#
# Conditional build:
%bcond_without	doc		# without documentation (HOWTOS) which needed TeX
%bcond_without	dist_kernel	# without distribution kernel
#
%define		netfilter_snap		20040629
%define		iptables_version	1.2.11
%define		llh_version		7:2.6.7.0-2
%define		name6			ip6tables
#
Summary:	Extensible packet filtering system && extensible NAT system
Summary(pl):	System filtrowania pakietów oraz system translacji adresów (NAT)
Summary(pt_BR):	Ferramenta para controlar a filtragem de pacotes no kernel-2.4.x
Summary(ru):	õÔÉÌÉÔÙ ÄÌÑ ÕÐÒÁ×ÌÅÎÉÑ ÐÁËÅÔÎÙÍÉ ÆÉÌØÔÒÁÍÉ ÑÄÒÁ Linux
Summary(uk):	õÔÉ̦ÔÉ ÄÌÑ ËÅÒÕ×ÁÎÎÑ ÐÁËÅÔÎÉÍÉ Æ¦ÌØÔÒÁÍÉ ÑÄÒÁ Linux
Summary(zh_CN):	LinuxÄں˰ü¹ýÂ˹ÜÀí¹¤¾ß
Name:		iptables
%if %{netfilter_snap} != 0
Version:	%{iptables_version}_%{netfilter_snap}
%else
Version:	%{iptables_version}
%endif
%define		_rel	1
Release:	%{_rel}@%{_kernel_ver_str}
License:	GPL
Group:		Networking/Daemons
URL:		http://www.netfilter.org/
Vendor:		Netfilter mailing list <netfilter@lists.samba.org>
%if %{netfilter_snap} != 0
Source0:	%{name}-%{iptables_version}_%{netfilter_snap}.tar.bz2
%else
Source0:	http://www.netfilter.org/files/%{name}-%{version}.tar.bz2
%endif
Source1:	cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
# Source1-md5:	2ed2b452daefe70ededd75dc0061fd07
Source2:	%{name}.init
Source3:	%{name6}.init
Patch0:		%{name}-netfilter.patch
Patch1:		%{name}-Makefile.patch
Patch2:		%{name}-1.2.9-ipt_imq.patch
Patch3:		%{name}-libipt_time.patch
%if %{with doc}
BuildRequires:	sgml-tools
BuildRequires:	sgmls
BuildRequires:	tetex-dvips
BuildRequires:	tetex-latex
BuildRequires:	tetex-format-latex
BuildRequires:	tetex-tex-babel
BuildRequires:	sed >= 4.0
%endif
%if %{with dist_kernel} && %{netfilter_snap} != 0
BuildRequires:	kernel-headers(netfilter) = %{netfilter_snap}
BuildRequires:	kernel-source
Requires:	kernel(netfilter) = %{netfilter_snap}
%endif
BuildRequires:	linux-libc-headers >= %{llh_version}
BuildConflicts:	kernel-headers < 2.3.0
Provides:	firewall-userspace-tool
Obsoletes:	netfilter
Obsoletes:	ipchains
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%description
An extensible NAT system, and an extensible packet filtering system.
Replacement of ipchains in 2.4 kernels.

%description -l pl
Wydajny system translacji adresów (NAT) oraz system filtrowania
pakietów. Zamiennik ipchains w j±drach 2.4

%description -l pt_BR
Esta é a ferramenta que controla o código de filtragem de pacotes do
kernel 2.4, obsoletando ipchains. Com esta ferramenta você pode
configurar filtros de pacotes, NAT, mascaramento (masquerading),
regras dinâmicas (stateful inspection), etc.

%description -l ru
iptables ÕÐÒÁ×ÌÑÀÔ ËÏÄÏÍ ÆÉÌØÔÒÁÃÉÉ ÓÅÔÅ×ÙÈ ÐÁËÅÔÏ× × ÑÄÒÅ Linux. ïÎÉ
ÐÏÚ×ÏÌÑÀÔ ×ÁÍ ÕÓÔÁÎÁ×ÌÉ×ÁÔØ ÍÅÖÓÅÔÅ×ÙÅ ÜËÒÁÎÙ (firewalls) É IP
ÍÁÓËÁÒÁÄÉÎÇ, É Ô.Ð.

%description -l uk
iptables ÕÐÒÁ×ÌÑÀÔØ ËÏÄÏÍ Æ¦ÌØÔÒÁæ§ ÐÁËÅÔ¦× ÍÅÒÅÖ¦ × ÑÄÒ¦ Linux. ÷ÏÎÉ
ÄÏÚ×ÏÌÑÀÔØ ×ÁÍ ×ÓÔÁÎÏ×ÌÀ×ÁÔÉ Í¦ÖÍÅÒÅÖÅצ ÅËÒÁÎÉ (firewalls) ÔÁ IP
ÍÁÓËÁÒÁÄÉÎÇ, ÔÏÝÏ.

%package devel
Summary:	Libraries and headers for developing iptables extensions
Summary(pl):	Biblioteki i nag³ówki do tworzenia rozszerzeñ iptables
Group:		Development/Libraries
Requires:	%{name} = %{version}-%{release}

%description devel
Libraries and headers for developing iptables extensions.

%description devel -l pl
Biblioteki i pliki nag³ówkowe niezbêdne do tworzenia rozszerzeñ dla
iptables.

%package init
Summary:	Iptables init (RedHat style)
Summary(pl):	Iptables init (w stylu RedHata)
Group:		Networking/Admin
PreReq:		rc-scripts
Requires(post,preun):	/sbin/chkconfig
Requires:	%{name}
Obsoletes:	firewall-init
Obsoletes:	firewall-init-ipchains

%description init
Iptables-init is meant to provide an alternate way than firewall-init
to start and stop packet filtering through iptables(8).

%description init -l pl
Iptables-init ma na celu udostêpnienie alternatywnego w stosunku do
firewall-init sposobu w³±czania i wy³±czania filtrów IP j±dra poprzez
iptables(8).

%prep
%setup -q -a1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1

# removed broken ...
#%rm -f extensions/.set-test

chmod 755 extensions/.*-test*

%build
%{__make} all experimental \
	CC="%{__cc}" \
	COPT_FLAGS="%{rpmcflags} -D%{!?debug:N}DEBUG" \
	KERNEL_DIR="%{_kernelsrcdir}" \
	LIBDIR="%{_libdir}"

%if %{with doc}
%{__make} -C iptables-howtos
sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
%endif

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_initrddir},%{_includedir},%{_libdir},%{_mandir}/man3,}

echo ".so iptables-save.8" > %{name6}-save.8
echo ".so iptables-restore.8" > %{name6}-restore.8

%{__make} install install-experimental \
	DESTDIR=$RPM_BUILD_ROOT \
	BINDIR=%{_sbindir} \
	MANDIR=%{_mandir} \
	LIBDIR=%{_libdir}

echo ".so iptables.8" > $RPM_BUILD_ROOT%{_mandir}/man8/%{name6}.8

# Devel stuff
cp -a include/{lib*,ip*} $RPM_BUILD_ROOT%{_includedir}
install lib*/lib*.a $RPM_BUILD_ROOT%{_libdir}
install libipq/*.3 $RPM_BUILD_ROOT%{_mandir}/man3

install %{SOURCE2} $RPM_BUILD_ROOT%{_initrddir}/%{name}
install %{SOURCE3} $RPM_BUILD_ROOT%{_initrddir}/%{name6}

%clean
rm -rf $RPM_BUILD_ROOT

%post init
/sbin/chkconfig --add %{name}
/sbin/chkconfig --add %{name6}

%preun init
if [ "$1" = "0" ]; then
	/sbin/chkconfig --del %{name}
	/sbin/chkconfig --del %{name6}
fi

%files
%defattr(644,root,root,755)
%{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
%attr(755,root,root) %{_sbindir}/*
%dir %{_libdir}/iptables
%attr(755,root,root) %{_libdir}/iptables/*.so
%{_mandir}/man8/*

%files devel
%defattr(644,root,root,755)
%{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
%{_libdir}/lib*.a
%{_includedir}/*.h
%dir %{_includedir}/libip*
%{_includedir}/libip*/*.h
%{_mandir}/man3/*

%files init
%defattr(644,root,root,755)
%attr(754,root,root) %{_initrddir}/*