3 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
4 # - owner needs rewrite to xt
5 # - add manual sections from xtable-addons
6 # - ACCOUNT has been removed from iptables-20070806.patch, now should be taken
7 # from http://www.intra2net.com/de/produkte/opensource/ipt_account/libipt_ACCOUNT-1.3.tar.gz
10 %bcond_without doc # without documentation (HOWTOS) which needed TeX
11 %bcond_without dist_kernel # without distribution kernel
12 %bcond_without vserver # kernel build without vserver
15 %define netfilter_snap 20070806
16 %define llh_version 7:2.6.22.1
17 %define name6 ip6tables
20 Summary: Extensible packet filtering system && extensible NAT system
21 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
22 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
23 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
24 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
25 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
30 Group: Networking/Daemons
31 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
32 # Source0-md5: 952f8df5815b658bdf34b8d58fe94c63
33 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
34 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
36 Source3: %{name6}.init
37 Patch0: %{name}-%{netfilter_snap}.patch
38 Patch1: %{name}-man.patch
39 # based on http://www.linuximq.net/patchs/iptables-1.4.0-imq.diff
40 Patch2: %{name}-imq.patch
41 # http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.patch
42 Patch3: %{name}-tproxy.patch
43 Patch4: %{name}-stealth.patch
44 # almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
45 # http://switch.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
46 Patch5: %{name}-layer7.patch
47 Patch6: %{name}-old-1.3.7.patch
48 # based on http://www.svn.barbara.eu.org/ipt_account/attachment/wiki/Software/ipt_account-0.1.21-20070804164729.tar.gz?format=raw
49 Patch7: %{name}-account.patch
50 # http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch
51 Patch8: %{name}-1.3.5-owner-xid.patch
52 Patch9: %{name}-batch.patch
53 Patch10: %{name}-headers.patch
54 Patch11: %{name}-owner-struct-size-vs.patch
55 Patch999: %{name}-llh-dirty-hack.patch
56 URL: http://www.netfilter.org/
57 BuildRequires: autoconf
58 BuildRequires: automake
59 BuildRequires: libtool
61 BuildRequires: sed >= 4.0
62 BuildRequires: sgml-tools
64 BuildRequires: tetex-dvips
65 BuildRequires: tetex-format-latex
66 BuildRequires: tetex-latex
67 BuildRequires: tetex-tex-babel
69 %if %{with dist_kernel} && %{netfilter_snap} != 0
70 BuildRequires: kernel%{_alt_kernel}-headers(netfilter) >= %{netfilter_snap}
71 BuildRequires: kernel%{_alt_kernel}-source
73 #BuildRequires: linux-libc-headers >= %{llh_version}
74 BuildConflicts: kernel-headers < 2.3.0
75 Provides: firewall-userspace-tool
77 Obsoletes: iptables-ipp2p
78 Obsoletes: iptables24-compat
80 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
83 An extensible NAT system, and an extensible packet filtering system.
84 Replacement of ipchains in 2.4 and higher kernels.
86 %description -l pl.UTF-8
87 Wydajny system translacji adresów (NAT) oraz system filtrowania
88 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
90 %description -l pt_BR.UTF-8
91 Esta é a ferramenta que controla o código de filtragem de pacotes do
92 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
93 configurar filtros de pacotes, NAT, mascaramento (masquerading),
94 regras dinâmicas (stateful inspection), etc.
96 %description -l ru.UTF-8
97 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
98 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
101 %description -l uk.UTF-8
102 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
103 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
107 Summary: iptables libraries
108 Summary(pl.UTF-8): Biblioteki iptables
109 Group: Development/Libraries
114 %description libs -l pl.UTF-8
118 Summary: Libraries and headers for developing iptables extensions
119 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
120 Group: Development/Libraries
121 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
122 Obsoletes: iptables24-devel
125 Libraries and headers for developing iptables extensions.
127 %description devel -l pl.UTF-8
128 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
132 Summary: Static iptables libraries
133 Summary(pl.UTF-8): Biblioteki statyczne iptables
134 Group: Development/Libraries
135 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
138 Static iptables libraries.
140 %description devel -l pl.UTF-8
141 Biblioteki statyczne iptables.
144 Summary: Iptables init (RedHat style)
145 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
147 Group: Networking/Admin
148 Requires(post,preun): /sbin/chkconfig
151 Obsoletes: firewall-init
152 Obsoletes: firewall-init-ipchains
153 Obsoletes: iptables24-init
156 Iptables-init is meant to provide an alternate way than firewall-init
157 to start and stop packet filtering through iptables(8).
159 %description init -l pl.UTF-8
160 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
161 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
185 chmod 755 extensions/.*-test*
192 --with-kbuild=%{_kernelsrcdir} \
193 --with-ksource=%{_kernelsrcdir} \
200 CFLAGS="%{rpmcflags} -D%{!?debug:N}DEBUG" \
201 KERNEL_DIR="%{_kernelsrcdir}" \
202 LIBDIR="%{_libdir}" \
207 %{__make} -j1 -C iptables-howtos
208 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
211 # Make a library, needed for OpenVCP
212 ar rcs libiptables.a iptables.o
213 ar rcs libip6tables.a ip6tables.o
216 rm -rf $RPM_BUILD_ROOT
217 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
220 DESTDIR=$RPM_BUILD_ROOT \
225 # install library needed for collectd:
226 #install libiptc/libiptc.a $RPM_BUILD_ROOT%{_libdir}
228 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
229 install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
232 rm -rf $RPM_BUILD_ROOT
234 %post libs -p /sbin/ldconfig
235 %postun libs -p /sbin/ldconfig
238 /sbin/chkconfig --add %{name}
239 /sbin/chkconfig --add %{name6}
242 if [ "$1" = "0" ]; then
243 /sbin/chkconfig --del %{name}
244 /sbin/chkconfig --del %{name6}
248 %defattr(644,root,root,755)
249 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
250 %attr(755,root,root) %{_bindir}/iptables-xml
251 %attr(755,root,root) %{_sbindir}/iptables
252 %attr(755,root,root) %{_sbindir}/iptables-multi
253 %attr(755,root,root) %{_sbindir}/iptables-restore
254 %attr(755,root,root) %{_sbindir}/iptables-save
255 %attr(755,root,root) %{_sbindir}/ip6tables
256 %attr(755,root,root) %{_sbindir}/ip6tables-multi
257 %attr(755,root,root) %{_sbindir}/ip6tables-restore
258 %attr(755,root,root) %{_sbindir}/ip6tables-save
260 %attr(755,root,root) %{_sbindir}/iptables-batch
261 %attr(755,root,root) %{_sbindir}/ip6tables-batch
263 %dir %{_libdir}/xtables
264 %if %{with dist_kernel}
265 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
266 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
267 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
268 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
269 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
270 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
271 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
272 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
273 %attr(755,root,root) %{_libdir}/xtables/libip6t_IMQ.so
274 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
275 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
276 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
277 %attr(755,root,root) %{_libdir}/xtables/libip6t_policy.so
278 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
279 %attr(755,root,root) %{_libdir}/xtables/libip6t_ROUTE.so
280 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
281 %attr(755,root,root) %{_libdir}/xtables/libipt_account.so
282 #attr(755,root,root) %{_libdir}/xtables/libipt_ACCOUNT.so
283 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
289 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
290 %attr(755,root,root) %{_libdir}/xtables/libipt_IMQ.so
291 %attr(755,root,root) %{_libdir}/xtables/libipt_ipv4options.so
292 %attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so
293 %attr(755,root,root) %{_libdir}/xtables/libipt_layer7.so
294 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
295 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
296 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
297 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
298 %attr(755,root,root) %{_libdir}/xtables/libipt_policy.so
299 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
300 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
301 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
302 %attr(755,root,root) %{_libdir}/xtables/libipt_ROUTE.so
303 %attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so
304 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
305 %attr(755,root,root) %{_libdir}/xtables/libipt_set.so
306 %attr(755,root,root) %{_libdir}/xtables/libipt_SET.so
307 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
308 %attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
309 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
310 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
311 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
312 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
337 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
338 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
339 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
340 %attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
341 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
342 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
343 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
344 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
345 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
346 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
347 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
348 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
349 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
350 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
351 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
352 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
353 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
354 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
355 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
356 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
357 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
358 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
359 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
360 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
361 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
363 %attr(755,root,root) %{_libdir}/xtables/*.so
368 %defattr(644,root,root,755)
369 %attr(755,root,root) %ghost %attr(755,root,root) %{_libdir}/libiptc.so.0
370 %attr(755,root,root) %{_libdir}/libiptc.so.*.*
371 %attr(755,root,root) %ghost %attr(755,root,root) %{_libdir}/libxtables.so.1
372 %attr(755,root,root) %{_libdir}/libxtables.so.*.*
375 %defattr(644,root,root,755)
376 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
377 %attr(755,root,root) %{_libdir}/lib*.so
380 %{_includedir}/libiptc
381 %{_pkgconfigdir}/*.pc
385 %defattr(644,root,root,755)
389 %defattr(644,root,root,755)
390 %attr(754,root,root) /etc/rc.d/init.d/iptables
391 %attr(754,root,root) /etc/rc.d/init.d/ip6tables