3 # - update BR to real required llh version
4 # - check if kernel-headers are still required to properly build iptabels for dist kernel
5 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
6 # - owner needs rewrite to xt
9 %bcond_without doc # without documentation (HOWTOS) which needed TeX
10 %bcond_without dist_kernel # without distribution kernel
11 %bcond_with vserver # build xt_owner module for non-dist kernel with vserver support
12 %bcond_with batch # build iptables-batch
13 %bcond_with static # build static libraries, no dynamic modules (all linked into binaries)
14 %bcond_with ipt_IPV4OPTSSTRIP # enable ipt_IPV4OPTSSTRIP for non-dist kernel
15 %bcond_with ipt_rpc # enable ipt_rpc for non-dist kernel
16 %bcond_with xt_layer7 # enable xt_layer7 for non-dist kernel
17 %bcond_with usekernelsrc # include kernel headers from %{_kernelsrcdir}
19 %if %{with dist_kernel}
20 %define with_ipt_IPV4OPTSSTRIP 1
21 %define with_ipt_rpc 1
22 %define with_xt_layer7 1
23 %define with_vserver 1
24 %define with_usekernelsrc 1
27 %define name6 ip6tables
28 Summary: Extensible packet filtering system && extensible NAT system
29 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
30 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
31 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
32 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
33 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
38 Group: Networking/Admin
39 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
40 # Source0-md5: 4d77c912d17364e2515fda27d398e15e
41 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
42 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
44 Source3: %{name6}.init
45 # --- GENERAL CHANGES (patches<10):
46 Patch0: %{name}-man.patch
47 # additional utils; off by default
48 Patch1: %{name}-batch.patch
49 # --- ADDITIONAL/CHANGED EXTENSIONS:
50 # just ipt_IPV4OPTSSTRIP now
51 Patch10: %{name}-20070806.patch
52 # xt_layer7; almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
53 # http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.18.tar.gz
54 Patch11: %{name}-layer7.patch
56 Patch12: %{name}-old-1.3.7.patch
57 # xt_IMQ; based on http://www.linuximq.net/patchs/iptables-1.4.6-imq.diff
58 Patch13: %{name}-imq.patch
59 # enhances ipt_owner/ip6t_owner; http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch (currently disabled, needs update for xt_owner)
60 Patch14: %{name}-1.3.5-owner-xid.patch
61 # adjusts xt_owner for vserver-enabled kernel
62 Patch15: %{name}-owner-struct-size-vs.patch
63 # ipt_stealth; currently disabled (broken, see below)
64 Patch16: %{name}-stealth.patch
65 Patch17: %{name}-build.patch
66 URL: http://www.netfilter.org/
67 BuildRequires: autoconf >= 2.50
68 BuildRequires: automake
70 BuildRequires: libnfnetlink-devel >= 1.0
71 BuildRequires: libtool
72 BuildRequires: pkgconfig >= 1:0.9.0
74 BuildRequires: sed >= 4.0
75 BuildRequires: sgml-tools
77 BuildRequires: tetex-dvips
78 BuildRequires: tetex-format-latex
79 BuildRequires: tetex-latex
80 BuildRequires: tetex-tex-babel
81 # if texlive: BuildRequires: texlive-fonts-cmsuper
83 %if %{with dist_kernel}
84 BuildRequires: kernel%{_alt_kernel}-headers(netfilter)
86 BuildRequires: linux-libc-headers >= 7:2.6.22.1
87 Requires: %{name}-libs = %{version}-%{release}
88 Requires: libnfnetlink >= 1.0
89 Provides: firewall-userspace-tool
91 Obsoletes: iptables-ipp2p
92 Obsoletes: iptables24-compat
94 Conflicts: xtables-addons < 1.14
95 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
98 An extensible NAT system, and an extensible packet filtering system.
99 Replacement of ipchains in 2.4 and higher kernels.
101 %description -l pl.UTF-8
102 Wydajny system translacji adresów (NAT) oraz system filtrowania
103 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
105 %description -l pt_BR.UTF-8
106 Esta é a ferramenta que controla o código de filtragem de pacotes do
107 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
108 configurar filtros de pacotes, NAT, mascaramento (masquerading),
109 regras dinâmicas (stateful inspection), etc.
111 %description -l ru.UTF-8
112 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
113 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
116 %description -l uk.UTF-8
117 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
118 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
122 Summary: iptables libraries
123 Summary(pl.UTF-8): Biblioteki iptables
125 Conflicts: iptables < 1.4.3-1
130 %description libs -l pl.UTF-8
134 Summary: Libraries and headers for developing iptables extensions
135 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
136 Group: Development/Libraries
137 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
138 Obsoletes: iptables24-devel
141 Libraries and headers for developing iptables extensions.
143 %description devel -l pl.UTF-8
144 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
148 Summary: Static iptables libraries
149 Summary(pl.UTF-8): Biblioteki statyczne iptables
150 Group: Development/Libraries
151 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
154 Static iptables libraries.
156 %description static -l pl.UTF-8
157 Biblioteki statyczne iptables.
160 Summary: Iptables init (RedHat style)
161 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
162 Group: Networking/Admin
163 Requires(post,preun): /sbin/chkconfig
165 Requires: rc-scripts >= 0.4.3.0
166 Obsoletes: firewall-init
167 Obsoletes: firewall-init-ipchains
168 Obsoletes: iptables24-init
171 Iptables-init is meant to provide an alternate way than firewall-init
172 to start and stop packet filtering through iptables(8).
174 %description init -l pl.UTF-8
175 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
176 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
185 %{?with_ipt_IPV4OPTSSTRIP:%patch10 -p1}
186 %{?with_xt_layer7:%patch11 -p1}
187 %{?with_ipt_rpc:%patch12 -p1}
193 # builds but init() api is broken, see warnings
204 CFLAGS="%{rpmcflags} %{rpmcppflags} -D%{!?debug:N}DEBUG" \
205 %{?with_usekernelsrc:--with-kernel=%{_kernelsrcdir}} \
207 %{?with_static:--enable-static}
213 %{__make} -j1 -C iptables-howtos
214 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
217 # Make a library, needed for OpenVCP
218 # unpackaged; is it still valid? --q
219 ar rcs libiptables.a *iptables*.o
220 ar rcs libip6tables.a *ip6tables*.o
223 rm -rf $RPM_BUILD_ROOT
224 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
227 DESTDIR=$RPM_BUILD_ROOT \
232 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
233 install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
236 rm -rf $RPM_BUILD_ROOT
238 %post libs -p /sbin/ldconfig
239 %postun libs -p /sbin/ldconfig
242 /sbin/chkconfig --add %{name}
243 /sbin/chkconfig --add %{name6}
246 if [ "$1" = "0" ]; then
247 /sbin/chkconfig --del %{name}
248 /sbin/chkconfig --del %{name6}
252 %defattr(644,root,root,755)
253 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
254 %attr(755,root,root) %{_bindir}/iptables-xml
255 %attr(755,root,root) %{_sbindir}/iptables
256 %attr(755,root,root) %{_sbindir}/iptables-restore
257 %attr(755,root,root) %{_sbindir}/iptables-save
258 %attr(755,root,root) %{_sbindir}/ip6tables
259 %attr(755,root,root) %{_sbindir}/ip6tables-restore
260 %attr(755,root,root) %{_sbindir}/ip6tables-save
262 %attr(755,root,root) %{_sbindir}/iptables-batch
263 %attr(755,root,root) %{_sbindir}/ip6tables-batch
265 %attr(755,root,root) %{_sbindir}/nfnl_osf
266 %attr(755,root,root) %{_sbindir}/xtables-multi
268 %dir %{_libdir}/xtables
269 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
270 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
271 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
272 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
273 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
274 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
275 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
276 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
277 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
278 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
279 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
280 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
281 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
282 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
283 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
289 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
290 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
291 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
292 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
293 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
294 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
295 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
296 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
297 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
298 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
299 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
300 # disabled, see above
301 #%attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
302 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
303 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
304 %attr(755,root,root) %{_libdir}/xtables/libxt_AUDIT.so
305 %attr(755,root,root) %{_libdir}/xtables/libxt_CHECKSUM.so
306 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
307 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
308 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
309 %attr(755,root,root) %{_libdir}/xtables/libxt_CT.so
310 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
311 %attr(755,root,root) %{_libdir}/xtables/libxt_IDLETIMER.so
312 %attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_LED.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_SET.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_TEE.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_cluster.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_cpu.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_devgroup.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
337 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
338 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
339 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
340 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
341 %attr(755,root,root) %{_libdir}/xtables/libxt_ipvs.so
342 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
343 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
344 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
345 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
346 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
347 %attr(755,root,root) %{_libdir}/xtables/libxt_osf.so
348 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
349 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
350 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
351 %attr(755,root,root) %{_libdir}/xtables/libxt_policy.so
352 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
353 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
354 %attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
355 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
356 %attr(755,root,root) %{_libdir}/xtables/libxt_set.so
357 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
358 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
359 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
360 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
361 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
362 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
363 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
364 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
365 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
366 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
367 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
368 %{?with_ipt_IPV4OPTSSTRIP:%attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so}
369 %{?with_ipt_rpc:%attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so}
370 %{?with_xt_layer7:%attr(755,root,root) %{_libdir}/xtables/libxt_layer7.so}
371 %{_mandir}/man8/ip6tables.8*
372 %{_mandir}/man8/ip6tables-restore.8*
373 %{_mandir}/man8/ip6tables-save.8*
374 %{_mandir}/man8/iptables.8*
375 %{_mandir}/man8/iptables-restore.8*
376 %{_mandir}/man8/iptables-save.8*
377 %{_mandir}/man8/iptables-xml.8*
380 %defattr(644,root,root,755)
381 %attr(755,root,root) %{_libdir}/libip4tc.so.*.*.*
382 %attr(755,root,root) %ghost %{_libdir}/libip4tc.so.0
383 %attr(755,root,root) %{_libdir}/libip6tc.so.*.*.*
384 %attr(755,root,root) %ghost %{_libdir}/libip6tc.so.0
385 %attr(755,root,root) %{_libdir}/libipq.so.*.*.*
386 %attr(755,root,root) %ghost %{_libdir}/libipq.so.0
387 %attr(755,root,root) %{_libdir}/libiptc.so.*.*.*
388 %attr(755,root,root) %ghost %{_libdir}/libiptc.so.0
389 %attr(755,root,root) %{_libdir}/libxtables.so.*.*.*
390 %attr(755,root,root) %ghost %{_libdir}/libxtables.so.6
393 %defattr(644,root,root,755)
394 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
395 %attr(755,root,root) %{_libdir}/libip4tc.so
396 %attr(755,root,root) %{_libdir}/libip6tc.so
397 %attr(755,root,root) %{_libdir}/libipq.so
398 %attr(755,root,root) %{_libdir}/libiptc.so
399 %attr(755,root,root) %{_libdir}/libxtables.so
400 %{_libdir}/libip4tc.la
401 %{_libdir}/libip6tc.la
403 %{_libdir}/libiptc.la
404 %{_libdir}/libxtables.la
405 %{_includedir}/libipq.h
406 %{_includedir}/xtables.h
407 %{_includedir}/libiptc
408 %{_pkgconfigdir}/libiptc.pc
409 %{_pkgconfigdir}/xtables.pc
410 %{_mandir}/man3/ipq_*.3*
411 %{_mandir}/man3/libipq.3*
415 %defattr(644,root,root,755)
416 %{_libdir}/libip4tc.a
417 %{_libdir}/libip6tc.a
420 %{_libdir}/libxtables.a
424 %defattr(644,root,root,755)
425 %attr(754,root,root) /etc/rc.d/init.d/iptables
426 %attr(754,root,root) /etc/rc.d/init.d/ip6tables
projects / packages / iptables.git / blob