3 # - update BR to real required llh version
4 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
5 # - owner needs rewrite to xt
8 %bcond_without doc # without documentation (HOWTOS) which needed TeX
9 %bcond_without dist_kernel # without distribution kernel
10 %bcond_with vserver # build xt_owner module for non-dist kernel with vserver support
11 %bcond_with batch # build iptables-batch
12 %bcond_with static # build static libraries, no dynamic modules (all linked into binaries)
13 %bcond_with ipt_IPV4OPTSSTRIP # enable ipt_IPV4OPTSSTRIP for non-dist kernel
14 %bcond_with ipt_rpc # enable ipt_rpc for non-dist kernel (needs ipt_rpc.h header)
15 %bcond_with xt_layer7 # enable xt_layer7 for non-dist kernel (needs xt_layer7.h header)
16 %bcond_with usekernelsrc # include kernel headers from %{_kernelsrcdir}
18 %if %{with dist_kernel}
19 %define with_ipt_IPV4OPTSSTRIP 1
20 %define with_ipt_rpc 1
21 %define with_xt_layer7 1
22 %define with_vserver 1
23 %define with_usekernelsrc 1
26 %define name6 ip6tables
27 Summary: Extensible packet filtering system && extensible NAT system
28 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
29 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
30 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
31 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
32 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
37 Group: Networking/Admin
38 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
39 # Source0-md5: f382fe693f0b59d87bd47bea65eca198
40 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
41 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
43 Source3: %{name6}.init
44 # --- GENERAL CHANGES (patches<10):
45 Patch0: %{name}-man.patch
46 # additional utils; off by default
47 Patch1: %{name}-batch.patch
48 # --- ADDITIONAL/CHANGED EXTENSIONS:
49 # just ipt_IPV4OPTSSTRIP now
50 Patch10: %{name}-20070806.patch
51 # xt_layer7; almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
52 # http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.18.tar.gz
53 Patch11: %{name}-layer7.patch
55 Patch12: %{name}-old-1.3.7.patch
56 # xt_IMQ; based on http://www.linuximq.net/patchs/iptables-1.4.6-imq.diff
57 Patch13: %{name}-imq.patch
58 # enhances ipt_owner/ip6t_owner; http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch (currently disabled, needs update for xt_owner)
59 Patch14: %{name}-1.3.5-owner-xid.patch
60 # adjusts xt_owner for vserver-enabled kernel
61 Patch15: %{name}-owner-struct-size-vs.patch
62 # ipt_stealth; currently disabled (broken, see below)
63 Patch16: %{name}-stealth.patch
64 URL: http://www.netfilter.org/
65 BuildRequires: autoconf >= 2.50
66 BuildRequires: automake
68 BuildRequires: libnfnetlink-devel >= 1.0
69 BuildRequires: libtool
70 BuildRequires: pkgconfig >= 1:0.9.0
72 BuildRequires: sed >= 4.0
73 BuildRequires: sgml-tools
75 BuildRequires: tetex-dvips
76 BuildRequires: tetex-format-latex
77 BuildRequires: tetex-latex
78 BuildRequires: tetex-tex-babel
80 %if %{with dist_kernel}
81 # needed for xt_layer7, ipt_rpc
82 BuildRequires: kernel%{_alt_kernel}-headers(netfilter)
84 BuildRequires: linux-libc-headers >= 7:2.6.22.1
85 Requires: %{name}-libs = %{version}-%{release}
86 Requires: libnfnetlink >= 1.0
87 Provides: firewall-userspace-tool
89 Obsoletes: iptables-ipp2p
90 Obsoletes: iptables24-compat
92 Conflicts: xtables-addons < 1.14
93 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
96 An extensible NAT system, and an extensible packet filtering system.
97 Replacement of ipchains in 2.4 and higher kernels.
99 %description -l pl.UTF-8
100 Wydajny system translacji adresów (NAT) oraz system filtrowania
101 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
103 %description -l pt_BR.UTF-8
104 Esta é a ferramenta que controla o código de filtragem de pacotes do
105 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
106 configurar filtros de pacotes, NAT, mascaramento (masquerading),
107 regras dinâmicas (stateful inspection), etc.
109 %description -l ru.UTF-8
110 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
111 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
114 %description -l uk.UTF-8
115 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
116 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
120 Summary: iptables libraries
121 Summary(pl.UTF-8): Biblioteki iptables
123 Conflicts: iptables < 1.4.3-1
128 %description libs -l pl.UTF-8
132 Summary: Libraries and headers for developing iptables extensions
133 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
134 Group: Development/Libraries
135 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
136 Obsoletes: iptables24-devel
139 Libraries and headers for developing iptables extensions.
141 %description devel -l pl.UTF-8
142 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
146 Summary: Static iptables libraries
147 Summary(pl.UTF-8): Biblioteki statyczne iptables
148 Group: Development/Libraries
149 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
152 Static iptables libraries.
154 %description static -l pl.UTF-8
155 Biblioteki statyczne iptables.
158 Summary: Iptables init (RedHat style)
159 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
160 Group: Networking/Admin
161 Requires(post,preun): /sbin/chkconfig
163 Requires: rc-scripts >= 0.4.3.0
164 Obsoletes: firewall-init
165 Obsoletes: firewall-init-ipchains
166 Obsoletes: iptables24-init
169 Iptables-init is meant to provide an alternate way than firewall-init
170 to start and stop packet filtering through iptables(8).
172 %description init -l pl.UTF-8
173 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
174 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
183 %{?with_ipt_IPV4OPTSSTRIP:%patch10 -p1}
184 %{?with_xt_layer7:%patch11 -p1}
185 %{?with_ipt_rpc:%patch12 -p1}
191 # builds but init() api is broken, see warnings
201 CFLAGS="%{rpmcflags} %{rpmcppflags} -D%{!?debug:N}DEBUG" \
202 %{?with_usekernelsrc:--with-kernel=%{_kernelsrcdir}} \
204 %{?with_static:--enable-static}
210 %{__make} -j1 -C iptables-howtos
211 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
214 # Make a library, needed for OpenVCP
215 # unpackaged; is it still valid? --q
216 ar rcs libiptables.a iptables*.o
217 ar rcs libip6tables.a ip6tables*.o
220 rm -rf $RPM_BUILD_ROOT
221 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
224 DESTDIR=$RPM_BUILD_ROOT \
229 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
230 install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
233 rm -rf $RPM_BUILD_ROOT
235 %post libs -p /sbin/ldconfig
236 %postun libs -p /sbin/ldconfig
239 /sbin/chkconfig --add %{name}
240 /sbin/chkconfig --add %{name6}
243 if [ "$1" = "0" ]; then
244 /sbin/chkconfig --del %{name}
245 /sbin/chkconfig --del %{name6}
249 %defattr(644,root,root,755)
250 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
251 %attr(755,root,root) %{_bindir}/iptables-xml
252 %attr(755,root,root) %{_sbindir}/iptables
253 %attr(755,root,root) %{_sbindir}/iptables-multi
254 %attr(755,root,root) %{_sbindir}/iptables-restore
255 %attr(755,root,root) %{_sbindir}/iptables-save
256 %attr(755,root,root) %{_sbindir}/ip6tables
257 %attr(755,root,root) %{_sbindir}/ip6tables-multi
258 %attr(755,root,root) %{_sbindir}/ip6tables-restore
259 %attr(755,root,root) %{_sbindir}/ip6tables-save
261 %attr(755,root,root) %{_sbindir}/iptables-batch
262 %attr(755,root,root) %{_sbindir}/ip6tables-batch
264 %attr(755,root,root) %{_sbindir}/nfnl_osf
266 %dir %{_libdir}/xtables
267 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
268 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
269 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
270 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
271 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
272 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
273 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
274 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
275 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
276 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
277 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
278 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
279 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
280 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
281 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
282 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
283 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
289 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
290 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
291 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
292 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
293 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
294 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
295 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
296 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
297 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
298 # disabled, see above
299 #%attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
300 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
301 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
302 %attr(755,root,root) %{_libdir}/xtables/libxt_CHECKSUM.so
303 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
304 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
305 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
306 %attr(755,root,root) %{_libdir}/xtables/libxt_CT.so
307 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
308 %attr(755,root,root) %{_libdir}/xtables/libxt_IDLETIMER.so
309 %attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
310 %attr(755,root,root) %{_libdir}/xtables/libxt_LED.so
311 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
312 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_SET.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_TEE.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_cluster.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_cpu.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
337 %attr(755,root,root) %{_libdir}/xtables/libxt_ipvs.so
338 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
339 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
340 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
341 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
342 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
343 %attr(755,root,root) %{_libdir}/xtables/libxt_osf.so
344 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
345 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
346 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
347 %attr(755,root,root) %{_libdir}/xtables/libxt_policy.so
348 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
349 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
350 %attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
351 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
352 %attr(755,root,root) %{_libdir}/xtables/libxt_set.so
353 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
354 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
355 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
356 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
357 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
358 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
359 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
360 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
361 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
362 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
363 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
364 %{?with_ipt_IPV4OPTSSTRIP:%attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so}
365 %{?with_ipt_rpc:%attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so}
366 %{?with_xt_layer7:%attr(755,root,root) %{_libdir}/xtables/libxt_layer7.so}
367 %{_mandir}/man8/ip6tables.8*
368 %{_mandir}/man8/ip6tables-restore.8*
369 %{_mandir}/man8/ip6tables-save.8*
370 %{_mandir}/man8/iptables.8*
371 %{_mandir}/man8/iptables-restore.8*
372 %{_mandir}/man8/iptables-save.8*
373 %{_mandir}/man8/iptables-xml.8*
376 %defattr(644,root,root,755)
377 %attr(755,root,root) %{_libdir}/libip4tc.so.*.*.*
378 %attr(755,root,root) %ghost %{_libdir}/libip4tc.so.0
379 %attr(755,root,root) %{_libdir}/libip6tc.so.*.*.*
380 %attr(755,root,root) %ghost %{_libdir}/libip6tc.so.0
381 %attr(755,root,root) %{_libdir}/libipq.so.*.*.*
382 %attr(755,root,root) %ghost %{_libdir}/libipq.so.0
383 %attr(755,root,root) %{_libdir}/libiptc.so.*.*.*
384 %attr(755,root,root) %ghost %{_libdir}/libiptc.so.0
385 %attr(755,root,root) %{_libdir}/libxtables.so.*.*.*
386 %attr(755,root,root) %ghost %{_libdir}/libxtables.so.5
389 %defattr(644,root,root,755)
390 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
391 %attr(755,root,root) %{_libdir}/libip4tc.so
392 %attr(755,root,root) %{_libdir}/libip6tc.so
393 %attr(755,root,root) %{_libdir}/libipq.so
394 %attr(755,root,root) %{_libdir}/libiptc.so
395 %attr(755,root,root) %{_libdir}/libxtables.so
396 %{_libdir}/libip4tc.la
397 %{_libdir}/libip6tc.la
399 %{_libdir}/libiptc.la
400 %{_libdir}/libxtables.la
401 %{_includedir}/libipq.h
402 %{_includedir}/xtables.h
403 %{_includedir}/libiptc
404 %{_pkgconfigdir}/libiptc.pc
405 %{_pkgconfigdir}/xtables.pc
406 %{_mandir}/man3/ipq_*.3*
407 %{_mandir}/man3/libipq.3*
411 %defattr(644,root,root,755)
412 %{_libdir}/libip4tc.a
413 %{_libdir}/libip6tc.a
416 %{_libdir}/libxtables.a
420 %defattr(644,root,root,755)
421 %attr(754,root,root) /etc/rc.d/init.d/iptables
422 %attr(754,root,root) /etc/rc.d/init.d/ip6tables