3 # - update BR to real required llh version
4 # - check if kernel-headers are still required to properly build iptabels for dist kernel
5 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
6 # - owner needs rewrite to xt
9 %bcond_without doc # without documentation (HOWTOS) which needed TeX
10 %bcond_without dist_kernel # without distribution kernel
11 %bcond_with vserver # build xt_owner module for non-dist kernel with vserver support
12 %bcond_with batch # build iptables-batch
13 %bcond_with static # build static libraries, no dynamic modules (all linked into binaries)
14 %bcond_with ipt_IPV4OPTSSTRIP # enable ipt_IPV4OPTSSTRIP for non-dist kernel
15 %bcond_with ipt_rpc # enable ipt_rpc for non-dist kernel
16 %bcond_with xt_layer7 # enable xt_layer7 for non-dist kernel
17 %bcond_with usekernelsrc # include kernel headers from %{_kernelsrcdir}
19 %if %{with dist_kernel}
20 %define with_ipt_IPV4OPTSSTRIP 1
21 %define with_ipt_rpc 1
22 %define with_xt_layer7 1
23 %define with_vserver 1
24 %define with_usekernelsrc 1
27 %define name6 ip6tables
28 Summary: Extensible packet filtering system && extensible NAT system
29 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
30 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
31 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
32 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
33 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
38 Group: Networking/Admin
39 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
40 # Source0-md5: b08a1195ec2c1ebeaf072db3c55fdf43
41 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
42 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
44 Source3: %{name6}.init
45 Source4: %{name}.upstart
46 Source5: %{name6}.upstart
47 # --- GENERAL CHANGES (patches<10):
48 Patch0: %{name}-man.patch
49 # additional utils; off by default
50 Patch1: %{name}-batch.patch
51 Patch2: no-libiptc.patch
52 Patch3: %{name}-%{version}-lm.patch
53 # --- ADDITIONAL/CHANGED EXTENSIONS:
54 # just ipt_IPV4OPTSSTRIP now
55 Patch10: %{name}-20070806.patch
56 # xt_layer7; almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
57 # http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.18.tar.gz
58 Patch11: %{name}-layer7.patch
60 Patch12: %{name}-old-1.3.7.patch
61 # xt_IMQ; based on http://www.linuximq.net/patchs/iptables-1.4.6-imq.diff
62 Patch13: %{name}-imq.patch
63 # enhances ipt_owner/ip6t_owner; http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch (currently disabled, needs update for xt_owner)
64 Patch14: %{name}-1.3.5-owner-xid.patch
65 # adjusts xt_owner for vserver-enabled kernel
66 Patch15: %{name}-owner-struct-size-vs.patch
67 # ipt_stealth; currently disabled (broken, see below)
68 Patch16: %{name}-stealth.patch
69 URL: http://www.netfilter.org/
70 BuildRequires: autoconf >= 2.50
71 BuildRequires: automake
73 BuildRequires: libnfnetlink-devel >= 1.0
74 BuildRequires: libtool
75 BuildRequires: pkgconfig >= 1:0.9.0
77 BuildRequires: sed >= 4.0
78 BuildRequires: sgml-tools
80 BuildRequires: tetex-dvips
81 BuildRequires: tetex-format-latex
82 BuildRequires: tetex-latex
83 BuildRequires: tetex-tex-babel
84 BuildRequires: texlive-fonts-cmsuper
85 BuildRequires: texlive-fonts-jknappen
87 %if %{with dist_kernel}
88 BuildRequires: kernel%{_alt_kernel}-headers(netfilter)
90 BuildRequires: linux-libc-headers >= 7:2.6.22.1
91 Requires: %{name}-libs = %{version}-%{release}
92 Requires: libnfnetlink >= 1.0
93 Provides: firewall-userspace-tool
95 Obsoletes: iptables24-compat
97 Conflicts: xtables-addons < 1.25
98 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
101 An extensible NAT system, and an extensible packet filtering system.
102 Replacement of ipchains in 2.4 and higher kernels.
104 %description -l pl.UTF-8
105 Wydajny system translacji adresów (NAT) oraz system filtrowania
106 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
108 %description -l pt_BR.UTF-8
109 Esta é a ferramenta que controla o código de filtragem de pacotes do
110 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
111 configurar filtros de pacotes, NAT, mascaramento (masquerading),
112 regras dinâmicas (stateful inspection), etc.
114 %description -l ru.UTF-8
115 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
116 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
119 %description -l uk.UTF-8
120 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
121 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
125 Summary: iptables libraries
126 Summary(pl.UTF-8): Biblioteki iptables
128 Conflicts: iptables < 1.4.3-1
133 %description libs -l pl.UTF-8
137 Summary: Libraries and headers for developing iptables extensions
138 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
139 Group: Development/Libraries
140 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
141 Obsoletes: iptables24-devel
144 Libraries and headers for developing iptables extensions.
146 %description devel -l pl.UTF-8
147 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
151 Summary: Static iptables libraries
152 Summary(pl.UTF-8): Biblioteki statyczne iptables
153 Group: Development/Libraries
154 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
157 Static iptables libraries.
159 %description static -l pl.UTF-8
160 Biblioteki statyczne iptables.
163 Summary: Iptables init (RedHat style)
164 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
165 Group: Networking/Admin
166 Requires(post,preun): /sbin/chkconfig
168 Requires: rc-scripts >= 0.4.3.0
169 Obsoletes: firewall-init
170 Obsoletes: firewall-init-ipchains
171 Obsoletes: iptables24-init
174 Iptables-init is meant to provide an alternate way than firewall-init
175 to start and stop packet filtering through iptables(8).
177 %description init -l pl.UTF-8
178 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
179 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
190 %{?with_ipt_IPV4OPTSSTRIP:%patch10 -p1}
191 %{?with_xt_layer7:%patch11 -p1}
192 %{?with_ipt_rpc:%patch12 -p1}
198 # builds but init() api is broken, see warnings
208 CFLAGS="%{rpmcflags} %{rpmcppflags} -D%{!?debug:N}DEBUG" \
209 %{?with_usekernelsrc:--with-kernel=%{_kernelsrcdir}} \
211 %{?with_static:--enable-static}
217 %{__make} -j1 -C iptables-howtos
218 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
222 rm -rf $RPM_BUILD_ROOT
223 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
226 DESTDIR=$RPM_BUILD_ROOT \
231 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
232 install -p %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
233 install -d $RPM_BUILD_ROOT/etc/init
234 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/init/%{name}.conf
235 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/init/%{name6}.conf
238 rm -rf $RPM_BUILD_ROOT
240 %post libs -p /sbin/ldconfig
241 %postun libs -p /sbin/ldconfig
244 /sbin/chkconfig --add %{name}
245 /sbin/chkconfig --add %{name6}
248 if [ "$1" = "0" ]; then
249 /sbin/chkconfig --del %{name}
250 /sbin/chkconfig --del %{name6}
254 %defattr(644,root,root,755)
255 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
256 %attr(755,root,root) %{_bindir}/iptables-xml
257 %attr(755,root,root) %{_sbindir}/iptables
258 %attr(755,root,root) %{_sbindir}/iptables-restore
259 %attr(755,root,root) %{_sbindir}/iptables-save
260 %attr(755,root,root) %{_sbindir}/ip6tables
261 %attr(755,root,root) %{_sbindir}/ip6tables-restore
262 %attr(755,root,root) %{_sbindir}/ip6tables-save
264 %attr(755,root,root) %{_sbindir}/iptables-batch
265 %attr(755,root,root) %{_sbindir}/ip6tables-batch
267 %attr(755,root,root) %{_sbindir}/nfnl_osf
268 %attr(755,root,root) %{_sbindir}/xtables-multi
270 %dir %{_libdir}/xtables
271 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
272 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
273 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
274 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
275 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
276 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
277 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
278 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
279 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
280 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
281 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
282 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
283 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
289 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
290 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
291 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
292 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
293 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
294 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
295 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
296 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
297 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
298 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
299 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
300 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
301 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
302 # disabled, see above
303 #%attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
304 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
305 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
306 %attr(755,root,root) %{_libdir}/xtables/libxt_AUDIT.so
307 %attr(755,root,root) %{_libdir}/xtables/libxt_CHECKSUM.so
308 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
309 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
310 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
311 %attr(755,root,root) %{_libdir}/xtables/libxt_CT.so
312 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_IDLETIMER.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_LED.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_SET.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_TEE.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_cluster.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_cpu.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
337 %attr(755,root,root) %{_libdir}/xtables/libxt_devgroup.so
338 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
339 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
340 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
341 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
342 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
343 %attr(755,root,root) %{_libdir}/xtables/libxt_ipvs.so
344 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
345 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
346 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
347 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
348 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
349 %attr(755,root,root) %{_libdir}/xtables/libxt_osf.so
350 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
351 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
352 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
353 %attr(755,root,root) %{_libdir}/xtables/libxt_policy.so
354 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
355 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
356 %attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
357 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
358 %attr(755,root,root) %{_libdir}/xtables/libxt_set.so
359 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
360 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
361 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
362 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
363 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
364 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
365 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
366 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
367 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
368 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
369 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
370 %{?with_ipt_IPV4OPTSSTRIP:%attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so}
371 %{?with_ipt_rpc:%attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so}
372 %{?with_xt_layer7:%attr(755,root,root) %{_libdir}/xtables/libxt_layer7.so}
373 %{_mandir}/man1/iptables-xml.1*
374 %{_mandir}/man8/ip6tables.8*
375 %{_mandir}/man8/ip6tables-restore.8*
376 %{_mandir}/man8/ip6tables-save.8*
377 %{_mandir}/man8/iptables.8*
378 %{_mandir}/man8/iptables-restore.8*
379 %{_mandir}/man8/iptables-save.8*
382 %defattr(644,root,root,755)
383 %attr(755,root,root) %{_libdir}/libip4tc.so.*.*.*
384 %attr(755,root,root) %ghost %{_libdir}/libip4tc.so.0
385 %attr(755,root,root) %{_libdir}/libip6tc.so.*.*.*
386 %attr(755,root,root) %ghost %{_libdir}/libip6tc.so.0
387 %attr(755,root,root) %{_libdir}/libipq.so.*.*.*
388 %attr(755,root,root) %ghost %{_libdir}/libipq.so.0
389 %attr(755,root,root) %{_libdir}/libxtables.so.*.*.*
390 %attr(755,root,root) %ghost %{_libdir}/libxtables.so.7
393 %defattr(644,root,root,755)
394 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
395 %attr(755,root,root) %{_libdir}/libip4tc.so
396 %attr(755,root,root) %{_libdir}/libip6tc.so
397 %attr(755,root,root) %{_libdir}/libipq.so
398 %attr(755,root,root) %{_libdir}/libxtables.so
399 %{_libdir}/libip4tc.la
400 %{_libdir}/libip6tc.la
402 %{_libdir}/libxtables.la
403 %{_includedir}/libipq.h
404 %{_includedir}/xtables.h
405 %{_includedir}/libiptc
406 %{_pkgconfigdir}/libipq.pc
407 %{_pkgconfigdir}/libiptc.pc
408 %{_pkgconfigdir}/xtables.pc
409 %{_mandir}/man3/ipq_*.3*
410 %{_mandir}/man3/libipq.3*
414 %defattr(644,root,root,755)
415 %{_libdir}/libip4tc.a
416 %{_libdir}/libip6tc.a
418 %{_libdir}/libxtables.a
422 %defattr(644,root,root,755)
423 %attr(754,root,root) /etc/rc.d/init.d/iptables
424 %attr(754,root,root) /etc/rc.d/init.d/ip6tables
425 %config(noreplace) %verify(not md5 mtime size) /etc/init/%{name}.conf
426 %config(noreplace) %verify(not md5 mtime size) /etc/init/%{name6}.conf