3 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
4 # - owner needs rewrite to xt, imq update
5 # - batch needs update/rewrite
6 # - ACCOUNT has been removed from iptables-20070806.patch, now should be taken
7 # from http://www.intra2net.com/de/produkte/opensource/ipt_account/libipt_ACCOUNT-1.3.tar.gz
10 %bcond_without doc # without documentation (HOWTOS) which needed TeX
11 %bcond_without dist_kernel # without distribution kernel
12 %bcond_without vserver # kernel build without vserver
14 %define netfilter_snap 20070806
15 %define llh_version 7:2.6.22.1
16 %define name6 ip6tables
19 %define rel 7.%{_rc}.1
20 Summary: Extensible packet filtering system && extensible NAT system
21 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
22 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
23 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
24 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
25 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
30 Group: Networking/Daemons
31 #Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
32 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}-rc1.tar.bz2
33 # Source0-md5: 36a4921fa21ec4b99cc68cd9c4d0e080
34 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
35 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
37 Source3: %{name6}.init
38 Patch0: %{name}-%{netfilter_snap}.patch
39 Patch1: %{name}-man.patch
40 # http://www.linuximq.net/patchs/iptables-1.4.0-imq.diff
41 Patch2: %{name}-imq.patch
42 # based on http://people.netfilter.org/ole/pom/IPMARK
43 Patch3: %{name}-IPMARK.patch
44 Patch4: %{name}-stealth.patch
45 # almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
46 # http://switch.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
47 Patch5: %{name}-layer7.patch
48 Patch6: %{name}-old-1.3.7.patch
49 # based on http://www.svn.barbara.eu.org/ipt_account/attachment/wiki/Software/ipt_account-0.1.21-20070804164729.tar.gz?format=raw
50 Patch7: %{name}-account.patch
51 # http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch
52 Patch8: %{name}-1.3.5-owner-xid.patch
53 Patch9: %{name}-geoip-dbpath.patch
54 Patch10: %{name}-batch.patch
55 Patch11: %{name}-glibc28.patch
56 # http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.patch
57 Patch12: %{name}-tproxy.patch
58 Patch999: %{name}-llh-dirty-hack.patch
59 URL: http://www.netfilter.org/
60 BuildRequires: autoconf
61 BuildRequires: automake
63 BuildRequires: sed >= 4.0
64 BuildRequires: sgml-tools
66 BuildRequires: tetex-dvips
67 BuildRequires: tetex-format-latex
68 BuildRequires: tetex-latex
69 BuildRequires: tetex-tex-babel
71 %if %{with dist_kernel} && %{netfilter_snap} != 0
72 BuildRequires: kernel%{_alt_kernel}-headers(netfilter) >= %{netfilter_snap}
73 BuildRequires: kernel%{_alt_kernel}-source
75 #BuildRequires: linux-libc-headers >= %{llh_version}
76 BuildConflicts: kernel-headers < 2.3.0
77 Provides: firewall-userspace-tool
79 Obsoletes: iptables-ipp2p
80 Obsoletes: iptables24-compat
82 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
85 An extensible NAT system, and an extensible packet filtering system.
86 Replacement of ipchains in 2.4 and higher kernels.
88 %description -l pl.UTF-8
89 Wydajny system translacji adresów (NAT) oraz system filtrowania
90 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
92 %description -l pt_BR.UTF-8
93 Esta é a ferramenta que controla o código de filtragem de pacotes do
94 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
95 configurar filtros de pacotes, NAT, mascaramento (masquerading),
96 regras dinâmicas (stateful inspection), etc.
98 %description -l ru.UTF-8
99 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
100 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
103 %description -l uk.UTF-8
104 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
105 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
109 Summary: Libraries and headers for developing iptables extensions
110 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
111 Group: Development/Libraries
112 Obsoletes: iptables24-devel
115 Libraries and headers for developing iptables extensions.
117 %description devel -l pl.UTF-8
118 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
122 Summary: Iptables init (RedHat style)
123 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
125 Group: Networking/Admin
126 Requires(post,preun): /sbin/chkconfig
129 Obsoletes: firewall-init
130 Obsoletes: firewall-init-ipchains
131 Obsoletes: iptables24-init
134 Iptables-init is meant to provide an alternate way than firewall-init
135 to start and stop packet filtering through iptables(8).
137 %description init -l pl.UTF-8
138 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
139 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
143 %setup -q -n %{name}-%{version}-%{_rc} -a1
162 chmod 755 extensions/.*-test*
168 --with-kbuild=%{_kernelsrcdir} \
169 --with-ksource=%{_kernelsrcdir} \
176 CFLAGS="%{rpmcflags} -D%{!?debug:N}DEBUG" \
177 KERNEL_DIR="%{_kernelsrcdir}" \
178 LIBDIR="%{_libdir}" \
183 %{__make} -j1 -C iptables-howtos
184 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
187 # Make a library, needed for OpenVCP
188 ar rcs libiptables.a iptables.o
189 ar rcs libip6tables.a ip6tables.o
192 rm -rf $RPM_BUILD_ROOT
193 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
196 DESTDIR=$RPM_BUILD_ROOT \
201 #install iptables-batch $RPM_BUILD_ROOT%{_sbindir}
202 #install ip6tables-batch $RPM_BUILD_ROOT%{_sbindir}
204 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
205 install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
208 rm -rf $RPM_BUILD_ROOT
211 /sbin/chkconfig --add %{name}
212 /sbin/chkconfig --add %{name6}
215 if [ "$1" = "0" ]; then
216 /sbin/chkconfig --del %{name}
217 /sbin/chkconfig --del %{name6}
221 %defattr(644,root,root,755)
222 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
223 %attr(755,root,root) %{_bindir}/iptables-xml
224 %attr(755,root,root) %{_sbindir}/iptables
225 #attr(755,root,root) %{_sbindir}/iptables-batch
226 %attr(755,root,root) %{_sbindir}/iptables-restore
227 %attr(755,root,root) %{_sbindir}/iptables-save
228 %attr(755,root,root) %{_sbindir}/ip6tables
229 #attr(755,root,root) %{_sbindir}/ip6tables-batch
230 %attr(755,root,root) %{_sbindir}/ip6tables-restore
231 %attr(755,root,root) %{_sbindir}/ip6tables-save
232 %dir %{_libdir}/xtables
233 %if %{with dist_kernel}
234 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
235 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
236 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
237 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
238 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
239 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
240 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
241 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
242 #attr(755,root,root) %{_libdir}/xtables/libip6t_IMQ.so
243 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
244 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
245 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
246 %attr(755,root,root) %{_libdir}/xtables/libip6t_policy.so
247 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
248 %attr(755,root,root) %{_libdir}/xtables/libip6t_ROUTE.so
249 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
250 %attr(755,root,root) %{_libdir}/xtables/libipt_account.so
251 #attr(755,root,root) %{_libdir}/xtables/libipt_ACCOUNT.so
252 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
253 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
254 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
255 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
256 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
257 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
258 %attr(755,root,root) %{_libdir}/xtables/libipt_geoip.so
259 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
260 #attr(755,root,root) %{_libdir}/xtables/libipt_IMQ.so
261 %attr(755,root,root) %{_libdir}/xtables/libipt_IPMARK.so
262 %attr(755,root,root) %{_libdir}/xtables/libipt_ipp2p.so
263 %attr(755,root,root) %{_libdir}/xtables/libipt_ipv4options.so
264 %attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so
265 %attr(755,root,root) %{_libdir}/xtables/libipt_layer7.so
266 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
267 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
268 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
269 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
270 %attr(755,root,root) %{_libdir}/xtables/libipt_policy.so
271 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
272 %attr(755,root,root) %{_libdir}/xtables/libipt_recent.so
273 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
274 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
275 %attr(755,root,root) %{_libdir}/xtables/libipt_ROUTE.so
276 %attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so
277 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
278 %attr(755,root,root) %{_libdir}/xtables/libipt_set.so
279 %attr(755,root,root) %{_libdir}/xtables/libipt_SET.so
280 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
281 %attr(755,root,root) %{_libdir}/xtables/libipt_TARPIT.so
282 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
283 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
286 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
287 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
288 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
289 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
290 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
291 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
292 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
293 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
294 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
295 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
296 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
297 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
298 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
299 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
300 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
301 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
302 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
303 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
304 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
305 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
306 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
307 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
308 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
309 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
310 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
311 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
312 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
332 %attr(755,root,root) %{_libdir}/xtables/*.so
337 %defattr(644,root,root,755)
338 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
341 %dir %{_includedir}/libip*
342 %{_includedir}/libip*/*.h
346 %defattr(644,root,root,755)
347 %attr(754,root,root) /etc/rc.d/init.d/iptables
348 %attr(754,root,root) /etc/rc.d/init.d/ip6tables