3 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
4 # - owner needs rewrite to xt
5 # - batch needs update/rewrite
6 # - add manual sections from xtable-addons
7 # - ACCOUNT has been removed from iptables-20070806.patch, now should be taken
8 # from http://www.intra2net.com/de/produkte/opensource/ipt_account/libipt_ACCOUNT-1.3.tar.gz
11 %bcond_without doc # without documentation (HOWTOS) which needed TeX
12 %bcond_without dist_kernel # without distribution kernel
13 %bcond_without vserver # kernel build without vserver
15 %define netfilter_snap 20070806
16 %define llh_version 7:2.6.22.1
17 %define name6 ip6tables
20 %define rel 7.%{_rc}.1
21 Summary: Extensible packet filtering system && extensible NAT system
22 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
23 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
24 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
25 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
26 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
31 Group: Networking/Daemons
32 #Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
33 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}-rc1.tar.bz2
34 # Source0-md5: 36a4921fa21ec4b99cc68cd9c4d0e080
35 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
36 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
38 Source3: %{name6}.init
39 Patch0: %{name}-%{netfilter_snap}.patch
40 Patch1: %{name}-man.patch
41 # based on http://www.linuximq.net/patchs/iptables-1.4.0-imq.diff
42 Patch2: %{name}-imq.patch
43 # based on http://people.netfilter.org/ole/pom/IPMARK
44 Patch3: %{name}-IPMARK.patch
45 Patch4: %{name}-stealth.patch
46 # almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
47 # http://switch.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
48 Patch5: %{name}-layer7.patch
49 Patch6: %{name}-old-1.3.7.patch
50 # based on http://www.svn.barbara.eu.org/ipt_account/attachment/wiki/Software/ipt_account-0.1.21-20070804164729.tar.gz?format=raw
51 Patch7: %{name}-account.patch
52 # http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch
53 Patch8: %{name}-1.3.5-owner-xid.patch
54 Patch9: %{name}-geoip-dbpath.patch
55 Patch10: %{name}-batch.patch
56 Patch11: %{name}-glibc28.patch
57 # http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.patch
58 Patch12: %{name}-tproxy.patch
59 Patch999: %{name}-llh-dirty-hack.patch
60 URL: http://www.netfilter.org/
61 BuildRequires: autoconf
62 BuildRequires: automake
64 BuildRequires: sed >= 4.0
65 BuildRequires: sgml-tools
67 BuildRequires: tetex-dvips
68 BuildRequires: tetex-format-latex
69 BuildRequires: tetex-latex
70 BuildRequires: tetex-tex-babel
72 %if %{with dist_kernel} && %{netfilter_snap} != 0
73 BuildRequires: kernel%{_alt_kernel}-headers(netfilter) >= %{netfilter_snap}
74 BuildRequires: kernel%{_alt_kernel}-source
76 #BuildRequires: linux-libc-headers >= %{llh_version}
77 BuildConflicts: kernel-headers < 2.3.0
78 Provides: firewall-userspace-tool
80 Obsoletes: iptables-ipp2p
81 Obsoletes: iptables24-compat
83 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
86 An extensible NAT system, and an extensible packet filtering system.
87 Replacement of ipchains in 2.4 and higher kernels.
89 %description -l pl.UTF-8
90 Wydajny system translacji adresów (NAT) oraz system filtrowania
91 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
93 %description -l pt_BR.UTF-8
94 Esta é a ferramenta que controla o código de filtragem de pacotes do
95 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
96 configurar filtros de pacotes, NAT, mascaramento (masquerading),
97 regras dinâmicas (stateful inspection), etc.
99 %description -l ru.UTF-8
100 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
101 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
104 %description -l uk.UTF-8
105 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
106 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
110 Summary: Libraries and headers for developing iptables extensions
111 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
112 Group: Development/Libraries
113 Obsoletes: iptables24-devel
116 Libraries and headers for developing iptables extensions.
118 %description devel -l pl.UTF-8
119 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
123 Summary: Iptables init (RedHat style)
124 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
126 Group: Networking/Admin
127 Requires(post,preun): /sbin/chkconfig
130 Obsoletes: firewall-init
131 Obsoletes: firewall-init-ipchains
132 Obsoletes: iptables24-init
135 Iptables-init is meant to provide an alternate way than firewall-init
136 to start and stop packet filtering through iptables(8).
138 %description init -l pl.UTF-8
139 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
140 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
144 %setup -q -n %{name}-%{version}-%{_rc} -a1
163 chmod 755 extensions/.*-test*
169 --with-kbuild=%{_kernelsrcdir} \
170 --with-ksource=%{_kernelsrcdir} \
177 CFLAGS="%{rpmcflags} -D%{!?debug:N}DEBUG" \
178 KERNEL_DIR="%{_kernelsrcdir}" \
179 LIBDIR="%{_libdir}" \
184 %{__make} -j1 -C iptables-howtos
185 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
188 # Make a library, needed for OpenVCP
189 ar rcs libiptables.a iptables.o
190 ar rcs libip6tables.a ip6tables.o
193 rm -rf $RPM_BUILD_ROOT
194 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
197 DESTDIR=$RPM_BUILD_ROOT \
202 #install iptables-batch $RPM_BUILD_ROOT%{_sbindir}
203 #install ip6tables-batch $RPM_BUILD_ROOT%{_sbindir}
205 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
206 install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
209 rm -rf $RPM_BUILD_ROOT
212 /sbin/chkconfig --add %{name}
213 /sbin/chkconfig --add %{name6}
216 if [ "$1" = "0" ]; then
217 /sbin/chkconfig --del %{name}
218 /sbin/chkconfig --del %{name6}
222 %defattr(644,root,root,755)
223 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
224 %attr(755,root,root) %{_bindir}/iptables-xml
225 %attr(755,root,root) %{_sbindir}/iptables
226 #attr(755,root,root) %{_sbindir}/iptables-batch
227 %attr(755,root,root) %{_sbindir}/iptables-multi
228 %attr(755,root,root) %{_sbindir}/iptables-restore
229 %attr(755,root,root) %{_sbindir}/iptables-save
230 %attr(755,root,root) %{_sbindir}/ip6tables
231 #attr(755,root,root) %{_sbindir}/ip6tables-batch
232 %attr(755,root,root) %{_sbindir}/ip6tables-multi
233 %attr(755,root,root) %{_sbindir}/ip6tables-restore
234 %attr(755,root,root) %{_sbindir}/ip6tables-save
235 %dir %{_libdir}/xtables
236 %if %{with dist_kernel}
237 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
238 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
239 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
240 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
241 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
242 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
243 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
244 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
245 %attr(755,root,root) %{_libdir}/xtables/libip6t_IMQ.so
246 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
247 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
248 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
249 %attr(755,root,root) %{_libdir}/xtables/libip6t_policy.so
250 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
251 %attr(755,root,root) %{_libdir}/xtables/libip6t_ROUTE.so
252 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
253 %attr(755,root,root) %{_libdir}/xtables/libipt_account.so
254 #attr(755,root,root) %{_libdir}/xtables/libipt_ACCOUNT.so
255 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
256 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
257 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
258 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
259 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
260 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
261 %attr(755,root,root) %{_libdir}/xtables/libipt_geoip.so
262 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
263 %attr(755,root,root) %{_libdir}/xtables/libipt_IMQ.so
264 %attr(755,root,root) %{_libdir}/xtables/libipt_IPMARK.so
265 %attr(755,root,root) %{_libdir}/xtables/libipt_ipp2p.so
266 %attr(755,root,root) %{_libdir}/xtables/libipt_ipv4options.so
267 %attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so
268 %attr(755,root,root) %{_libdir}/xtables/libipt_layer7.so
269 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
270 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
271 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
272 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
273 %attr(755,root,root) %{_libdir}/xtables/libipt_policy.so
274 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
275 %attr(755,root,root) %{_libdir}/xtables/libipt_recent.so
276 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
277 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
278 %attr(755,root,root) %{_libdir}/xtables/libipt_ROUTE.so
279 %attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so
280 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
281 %attr(755,root,root) %{_libdir}/xtables/libipt_set.so
282 %attr(755,root,root) %{_libdir}/xtables/libipt_SET.so
283 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_TARPIT.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
289 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
290 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
291 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
292 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
293 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
294 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
295 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
296 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
297 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
298 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
299 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
300 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
301 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
302 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
303 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
304 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
305 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
306 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
307 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
308 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
309 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
310 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
311 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
312 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
338 %attr(755,root,root) %{_libdir}/xtables/*.so
343 %defattr(644,root,root,755)
344 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
347 %dir %{_includedir}/libip*
348 %{_includedir}/libip*/*.h
352 %defattr(644,root,root,755)
353 %attr(754,root,root) /etc/rc.d/init.d/iptables
354 %attr(754,root,root) /etc/rc.d/init.d/ip6tables