3 # - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
4 # - owner needs rewrite to xt
5 # - add manual sections from xtable-addons
6 # - ACCOUNT has been removed from iptables-20070806.patch, now should be taken
7 # from http://www.intra2net.com/de/produkte/opensource/ipt_account/libipt_ACCOUNT-1.3.tar.gz
10 %bcond_without doc # without documentation (HOWTOS) which needed TeX
11 %bcond_without dist_kernel # without distribution kernel
12 %bcond_without vserver # kernel build without vserver
13 %bcond_with batch # build iptables-batch
16 %define netfilter_snap 20070806
17 %define llh_version 7:2.6.22.1
18 %define name6 ip6tables
19 Summary: Extensible packet filtering system && extensible NAT system
20 Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
21 Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
22 Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
23 Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
24 Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
29 Group: Networking/Admin
30 Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
31 # Source0-md5: fbadfb0b5f2dbda49e0ad06a798898e3
32 Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
33 # Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
35 Source3: %{name6}.init
36 Patch0: %{name}-%{netfilter_snap}.patch
37 Patch1: %{name}-man.patch
38 # based on http://www.linuximq.net/patchs/iptables-1.4.6-imq.diff
39 Patch2: %{name}-imq.patch
40 # http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.patch
41 Patch3: %{name}-tproxy.patch
42 Patch4: %{name}-stealth.patch
43 # almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
44 # http://switch.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
45 Patch5: %{name}-layer7.patch
46 Patch6: %{name}-old-1.3.7.patch
47 # based on http://www.svn.barbara.eu.org/ipt_account/attachment/wiki/Software/ipt_account-0.1.21-20070804164729.tar.gz?format=raw
48 Patch7: %{name}-account.patch
49 # http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch
50 Patch8: %{name}-1.3.5-owner-xid.patch
51 Patch9: %{name}-batch.patch
52 Patch10: %{name}-headers.patch
53 Patch11: %{name}-owner-struct-size-vs.patch
54 Patch999: %{name}-llh-dirty-hack.patch
55 URL: http://www.netfilter.org/
56 BuildRequires: autoconf
57 BuildRequires: automake
59 BuildRequires: libtool
61 BuildRequires: sed >= 4.0
62 BuildRequires: sgml-tools
64 BuildRequires: tetex-dvips
65 BuildRequires: tetex-format-latex
66 BuildRequires: tetex-latex
67 BuildRequires: tetex-tex-babel
69 %if %{with dist_kernel} && %{netfilter_snap} != 0
70 BuildRequires: kernel%{_alt_kernel}-headers(netfilter) >= %{netfilter_snap}
71 BuildRequires: kernel%{_alt_kernel}-source
73 #BuildRequires: linux-libc-headers >= %{llh_version}
74 BuildConflicts: kernel-headers < 2.3.0
75 Provides: firewall-userspace-tool
77 Obsoletes: iptables-ipp2p
78 Obsoletes: iptables24-compat
80 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
83 An extensible NAT system, and an extensible packet filtering system.
84 Replacement of ipchains in 2.4 and higher kernels.
86 %description -l pl.UTF-8
87 Wydajny system translacji adresów (NAT) oraz system filtrowania
88 pakietów. Zamiennik ipchains w jądrach 2.4 i nowszych.
90 %description -l pt_BR.UTF-8
91 Esta é a ferramenta que controla o código de filtragem de pacotes do
92 kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
93 configurar filtros de pacotes, NAT, mascaramento (masquerading),
94 regras dinâmicas (stateful inspection), etc.
96 %description -l ru.UTF-8
97 iptables управляют кодом фильтрации сетевых пакетов в ядре Linux. Они
98 позволяют вам устанавливать межсетевые экраны (firewalls) и IP
101 %description -l uk.UTF-8
102 iptables управляють кодом фільтрації пакетів мережі в ядрі Linux. Вони
103 дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
107 Summary: iptables libraries
108 Summary(pl.UTF-8): Biblioteki iptables
110 Conflicts: iptables < 1.4.3-1
115 %description libs -l pl.UTF-8
119 Summary: Libraries and headers for developing iptables extensions
120 Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
121 Group: Development/Libraries
122 Requires: %{name}-libs = %{epoch}:%{version}-%{release}
123 Obsoletes: iptables24-devel
126 Libraries and headers for developing iptables extensions.
128 %description devel -l pl.UTF-8
129 Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
133 Summary: Static iptables libraries
134 Summary(pl.UTF-8): Biblioteki statyczne iptables
135 Group: Development/Libraries
136 Requires: %{name}-devel = %{epoch}:%{version}-%{release}
139 Static iptables libraries.
141 %description devel -l pl.UTF-8
142 Biblioteki statyczne iptables.
145 Summary: Iptables init (RedHat style)
146 Summary(pl.UTF-8): Iptables init (w stylu RedHata)
147 Group: Networking/Admin
148 Requires(post,preun): /sbin/chkconfig
151 Obsoletes: firewall-init
152 Obsoletes: firewall-init-ipchains
153 Obsoletes: iptables24-init
156 Iptables-init is meant to provide an alternate way than firewall-init
157 to start and stop packet filtering through iptables(8).
159 %description init -l pl.UTF-8
160 Iptables-init ma na celu udostępnienie alternatywnego w stosunku do
161 firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
185 chmod 755 extensions/.*-test*
193 --with-kbuild=%{_kernelsrcdir} \
194 --with-ksource=%{_kernelsrcdir} \
197 %{?with_static:--enable-static} \
202 CFLAGS="%{rpmcflags} %{rpmcppflags} -D%{!?debug:N}DEBUG" \
203 KERNEL_DIR="%{_kernelsrcdir}" \
204 LIBDIR="%{_libdir}" \
209 %{__make} -j1 -C iptables-howtos
210 sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
213 # Make a library, needed for OpenVCP
214 ar rcs libiptables.a iptables*.o
215 ar rcs libip6tables.a ip6tables*.o
218 rm -rf $RPM_BUILD_ROOT
219 install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
222 DESTDIR=$RPM_BUILD_ROOT \
227 # install library needed for collectd:
228 #install libiptc/libiptc.a $RPM_BUILD_ROOT%{_libdir}
230 install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
231 install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
234 rm -rf $RPM_BUILD_ROOT
236 %post libs -p /sbin/ldconfig
237 %postun libs -p /sbin/ldconfig
240 /sbin/chkconfig --add %{name}
241 /sbin/chkconfig --add %{name6}
244 if [ "$1" = "0" ]; then
245 /sbin/chkconfig --del %{name}
246 /sbin/chkconfig --del %{name6}
250 %defattr(644,root,root,755)
251 %{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
252 %attr(755,root,root) %{_bindir}/iptables-xml
253 %attr(755,root,root) %{_sbindir}/iptables
254 %attr(755,root,root) %{_sbindir}/iptables-multi
255 %attr(755,root,root) %{_sbindir}/iptables-restore
256 %attr(755,root,root) %{_sbindir}/iptables-save
257 %attr(755,root,root) %{_sbindir}/ip6tables
258 %attr(755,root,root) %{_sbindir}/ip6tables-multi
259 %attr(755,root,root) %{_sbindir}/ip6tables-restore
260 %attr(755,root,root) %{_sbindir}/ip6tables-save
262 %attr(755,root,root) %{_sbindir}/iptables-batch
263 %attr(755,root,root) %{_sbindir}/ip6tables-batch
265 %attr(755,root,root) %{_sbindir}/nfnl_osf
266 %dir %{_libdir}/xtables
268 %if %{with dist_kernel}
269 %attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
270 %attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
271 %attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
272 %attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
273 %attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
274 %attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
275 %attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
276 %attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
277 %attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
278 %attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
279 %attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
280 #%attr(755,root,root) %{_libdir}/xtables/libip6t_policy.so
281 %attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
282 %attr(755,root,root) %{_libdir}/xtables/libip6t_ROUTE.so
283 %attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
284 %attr(755,root,root) %{_libdir}/xtables/libipt_account.so
285 #attr(755,root,root) %{_libdir}/xtables/libipt_ACCOUNT.so
286 %attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
287 %attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
288 %attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
289 %attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
290 %attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
291 %attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
292 %attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
293 %attr(755,root,root) %{_libdir}/xtables/libipt_ipv4options.so
294 %attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so
295 %attr(755,root,root) %{_libdir}/xtables/libipt_layer7.so
296 %attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
297 %attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
298 %attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
299 %attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
300 #%attr(755,root,root) %{_libdir}/xtables/libipt_policy.so
301 %attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
302 %attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
303 %attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
304 %attr(755,root,root) %{_libdir}/xtables/libipt_ROUTE.so
305 %attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so
306 %attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
307 %attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
308 %attr(755,root,root) %{_libdir}/xtables/libipt_stealth.so
309 %attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
310 %attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
311 %attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
312 %attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
313 %attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
314 %attr(755,root,root) %{_libdir}/xtables/libxt_cluster.so
315 %attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
316 %attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
317 %attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
318 %attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
319 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
320 %attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
321 %attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
322 %attr(755,root,root) %{_libdir}/xtables/libxt_CT.so
323 %attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
324 %attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
325 %attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
326 %attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
327 %attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
328 %attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
329 %attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
330 %attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
331 %attr(755,root,root) %{_libdir}/xtables/libxt_LED.so
332 %attr(755,root,root) %{_libdir}/xtables/libxt_length.so
333 %attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
334 %attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
335 %attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
336 %attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
337 %attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
338 %attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
339 %attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
340 %attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
341 %attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
342 %attr(755,root,root) %{_libdir}/xtables/libxt_osf.so
343 %attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
344 %attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
345 %attr(755,root,root) %{_libdir}/xtables/libxt_policy.so
346 %attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
347 %attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
348 %attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
349 %attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
350 %attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
351 %attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
352 %attr(755,root,root) %{_libdir}/xtables/libxt_set.so
353 %attr(755,root,root) %{_libdir}/xtables/libxt_SET.so
354 %attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
355 %attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
356 %attr(755,root,root) %{_libdir}/xtables/libxt_state.so
357 %attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
358 %attr(755,root,root) %{_libdir}/xtables/libxt_string.so
359 %attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
360 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
361 %attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
362 %attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
363 %attr(755,root,root) %{_libdir}/xtables/libxt_TEE.so
364 %attr(755,root,root) %{_libdir}/xtables/libxt_time.so
365 %attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
366 %attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
367 %attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
368 %attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
369 %attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
370 %attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
372 %attr(755,root,root) %{_libdir}/xtables/*.so
377 %defattr(644,root,root,755)
378 %attr(755,root,root) %ghost %{_libdir}/libipq.so.0
379 %attr(755,root,root) %{_libdir}/libipq.so.*.*
380 %attr(755,root,root) %ghost %{_libdir}/libiptc.so.0
381 %attr(755,root,root) %{_libdir}/libiptc.so.*.*
382 %attr(755,root,root) %ghost %{_libdir}/libip4tc.so.0
383 %attr(755,root,root) %{_libdir}/libip4tc.so.*.*
384 %attr(755,root,root) %ghost %{_libdir}/libip6tc.so.0
385 %attr(755,root,root) %{_libdir}/libip6tc.so.*.*
386 %attr(755,root,root) %ghost %{_libdir}/libxtables.so.5
387 %attr(755,root,root) %{_libdir}/libxtables.so.*.*
390 %defattr(644,root,root,755)
391 %{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
392 %attr(755,root,root) %{_libdir}/lib*.so
395 %{_includedir}/libiptc
396 %{_pkgconfigdir}/*.pc
401 %defattr(644,root,root,755)
406 %defattr(644,root,root,755)
407 %attr(754,root,root) /etc/rc.d/init.d/iptables
408 %attr(754,root,root) /etc/rc.d/init.d/ip6tables