3 # - update BR to real required llh version
4 # - check if kernel-headers are still required to properly build iptabels for dist kernel
5 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
6 # - owner needs rewrite to xt
9 %bcond_without doc # without documentation (HOWTOS) which needed TeX
10 %bcond_without dist_kernel # without distribution kernel
11 %bcond_with vserver # build xt_owner module for non-dist kernel with vserver support
12 %bcond_with batch # build iptables-batch
13 %bcond_with static # build static libraries, no dynamic modules (all linked into binaries)
14 %bcond_with ipt_IPV4OPTSSTRIP # enable ipt_IPV4OPTSSTRIP for non-dist kernel
15 %bcond_with ipt_rpc # enable ipt_rpc for non-dist kernel
16 %bcond_with xt_layer7 # enable xt_layer7 for non-dist kernel
17 %bcond_with usekernelsrc # include kernel headers from %{_kernelsrcdir}
19 %if %{with dist_kernel}
20 %define with_ipt_IPV4OPTSSTRIP 1
21 %define with_ipt_rpc 1
22 %define with_xt_layer7 1
23 %define with_vserver 1
24 %define with_usekernelsrc 1
27 %define name6 ip6tables
28 Summary: Extensible packet filtering system && extensible NAT system
29 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
30 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
31 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
32 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
33 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
38 Group: Networking/Admin
39 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
40 # Source0-md5: 212112389c7f10c72efb31a4ed193a4c
41 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
42 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
44 Source3: %{name6}.init
45 Source4: %{name}.upstart
46 Source5: %{name6}.upstart
47 # --- GENERAL CHANGES (patches<10):
48 Patch0: %{name}-man.patch
49 # additional utils; off by default
50 Patch1: %{name}-batch.patch
51 Patch2: no-libiptc.patch
52 # --- ADDITIONAL/CHANGED EXTENSIONS:
53 # just ipt_IPV4OPTSSTRIP now
54 Patch10: %{name}-20070806.patch
55 # xt_layer7; almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
56 # http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.18.tar.gz
57 Patch11: %{name}-layer7.patch
59 Patch12: %{name}-old-1.3.7.patch
60 # xt_IMQ; based on http://www.linuximq.net/patchs/iptables-1.4.6-imq.diff
61 Patch13: %{name}-imq.patch
62 # enhances ipt_owner/ip6t_owner; http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch (currently disabled, needs update for xt_owner)
63 Patch14: %{name}-1.3.5-owner-xid.patch
64 # adjusts xt_owner for vserver-enabled kernel
65 Patch15: %{name}-owner-struct-size-vs.patch
66 # ipt_stealth; currently disabled (broken, see below)
67 Patch16: %{name}-stealth.patch
68 URL: http://www.netfilter.org/
69 BuildRequires: autoconf >= 2.50
70 BuildRequires: automake
72 BuildRequires: libnfnetlink-devel >= 1.0
73 BuildRequires: libtool
74 BuildRequires: pkgconfig >= 1:0.9.0
76 BuildRequires: sed >= 4.0
77 BuildRequires: sgml-tools
79 BuildRequires: tetex-dvips
80 BuildRequires: tetex-format-latex
81 BuildRequires: tetex-latex
82 BuildRequires: tetex-tex-babel
83 BuildRequires: texlive-fonts-cmsuper
84 BuildRequires: texlive-fonts-jknappen
86 %if %{with dist_kernel}
87 BuildRequires: kernel%{_alt_kernel}-headers(netfilter)
89 BuildRequires: linux-libc-headers >= 7:2.6.22.1
90 Requires: %{name}-libs = %{version}-%{release}
91 Requires: libnfnetlink >= 1.0
92 Provides: firewall-userspace-tool
94 Obsoletes: iptables24-compat
96 Conflicts: xtables-addons < 1.25
97 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
100 An extensible NAT system, and an extensible packet filtering system.
101 Replacement of ipchains in 2.4 and higher kernels.
103 %description -l pl.UTF-8
104 Wydajny system translacji adresów (NAT) oraz system filtrowania
105 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
107 %description -l pt_BR.UTF-8
108 Esta é a ferramenta que controla o código de filtragem de pacotes do
109 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
110 configurar filtros de pacotes, NAT, mascaramento (masquerading),
111 regras dinâmicas (stateful inspection), etc.
113 %description -l ru.UTF-8
114 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
115 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
118 %description -l uk.UTF-8
119 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
120 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
124 Summary: iptables libraries
125 Summary(pl.UTF-8): Biblioteki iptables
127 Conflicts: iptables < 1.4.3-1
132 %description libs -l pl.UTF-8
136 Summary: Libraries and headers for developing iptables extensions
137 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
138 Group: Development/Libraries
139 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
140 Obsoletes: iptables24-devel
143 Libraries and headers for developing iptables extensions.
145 %description devel -l pl.UTF-8
146 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
150 Summary: Static iptables libraries
151 Summary(pl.UTF-8): Biblioteki statyczne iptables
152 Group: Development/Libraries
153 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
156 Static iptables libraries.
158 %description static -l pl.UTF-8
159 Biblioteki statyczne iptables.
162 Summary: Iptables init (RedHat style)
163 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
164 Group: Networking/Admin
165 Requires(post,preun): /sbin/chkconfig
167 Requires: rc-scripts >= 0.4.3.0
168 Obsoletes: firewall-init
169 Obsoletes: firewall-init-ipchains
170 Obsoletes: iptables24-init
173 Iptables-init is meant to provide an alternate way than firewall-init
174 to start and stop packet filtering through iptables(8).
176 %description init -l pl.UTF-8
177 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
178 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
189 %{?with_ipt_IPV4OPTSSTRIP:%patch10 -p1}
190 %{?with_xt_layer7:%patch11 -p1}
191 %{?with_ipt_rpc:%patch12 -p1}
197 # builds but init() api is broken, see warnings
207 CFLAGS="%{rpmcflags} %{rpmcppflags} -D%{!?debug:N}DEBUG" \
208 %{?with_usekernelsrc:--with-kernel=%{_kernelsrcdir}} \
210 %{?with_static:--enable-static}
216 %{__make} -j1 -C iptables-howtos
217 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
221 rm -rf $RPM_BUILD_ROOT
222 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
225 DESTDIR=$RPM_BUILD_ROOT \
230 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
231 install -p %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
232 install -d $RPM_BUILD_ROOT/etc/init
233 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/init/%{name}.conf
234 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/init/%{name6}.conf
237 rm -rf $RPM_BUILD_ROOT
239 %post libs -p /sbin/ldconfig
240 %postun libs -p /sbin/ldconfig
243 /sbin/chkconfig --add %{name}
244 /sbin/chkconfig --add %{name6}
247 if [ "$1" = "0" ]; then
248 /sbin/chkconfig --del %{name}
249 /sbin/chkconfig --del %{name6}
253 %defattr(644,root,root,755)
254 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
255 %attr(755,root,root) %{_bindir}/iptables-xml
256 %attr(755,root,root) %{_sbindir}/iptables
257 %attr(755,root,root) %{_sbindir}/iptables-restore
258 %attr(755,root,root) %{_sbindir}/iptables-save
259 %attr(755,root,root) %{_sbindir}/ip6tables
260 %attr(755,root,root) %{_sbindir}/ip6tables-restore
261 %attr(755,root,root) %{_sbindir}/ip6tables-save
263 %attr(755,root,root) %{_sbindir}/iptables-batch
264 %attr(755,root,root) %{_sbindir}/ip6tables-batch
266 %attr(755,root,root) %{_sbindir}/nfnl_osf
267 %attr(755,root,root) %{_sbindir}/xtables-multi
269 %dir %{_libdir}/xtables
270 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
271 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
272 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
273 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
274 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
275 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
276 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
277 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
278 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
279 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
280 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
281 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
282 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
283 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
285 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
289 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
290 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
291 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
292 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
293 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
294 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
295 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
296 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
297 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
298 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
299 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
300 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
301 # disabled, see above
302 #%attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
303 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
304 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
305 %attr(755,root,root) %{_libdir}/xtables/libxt_AUDIT.so
306 %attr(755,root,root) %{_libdir}/xtables/libxt_CHECKSUM.so
307 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
308 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
309 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
310 %attr(755,root,root) %{_libdir}/xtables/libxt_CT.so
311 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
312 %attr(755,root,root) %{_libdir}/xtables/libxt_IDLETIMER.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_LED.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_SET.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_TEE.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_cluster.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_cpu.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_devgroup.so
337 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
338 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
339 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
340 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
341 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
342 %attr(755,root,root) %{_libdir}/xtables/libxt_ipvs.so
343 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
344 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
345 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
346 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
347 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
348 %attr(755,root,root) %{_libdir}/xtables/libxt_osf.so
349 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
350 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
351 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
352 %attr(755,root,root) %{_libdir}/xtables/libxt_policy.so
353 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
354 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
355 %attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
356 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
357 %attr(755,root,root) %{_libdir}/xtables/libxt_set.so
358 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
359 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
360 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
361 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
362 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
363 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
364 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
365 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
366 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
367 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
368 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
369 %{?with_ipt_IPV4OPTSSTRIP:%attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so}
370 %{?with_ipt_rpc:%attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so}
371 %{?with_xt_layer7:%attr(755,root,root) %{_libdir}/xtables/libxt_layer7.so}
372 %{_mandir}/man1/iptables-xml.1*
373 %{_mandir}/man8/ip6tables.8*
374 %{_mandir}/man8/ip6tables-restore.8*
375 %{_mandir}/man8/ip6tables-save.8*
376 %{_mandir}/man8/iptables.8*
377 %{_mandir}/man8/iptables-restore.8*
378 %{_mandir}/man8/iptables-save.8*
381 %defattr(644,root,root,755)
382 %attr(755,root,root) %{_libdir}/libip4tc.so.*.*.*
383 %attr(755,root,root) %ghost %{_libdir}/libip4tc.so.0
384 %attr(755,root,root) %{_libdir}/libip6tc.so.*.*.*
385 %attr(755,root,root) %ghost %{_libdir}/libip6tc.so.0
386 %attr(755,root,root) %{_libdir}/libipq.so.*.*.*
387 %attr(755,root,root) %ghost %{_libdir}/libipq.so.0
388 %attr(755,root,root) %{_libdir}/libxtables.so.*.*.*
389 %attr(755,root,root) %ghost %{_libdir}/libxtables.so.7
392 %defattr(644,root,root,755)
393 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
394 %attr(755,root,root) %{_libdir}/libip4tc.so
395 %attr(755,root,root) %{_libdir}/libip6tc.so
396 %attr(755,root,root) %{_libdir}/libipq.so
397 %attr(755,root,root) %{_libdir}/libxtables.so
398 %{_libdir}/libip4tc.la
399 %{_libdir}/libip6tc.la
401 %{_libdir}/libxtables.la
402 %{_includedir}/libipq.h
403 %{_includedir}/xtables.h
404 %{_includedir}/libiptc
405 %{_pkgconfigdir}/libip4tc.pc
406 %{_pkgconfigdir}/libip6tc.pc
407 %{_pkgconfigdir}/libipq.pc
408 %{_pkgconfigdir}/libiptc.pc
409 %{_pkgconfigdir}/xtables.pc
410 %{_mandir}/man3/ipq_*.3*
411 %{_mandir}/man3/libipq.3*
415 %defattr(644,root,root,755)
416 %{_libdir}/libip4tc.a
417 %{_libdir}/libip6tc.a
419 %{_libdir}/libxtables.a
423 %defattr(644,root,root,755)
424 %attr(754,root,root) /etc/rc.d/init.d/iptables
425 %attr(754,root,root) /etc/rc.d/init.d/ip6tables
426 %config(noreplace) %verify(not md5 mtime size) /etc/init/%{name}.conf
427 %config(noreplace) %verify(not md5 mtime size) /etc/init/%{name6}.conf
projects / packages / iptables.git / blob