru.UTF-8
95 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
96 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
99 %description -l uk.UTF-8
100 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
101 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
105 Summary: iptables libraries
106 Summary(pl.UTF-8): Biblioteki iptables
107 Group: Development/Libraries
108 Conflicts: iptables < 1.4.3-1
113 %description libs -l pl.UTF-8
117 Summary: Libraries and headers for developing iptables extensions
118 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
119 Group: Development/Libraries
120 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
121 Obsoletes: iptables24-devel
124 Libraries and headers for developing iptables extensions.
126 %description devel -l pl.UTF-8
127 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
131 Summary: Static iptables libraries
132 Summary(pl.UTF-8): Biblioteki statyczne iptables
133 Group: Development/Libraries
134 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
137 Static iptables libraries.
139 %description devel -l pl.UTF-8
140 Biblioteki statyczne iptables.
143 Summary: Iptables init (RedHat style)
144 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
145 Group: Networking/Admin
146 Requires(post,preun): /sbin/chkconfig
149 Obsoletes: firewall-init
150 Obsoletes: firewall-init-ipchains
151 Obsoletes: iptables24-init
154 Iptables-init is meant to provide an alternate way than firewall-init
155 to start and stop packet filtering through iptables(8).
157 %description init -l pl.UTF-8
158 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
159 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
183 chmod 755 extensions/.*-test*
191 --with-kbuild=%{_kernelsrcdir} \
192 --with-ksource=%{_kernelsrcdir} \
199 CFLAGS="%{rpmcflags} -D%{!?debug:N}DEBUG" \
200 KERNEL_DIR="%{_kernelsrcdir}" \
201 LIBDIR="%{_libdir}" \
206 %{__make} -j1 -C iptables-howtos
207 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
210 # Make a library, needed for OpenVCP
211 ar rcs libiptables.a iptables.o
212 ar rcs libip6tables.a ip6tables.o
215 rm -rf $RPM_BUILD_ROOT
216 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
219 DESTDIR=$RPM_BUILD_ROOT \
224 # install library needed for collectd:
225 #install libiptc/libiptc.a $RPM_BUILD_ROOT%{_libdir}
227 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
228 install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
231 rm -rf $RPM_BUILD_ROOT
233 %post libs -p /sbin/ldconfig
234 %postun libs -p /sbin/ldconfig
237 /sbin/chkconfig --add %{name}
238 /sbin/chkconfig --add %{name6}
241 if [ "$1" = "0" ]; then
242 /sbin/chkconfig --del %{name}
243 /sbin/chkconfig --del %{name6}
247 %defattr(644,root,root,755)
248 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
249 %attr(755,root,root) %{_bindir}/iptables-xml
250 %attr(755,root,root) %{_sbindir}/iptables
251 %attr(755,root,root) %{_sbindir}/iptables-multi
252 %attr(755,root,root) %{_sbindir}/iptables-restore
253 %attr(755,root,root) %{_sbindir}/iptables-save
254 %attr(755,root,root) %{_sbindir}/ip6tables
255 %attr(755,root,root) %{_sbindir}/ip6tables-multi
256 %attr(755,root,root) %{_sbindir}/ip6tables-restore
257 %attr(755,root,root) %{_sbindir}/ip6tables-save
259 %attr(755,root,root) %{_sbindir}/iptables-batch
260 %attr(755,root,root) %{_sbindir}/ip6tables-batch
262 %dir %{_libdir}/xtables
263 %if %{with dist_kernel}
264 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
265 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
266 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
267 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
268 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
269 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
270 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
271 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
272 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
273 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
274 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
275 %attr(755,root,root) %{_libdir}/xtables/libip6t_policy.so
276 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
277 %attr(755,root,root) %{_libdir}/xtables/libip6t_ROUTE.so
278 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
279 %attr(755,root,root) %{_libdir}/xtables/libipt_account.so
280 #attr(755,root,root) %{_libdir}/xtables/libipt_ACCOUNT.so
281 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
282 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
283 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_ipv4options.so
289 %attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so
290 %attr(755,root,root) %{_libdir}/xtables/libipt_layer7.so
291 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
292 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
293 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
294 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
295 %attr(755,root,root) %{_libdir}/xtables/libipt_policy.so
296 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
297 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
298 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
299 %attr(755,root,root) %{_libdir}/xtables/libipt_ROUTE.so
300 %attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so
301 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
302 %attr(755,root,root) %{_libdir}/xtables/libipt_set.so
303 %attr(755,root,root) %{_libdir}/xtables/libipt_SET.so
304 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
305 %attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
306 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
307 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
308 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
309 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
310 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
311 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
312 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
337 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
338 %attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
339 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
340 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
341 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
342 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
343 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
344 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
345 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
346 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
347 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
348 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
349 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
350 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
351 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
352 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
353 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
354 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
355 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
356 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
357 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
358 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
359 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
361 %attr(755,root,root) %{_libdir}/xtables/*.so
366 %defattr(644,root,root,755)
367 %attr(755,root,root) %ghost %{_libdir}/libiptc.so.0
368 %attr(755,root,root) %{_libdir}/libiptc.so.*.*
369 %attr(755,root,root) %ghost %{_libdir}/libxtables.so.2
370 %attr(755,root,root) %{_libdir}/libxtables.so.*.*
373 %defattr(644,root,root,755)
374 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
375 %attr(755,root,root) %{_libdir}/lib*.so
378 %{_includedir}/libiptc
379 %{_pkgconfigdir}/*.pc
383 %defattr(644,root,root,755)
387 %defattr(644,root,root,755)
388 %attr(754,root,root) /etc/rc.d/init.d/iptables
389 %attr(754,root,root) /etc/rc.d/init.d/ip6tables