3 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
4 # - owner needs rewrite to xt
5 # - add manual sections from xtable-addons
6 # - ACCOUNT has been removed from iptables-20070806.patch, now should be taken
7 # from http://www.intra2net.com/de/produkte/opensource/ipt_account/libipt_ACCOUNT-1.3.tar.gz
10 %bcond_without doc # without documentation (HOWTOS) which needed TeX
11 %bcond_without dist_kernel # without distribution kernel
12 %bcond_without vserver # kernel build without vserver
13 %bcond_without batch # build iptables-batch
15 %define netfilter_snap 20070806
16 %define llh_version 7:2.6.22.1
17 %define name6 ip6tables
18 Summary: Extensible packet filtering system && extensible NAT system
19 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
20 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
21 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
22 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
23 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
28 Group: Networking/Daemons
29 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
30 # Source0-md5: 08cd9196881657ea0615d926334cb7e9
31 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
32 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
34 Source3: %{name6}.init
35 Patch0: %{name}-%{netfilter_snap}.patch
36 Patch1: %{name}-man.patch
37 # based on http://www.linuximq.net/patchs/iptables-1.4.0-imq.diff
38 Patch2: %{name}-imq.patch
39 # http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.patch
40 Patch3: %{name}-tproxy.patch
41 Patch4: %{name}-stealth.patch
42 # almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
43 # http://switch.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
44 Patch5: %{name}-layer7.patch
45 Patch6: %{name}-old-1.3.7.patch
46 # based on http://www.svn.barbara.eu.org/ipt_account/attachment/wiki/Software/ipt_account-0.1.21-20070804164729.tar.gz?format=raw
47 Patch7: %{name}-account.patch
48 # http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch
49 Patch8: %{name}-1.3.5-owner-xid.patch
50 Patch9: %{name}-batch.patch
51 Patch10: %{name}-headers.patch
52 Patch11: %{name}-owner-struct-size-vs.patch
53 Patch999: %{name}-llh-dirty-hack.patch
54 URL: http://www.netfilter.org/
55 BuildRequires: autoconf
56 BuildRequires: automake
58 BuildRequires: libtool
60 BuildRequires: sed >= 4.0
61 BuildRequires: sgml-tools
63 BuildRequires: tetex-dvips
64 BuildRequires: tetex-format-latex
65 BuildRequires: tetex-latex
66 BuildRequires: tetex-tex-babel
68 %if %{with dist_kernel} && %{netfilter_snap} != 0
69 BuildRequires: kernel%{_alt_kernel}-headers(netfilter) >= %{netfilter_snap}
70 BuildRequires: kernel%{_alt_kernel}-source
72 #BuildRequires: linux-libc-headers >= %{llh_version}
73 BuildConflicts: kernel-headers < 2.3.0
74 Provides: firewall-userspace-tool
76 Obsoletes: iptables-ipp2p
77 Obsoletes: iptables24-compat
79 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
82 An extensible NAT system, and an extensible packet filtering system.
83 Replacement of ipchains in 2.4 and higher kernels.
85 %description -l pl.UTF-8
86 Wydajny system translacji adresów (NAT) oraz system filtrowania
87 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
89 %description -l pt_BR.UTF-8
90 Esta é a ferramenta que controla o código de filtragem de pacotes do
91 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
92 configurar filtros de pacotes, NAT, mascaramento (masquerading),
93 regras dinâmicas (stateful inspection), etc.
95 %description -l ru.UTF-8
96 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
97 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
100 %description -l uk.UTF-8
101 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
102 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
106 Summary: iptables libraries
107 Summary(pl.UTF-8): Biblioteki iptables
108 Group: Development/Libraries
109 Conflicts: iptables < 1.4.3-1
114 %description libs -l pl.UTF-8
118 Summary: Libraries and headers for developing iptables extensions
119 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
120 Group: Development/Libraries
121 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
122 Obsoletes: iptables24-devel
125 Libraries and headers for developing iptables extensions.
127 %description devel -l pl.UTF-8
128 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
132 Summary: Static iptables libraries
133 Summary(pl.UTF-8): Biblioteki statyczne iptables
134 Group: Development/Libraries
135 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
138 Static iptables libraries.
140 %description devel -l pl.UTF-8
141 Biblioteki statyczne iptables.
144 Summary: Iptables init (RedHat style)
145 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
146 Group: Networking/Admin
147 Requires(post,preun): /sbin/chkconfig
150 Obsoletes: firewall-init
151 Obsoletes: firewall-init-ipchains
152 Obsoletes: iptables24-init
155 Iptables-init is meant to provide an alternate way than firewall-init
156 to start and stop packet filtering through iptables(8).
158 %description init -l pl.UTF-8
159 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
160 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
184 chmod 755 extensions/.*-test*
192 --with-kbuild=%{_kernelsrcdir} \
193 --with-ksource=%{_kernelsrcdir} \
200 CFLAGS="%{rpmcflags} -D%{!?debug:N}DEBUG" \
201 KERNEL_DIR="%{_kernelsrcdir}" \
202 LIBDIR="%{_libdir}" \
207 %{__make} -j1 -C iptables-howtos
208 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
211 # Make a library, needed for OpenVCP
212 ar rcs libiptables.a iptables.o
213 ar rcs libip6tables.a ip6tables.o
216 rm -rf $RPM_BUILD_ROOT
217 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
220 DESTDIR=$RPM_BUILD_ROOT \
225 # install library needed for collectd:
226 #install libiptc/libiptc.a $RPM_BUILD_ROOT%{_libdir}
228 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
229 install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
232 rm -rf $RPM_BUILD_ROOT
234 %post libs -p /sbin/ldconfig
235 %postun libs -p /sbin/ldconfig
238 /sbin/chkconfig --add %{name}
239 /sbin/chkconfig --add %{name6}
242 if [ "$1" = "0" ]; then
243 /sbin/chkconfig --del %{name}
244 /sbin/chkconfig --del %{name6}
248 %defattr(644,root,root,755)
249 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
250 %attr(755,root,root) %{_bindir}/iptables-xml
251 %attr(755,root,root) %{_sbindir}/iptables
252 %attr(755,root,root) %{_sbindir}/iptables-multi
253 %attr(755,root,root) %{_sbindir}/iptables-restore
254 %attr(755,root,root) %{_sbindir}/iptables-save
255 %attr(755,root,root) %{_sbindir}/ip6tables
256 %attr(755,root,root) %{_sbindir}/ip6tables-multi
257 %attr(755,root,root) %{_sbindir}/ip6tables-restore
258 %attr(755,root,root) %{_sbindir}/ip6tables-save
260 %attr(755,root,root) %{_sbindir}/iptables-batch
261 %attr(755,root,root) %{_sbindir}/ip6tables-batch
263 %dir %{_libdir}/xtables
264 %if %{with dist_kernel}
265 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
266 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
267 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
268 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
269 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
270 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
271 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
272 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
273 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
274 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
275 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
276 #%attr(755,root,root) %{_libdir}/xtables/libip6t_policy.so
277 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
278 %attr(755,root,root) %{_libdir}/xtables/libip6t_ROUTE.so
279 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
280 %attr(755,root,root) %{_libdir}/xtables/libipt_account.so
281 #attr(755,root,root) %{_libdir}/xtables/libipt_ACCOUNT.so
282 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
283 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
289 %attr(755,root,root) %{_libdir}/xtables/libipt_ipv4options.so
290 %attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so
291 %attr(755,root,root) %{_libdir}/xtables/libipt_layer7.so
292 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
293 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
294 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
295 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
296 #%attr(755,root,root) %{_libdir}/xtables/libipt_policy.so
297 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
298 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
299 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
300 %attr(755,root,root) %{_libdir}/xtables/libipt_ROUTE.so
301 %attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so
302 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
303 %attr(755,root,root) %{_libdir}/xtables/libipt_set.so
304 %attr(755,root,root) %{_libdir}/xtables/libipt_SET.so
305 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
306 %attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
307 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
308 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
309 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
310 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
311 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
312 %attr(755,root,root) %{_libdir}/xtables/libxt_cluster.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
337 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
338 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
339 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
340 %attr(755,root,root) %{_libdir}/xtables/libxt_policy.so
341 %attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
342 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
343 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
344 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
345 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
346 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
347 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
348 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
349 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
350 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
351 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
352 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
353 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
354 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
355 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
356 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
357 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
358 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
359 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
360 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
361 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
362 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
364 %attr(755,root,root) %{_libdir}/xtables/*.so
369 %defattr(644,root,root,755)
370 %attr(755,root,root) %ghost %{_libdir}/libiptc.so.0
371 %attr(755,root,root) %{_libdir}/libiptc.so.*.*
372 %attr(755,root,root) %ghost %{_libdir}/libxtables.so.2
373 %attr(755,root,root) %{_libdir}/libxtables.so.*.*
376 %defattr(644,root,root,755)
377 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
378 %attr(755,root,root) %{_libdir}/lib*.so
381 %{_includedir}/libiptc
382 %{_pkgconfigdir}/*.pc
386 %defattr(644,root,root,755)
390 %defattr(644,root,root,755)
391 %attr(754,root,root) /etc/rc.d/init.d/iptables
392 %attr(754,root,root) /etc/rc.d/init.d/ip6tables