#
# TODO:
+# - update BR to real required llh version
+# - check if kernel-headers are still required to properly build iptabels for dist kernel
# - fix makefile (-D_UNKNOWN_KERNEL_POINTER_SIZE issue)
-# - owner needs rewrite to xt
-# - batch needs update/rewrite
-# - add manual sections from xtable-addons
-# - ACCOUNT has been removed from iptables-20070806.patch, now should be taken
-# from http://www.intra2net.com/de/produkte/opensource/ipt_account/libipt_ACCOUNT-1.3.tar.gz
+# - think what to do with the useless 'ebtables' wrapper. The original old
+# ebtables is still needed e.g. for libvirt's nwfilter
#
# Conditional build:
%bcond_without doc # without documentation (HOWTOS) which needed TeX
%bcond_without dist_kernel # without distribution kernel
-%bcond_without vserver # kernel build without vserver
-#
-%define netfilter_snap 20070806
-%define llh_version 7:2.6.22.1
-%define name6 ip6tables
-%define _rc rc1
-#
-%define rel 7.%{_rc}.1
+%bcond_without nftables # nftables compatibility
+%bcond_without pcap # pcap-dependend utils (nfbpf_compile, nfsynproxy)
+%bcond_with vserver # build xt_owner module for non-dist kernel with vserver support
+%bcond_with batch # build iptables-batch
+%bcond_with static # build static libraries, no dynamic modules (all linked into binaries)
+%bcond_with ipt_IPV4OPTSSTRIP # enable ipt_IPV4OPTSSTRIP for non-dist kernel
+%bcond_with ipt_rpc # enable ipt_rpc for non-dist kernel
+%bcond_with xt_layer7 # enable xt_layer7 for non-dist kernel
+%bcond_with usekernelsrc # include kernel headers from %{_kernelsrcdir}
+
+%if %{with dist_kernel}
+%define with_ipt_IPV4OPTSSTRIP 1
+%define with_ipt_rpc 1
+%define with_xt_layer7 1
+%endif
+
+%define orgname iptables
+%define name6 ip6tables
+
Summary: Extensible packet filtering system && extensible NAT system
Summary(pl.UTF-8): System filtrowania pakietów oraz system translacji adresów (NAT)
Summary(pt_BR.UTF-8): Ferramenta para controlar a filtragem de pacotes no kernel-2.6.x
Summary(ru.UTF-8): Утилиты для управления пакетными фильтрами ядра Linux
Summary(uk.UTF-8): Утиліти для керування пакетними фільтрами ядра Linux
Summary(zh_CN.UTF-8): Linux内核包过滤管理工具
-Name: iptables
-Version: 1.4.1
-Release: %{rel}
-License: GPL
-Group: Networking/Daemons
-#Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}.tar.bz2
-Source0: ftp://ftp.netfilter.org/pub/iptables/%{name}-%{version}-rc1.tar.bz2
-# Source0-md5: 36a4921fa21ec4b99cc68cd9c4d0e080
-Source1: cvs://cvs.samba.org/netfilter/%{name}-howtos.tar.bz2
+Name: iptables%{?with_vserver:-vserver}
+Version: 1.6.1
+Release: 5
+License: GPL v2
+Group: Networking/Admin
+Source0: ftp://ftp.netfilter.org/pub/iptables/%{orgname}-%{version}.tar.bz2
+# Source0-md5: ab38a33806b6182c6f53d6afb4619add
+Source1: cvs://cvs.samba.org/netfilter/%{orgname}-howtos.tar.bz2
# Source1-md5: 2ed2b452daefe70ededd75dc0061fd07
-Source2: %{name}.init
+Source2: %{orgname}.init
Source3: %{name6}.init
-Patch0: %{name}-%{netfilter_snap}.patch
-Patch1: %{name}-man.patch
-# based on http://www.linuximq.net/patchs/iptables-1.4.0-imq.diff
-Patch2: %{name}-imq.patch
-# http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.patch
-Patch3: %{name}-tproxy.patch
-Patch4: %{name}-stealth.patch
-# almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
-# http://switch.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.tar.gz
-Patch5: %{name}-layer7.patch
-Patch6: %{name}-old-1.3.7.patch
-# based on http://www.svn.barbara.eu.org/ipt_account/attachment/wiki/Software/ipt_account-0.1.21-20070804164729.tar.gz?format=raw
-Patch7: %{name}-account.patch
-# http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch
-Patch8: %{name}-1.3.5-owner-xid.patch
-Patch9: %{name}-batch.patch
-Patch10: %{name}-glibc28.patch
-Patch999: %{name}-llh-dirty-hack.patch
+Source6: %{orgname}-config
+Source7: %{name6}-config
+Source8: %{orgname}.service
+Source9: %{name6}.service
+# these are not compatible with this package! there are no ebtables-save and ebtables-restore here
+Source10: ebtables.init
+Source11: ebtables-config
+Source12: ebtables.service
+# --- GENERAL CHANGES (patches<10):
+Patch0: %{orgname}-man.patch
+# additional utils; off by default
+Patch1: %{orgname}-batch.patch
+Patch2: no-libiptc.patch
+Patch3: %{orgname}-aligned_u64.patch
+Patch4: %{orgname}-ebtables.patch
+Patch5: ebtables-X.patch
+# --- ADDITIONAL/CHANGED EXTENSIONS:
+# just ipt_IPV4OPTSSTRIP now
+Patch10: %{orgname}-20070806.patch
+# xt_layer7; almost based on iptables-1.4-for-kernel-2.6.20forward-layer7-2.18.patch
+# http://downloads.sourceforge.net/l7-filter/netfilter-layer7-v2.18.tar.gz
+Patch11: %{orgname}-layer7.patch
+# ipt_rpc
+Patch12: %{orgname}-old-1.3.7.patch
+# xt_IMQ; http://linuximq.net/patchs/iptables-1.4.12-IMQ-test4.diff
+Patch13: %{orgname}-imq.patch
+# enhances ipt_owner/ip6t_owner; http://people.linux-vserver.org/~dhozac/p/m/iptables-1.3.5-owner-xid.patch (currently disabled, needs update for xt_owner)
+Patch14: %{orgname}-owner-xid.patch
+# adjusts xt_owner for vserver-enabled kernel
+Patch15: %{orgname}-owner-struct-size-vs.patch
URL: http://www.netfilter.org/
-BuildRequires: autoconf
+BuildRequires: autoconf >= 2.50
BuildRequires: automake
+%{?with_nftables:BuildRequires: bison}
+%{?with_nftables:BuildRequires: flex}
+BuildRequires: groff
+%{?with_nftables:BuildRequires: libmnl-devel >= 1.0}
+BuildRequires: libnetfilter_conntrack-devel >= 1.0.6
+BuildRequires: libnfnetlink-devel >= 1.0
+%{?with_nftables:BuildRequires: libnftnl-devel >= 1.0.5}
+%{?with_pcap:BuildRequires: libpcap-devel}
+BuildRequires: libtool
+BuildRequires: pkgconfig >= 1:0.9.0
+BuildRequires: rpmbuild(macros) >= 1.647
%if %{with doc}
BuildRequires: sed >= 4.0
BuildRequires: sgml-tools
BuildRequires: tetex-format-latex
BuildRequires: tetex-latex
BuildRequires: tetex-tex-babel
+BuildRequires: texlive-fonts-cmsuper
+BuildRequires: texlive-fonts-jknappen
%endif
-%if %{with dist_kernel} && %{netfilter_snap} != 0
-BuildRequires: kernel%{_alt_kernel}-headers(netfilter) >= %{netfilter_snap}
-BuildRequires: kernel%{_alt_kernel}-source
+%if %{with dist_kernel}
+BuildRequires: kernel%{_alt_kernel}-headers(netfilter)
%endif
-#BuildRequires: linux-libc-headers >= %{llh_version}
-BuildConflicts: kernel-headers < 2.3.0
+BuildRequires: linux-libc-headers >= 7:2.6.22.1
+Requires: %{orgname}-libs = %{version}-%{release}
+%{?with_nftables:Requires: libmnl >= 1.0}
+Requires: libnetfilter_conntrack >= 1.0.6
+Requires: libnfnetlink >= 1.0
+%{?with_nftables:Requires: libnftnl >= 1.0.5}
+Provides: arptables
Provides: firewall-userspace-tool
+%{?with_vserver:Provides: iptables = %{version}-%{release}}
+Obsoletes: arptables
Obsoletes: ipchains
-Obsoletes: iptables-ipp2p
Obsoletes: iptables24-compat
Obsoletes: netfilter
-BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+Conflicts: xtables-addons < 1.25
+BuildRoot: %{tmpdir}/%{orgname}-%{version}-root-%(id -u -n)
%description
An extensible NAT system, and an extensible packet filtering system.
дозволяють вам встановлювати міжмережеві екрани (firewalls) та IP
маскарадинг, тощо.
+%package libs
+Summary: iptables libraries
+Summary(pl.UTF-8): Biblioteki iptables
+Group: Libraries
+Conflicts: iptables < 1.4.3-1
+
+%description libs
+iptables libraries.
+
+%description libs -l pl.UTF-8
+Biblioteki iptables.
+
%package devel
Summary: Libraries and headers for developing iptables extensions
Summary(pl.UTF-8): Biblioteki i nagłówki do tworzenia rozszerzeń iptables
Group: Development/Libraries
+Requires: %{orgname}-libs = %{epoch}:%{version}-%{release}
Obsoletes: iptables24-devel
%description devel
Biblioteki i pliki nagłówkowe niezbędne do tworzenia rozszerzeń dla
iptables.
+%package static
+Summary: Static iptables libraries
+Summary(pl.UTF-8): Biblioteki statyczne iptables
+Group: Development/Libraries
+Requires: %{name}-devel = %{epoch}:%{version}-%{release}
+
+%description static
+Static iptables libraries.
+
+%description static -l pl.UTF-8
+Biblioteki statyczne iptables.
+
%package init
Summary: Iptables init (RedHat style)
Summary(pl.UTF-8): Iptables init (w stylu RedHata)
-Release: %{rel}
Group: Networking/Admin
Requires(post,preun): /sbin/chkconfig
-Requires: %{name}
-Requires: rc-scripts
+Requires(post,preun,postun): systemd-units >= 38
+Requires: %{name} = %{version}-%{release}
+Requires: rc-scripts >= 0.4.3.0
+Requires: systemd-units >= 38
Obsoletes: firewall-init
Obsoletes: firewall-init-ipchains
Obsoletes: iptables24-init
+%{?with_vserver:Provides: iptables-init = %{version}-%{release}}
%description init
Iptables-init is meant to provide an alternate way than firewall-init
firewall-init sposobu włączania i wyłączania filtrów IP jądra poprzez
iptables(8).
+%package ebtables
+Summary: Ethernet Bridge Tables - xtables compatibility wrapper
+Summary(pl.UTF-8): Ethernet Bridge Tables – nakładka kompatybilności na xtables
+Group: Networking/Admin
+Requires(post,preun): /sbin/chkconfig
+Requires(post,preun,postun): systemd-units >= 38
+Requires: %{name}
+Requires: rc-scripts >= 0.4.3.0
+Requires: systemd-units >= 38
+# do not 'provide' something this is not really compatible with
+#Provides: ebtables
+Obsoletes: ebtables
+%{?with_vserver:Provides: ebtables = %{version}-%{release}}
+
+%description ebtables
+ebtables is a tool for managing Linux 2.5.x (and above) Link Layer firewalling
+subsystem.
+
+This package contains a compatibility wrapper over xtables providing some
+functionality of the original ebtables tool.
+
+Note: this is not really a fully-compatible drop-in replacement!
+
%prep
-%setup -q -n %{name}-%{version}-%{_rc} -a1
+%setup -q -n iptables-%{version} -a1
%patch0 -p1
+%if %{with batch}
%patch1 -p1
+%endif
%patch2 -p1
-%patch3 -p0
+%patch3 -p1
%patch4 -p1
%patch5 -p1
-%patch6 -p1
-%patch7 -p1
+
+%{?with_ipt_IPV4OPTSSTRIP:%patch10 -p1}
+%{?with_xt_layer7:%patch11 -p1}
+%{?with_ipt_rpc:%patch12 -p1}
+%patch13 -p1
%if %{with vserver}
-#patch8 -p1
+%patch14 -p1
+%patch15 -p1
%endif
-#patch9 -p0
-%patch10 -p1
-
-#patch999 -p1
-
-chmod 755 extensions/.*-test*
%build
-%{__aclocal}
+%{__libtoolize}
+%{__aclocal} -I m4
+%{__autoconf}
+%{__autoheader}
%{__automake}
%configure \
- --with-kbuild=%{_kernelsrcdir} \
- --with-ksource=%{_kernelsrcdir} \
- --enable-devel \
+ CFLAGS="%{rpmcflags} %{rpmcppflags} -D%{!?debug:N}DEBUG" \
+ %{?with_usekernelsrc:--with-kernel=%{_kernelsrcdir}} \
+ %{?with_pcap:--enable-bpf-compiler} \
--enable-libipq \
- --enable-shared
+ %{?with_pcap:--enable-nfsynproxy} \
+ %{!?with_nftables:--disable-nftables} \
+ %{?with_static:--enable-static}
%{__make} -j1 all \
- CC="%{__cc}" \
- CFLAGS="%{rpmcflags} -D%{!?debug:N}DEBUG" \
- KERNEL_DIR="%{_kernelsrcdir}" \
- LIBDIR="%{_libdir}" \
- DO_SELINUX=1 \
- LDLIBS="-ldl"
+ V=1
%if %{with doc}
%{__make} -j1 -C iptables-howtos
sed -i 's:$(HTML_HOWTOS)::g; s:$(PSUS_HOWTOS)::g' iptables-howtos/Makefile
%endif
-# Make a library, needed for OpenVCP
-ar rcs libiptables.a iptables.o
-ar rcs libip6tables.a ip6tables.o
-
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{/etc/rc.d/init.d,%{_includedir},%{_libdir},%{_mandir}/man3}
+install -d $RPM_BUILD_ROOT/etc/{rc.d/init.d,sysconfig} \
+ $RPM_BUILD_ROOT{%{_includedir},%{_libdir},%{_mandir}/man3} \
+ $RPM_BUILD_ROOT%{systemdunitdir}
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT \
MANDIR=%{_mandir} \
LIBDIR=%{_libdir}
-#install iptables-batch $RPM_BUILD_ROOT%{_sbindir}
-#install ip6tables-batch $RPM_BUILD_ROOT%{_sbindir}
+# not installed; provide so we can obsolete arptables and ebtables packages
+ln -sf xtables-compat-multi $RPM_BUILD_ROOT%{_sbindir}/arptables
+ln -sf xtables-compat-multi $RPM_BUILD_ROOT%{_sbindir}/ebtables
-install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
-install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
+# upstream solution with empty library with two DT_NEEDED entries doesn't work
+# with PLD's default LDFLAGS (--as-needed --no-copy-dt-needed-entries);
+# use ld script instead (see no-libiptc.patch for source)
+cp -p libiptc/libiptc.ld $RPM_BUILD_ROOT%{_libdir}/libiptc.so
+
+install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{orgname}
+install -p %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name6}
+
+install -p %{SOURCE6} $RPM_BUILD_ROOT/etc/sysconfig/%{orgname}-config
+install -p %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/%{name6}-config
+
+install -p %{SOURCE8} $RPM_BUILD_ROOT%{systemdunitdir}/%{orgname}.service
+install -p %{SOURCE9} $RPM_BUILD_ROOT%{systemdunitdir}/%{name6}.service
+
+# these won't work as they are now
+#install -p %{SOURCE10} $RPM_BUILD_ROOT/etc/rc.d/init.d/ebtables
+#install -p %{SOURCE11} $RPM_BUILD_ROOT/etc/sysconfig/ebtables-config
+#install -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}/ebtables.service
%clean
rm -rf $RPM_BUILD_ROOT
+%post libs -p /sbin/ldconfig
+%postun libs -p /sbin/ldconfig
+
%post init
-/sbin/chkconfig --add %{name}
+/sbin/chkconfig --add %{orgname}
/sbin/chkconfig --add %{name6}
+%systemd_post %{orgname}.service %{name6}.service
%preun init
if [ "$1" = "0" ]; then
- /sbin/chkconfig --del %{name}
+ /sbin/chkconfig --del %{orgname}
/sbin/chkconfig --del %{name6}
fi
+%systemd_preun %{orgname}.service %{name6}.service
+
+%postun init
+%systemd_reload
+
+%triggerpostun init -- %{orgname}-init < 1.4.13-2
+%systemd_trigger %{orgname}.service %{name6}.service
%files
%defattr(644,root,root,755)
%{?with_doc:%doc iptables-howtos/{NAT,networking-concepts,packet-filtering}-HOWTO*}
%attr(755,root,root) %{_bindir}/iptables-xml
+%attr(755,root,root) %{_sbindir}/arptables
%attr(755,root,root) %{_sbindir}/iptables
-#attr(755,root,root) %{_sbindir}/iptables-batch
-%attr(755,root,root) %{_sbindir}/iptables-multi
%attr(755,root,root) %{_sbindir}/iptables-restore
%attr(755,root,root) %{_sbindir}/iptables-save
%attr(755,root,root) %{_sbindir}/ip6tables
-#attr(755,root,root) %{_sbindir}/ip6tables-batch
-%attr(755,root,root) %{_sbindir}/ip6tables-multi
%attr(755,root,root) %{_sbindir}/ip6tables-restore
%attr(755,root,root) %{_sbindir}/ip6tables-save
+%if %{with batch}
+%attr(755,root,root) %{_sbindir}/iptables-batch
+%attr(755,root,root) %{_sbindir}/ip6tables-batch
+%endif
+%attr(755,root,root) %{_sbindir}/nfnl_osf
+%if %{with pcap}
+%attr(755,root,root) %{_sbindir}/nfbpf_compile
+%attr(755,root,root) %{_sbindir}/nfsynproxy
+%endif
+%attr(755,root,root) %{_sbindir}/xtables-multi
+%if %{with nftables}
+%attr(755,root,root) %{_sbindir}/arptables-compat
+%attr(755,root,root) %{_sbindir}/ebtables-compat
+%attr(755,root,root) %{_sbindir}/iptables-compat
+%attr(755,root,root) %{_sbindir}/iptables-compat-restore
+%attr(755,root,root) %{_sbindir}/iptables-compat-save
+%attr(755,root,root) %{_sbindir}/iptables-restore-translate
+%attr(755,root,root) %{_sbindir}/iptables-translate
+%attr(755,root,root) %{_sbindir}/ip6tables-compat
+%attr(755,root,root) %{_sbindir}/ip6tables-compat-restore
+%attr(755,root,root) %{_sbindir}/ip6tables-compat-save
+%attr(755,root,root) %{_sbindir}/ip6tables-restore-translate
+%attr(755,root,root) %{_sbindir}/ip6tables-translate
+%attr(755,root,root) %{_sbindir}/xtables-compat-multi
+%endif
+%{_datadir}/xtables
%dir %{_libdir}/xtables
-%if %{with dist_kernel}
+%attr(755,root,root) %{_libdir}/xtables/libarpt_mangle.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_802_3.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_ip.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_limit.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_log.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_mark.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_mark_m.so
+%attr(755,root,root) %{_libdir}/xtables/libebt_nflog.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_ah.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_dst.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_eui64.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_frag.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_hbh.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_hl.so
-%attr(755,root,root) %{_libdir}/xtables/libip6t_HL.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_icmp6.so
-%attr(755,root,root) %{_libdir}/xtables/libip6t_IMQ.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_ipv6header.so
-%attr(755,root,root) %{_libdir}/xtables/libip6t_LOG.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_mh.so
-%attr(755,root,root) %{_libdir}/xtables/libip6t_policy.so
-%attr(755,root,root) %{_libdir}/xtables/libip6t_REJECT.so
-%attr(755,root,root) %{_libdir}/xtables/libip6t_ROUTE.so
%attr(755,root,root) %{_libdir}/xtables/libip6t_rt.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_account.so
-#attr(755,root,root) %{_libdir}/xtables/libipt_ACCOUNT.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_addrtype.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
%attr(755,root,root) %{_libdir}/xtables/libipt_CLUSTERIP.so
%attr(755,root,root) %{_libdir}/xtables/libipt_DNAT.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_ecn.so
%attr(755,root,root) %{_libdir}/xtables/libipt_ECN.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_IMQ.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_ipv4options.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_layer7.so
%attr(755,root,root) %{_libdir}/xtables/libipt_LOG.so
%attr(755,root,root) %{_libdir}/xtables/libipt_MASQUERADE.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_MIRROR.so
%attr(755,root,root) %{_libdir}/xtables/libipt_NETMAP.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_policy.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_recent.so
%attr(755,root,root) %{_libdir}/xtables/libipt_REDIRECT.so
%attr(755,root,root) %{_libdir}/xtables/libipt_REJECT.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_ROUTE.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_SAME.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_set.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_SET.so
%attr(755,root,root) %{_libdir}/xtables/libipt_SNAT.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
%attr(755,root,root) %{_libdir}/xtables/libipt_TTL.so
%attr(755,root,root) %{_libdir}/xtables/libipt_ULOG.so
-%attr(755,root,root) %{_libdir}/xtables/libipt_unclean.so
+%attr(755,root,root) %{_libdir}/xtables/libipt_ah.so
+%attr(755,root,root) %{_libdir}/xtables/libipt_icmp.so
+%attr(755,root,root) %{_libdir}/xtables/libipt_realm.so
+%attr(755,root,root) %{_libdir}/xtables/libipt_ttl.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_DNAT.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_DNPT.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_MASQUERADE.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_NETMAP.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_REDIRECT.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_SNAT.so
+%attr(755,root,root) %{_libdir}/xtables/libip6t_SNPT.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_AUDIT.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_CHECKSUM.so
%attr(755,root,root) %{_libdir}/xtables/libxt_CLASSIFY.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_CT.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_HMARK.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_IDLETIMER.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_IMQ.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_LED.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_SET.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_SYNPROXY.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_TEE.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_addrtype.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_bpf.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_cgroup.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_cluster.so
%attr(755,root,root) %{_libdir}/xtables/libxt_comment.so
%attr(755,root,root) %{_libdir}/xtables/libxt_connbytes.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_connlabel.so
%attr(755,root,root) %{_libdir}/xtables/libxt_connlimit.so
%attr(755,root,root) %{_libdir}/xtables/libxt_connmark.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_CONNMARK.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_CONNSECMARK.so
%attr(755,root,root) %{_libdir}/xtables/libxt_conntrack.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_cpu.so
%attr(755,root,root) %{_libdir}/xtables/libxt_dccp.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_devgroup.so
%attr(755,root,root) %{_libdir}/xtables/libxt_dscp.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_DSCP.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_ecn.so
%attr(755,root,root) %{_libdir}/xtables/libxt_esp.so
%attr(755,root,root) %{_libdir}/xtables/libxt_hashlimit.so
%attr(755,root,root) %{_libdir}/xtables/libxt_helper.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_ipcomp.so
%attr(755,root,root) %{_libdir}/xtables/libxt_iprange.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_ipvs.so
%attr(755,root,root) %{_libdir}/xtables/libxt_length.so
%attr(755,root,root) %{_libdir}/xtables/libxt_limit.so
%attr(755,root,root) %{_libdir}/xtables/libxt_mac.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_mangle.so
%attr(755,root,root) %{_libdir}/xtables/libxt_mark.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_MARK.so
%attr(755,root,root) %{_libdir}/xtables/libxt_multiport.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_NFLOG.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_NFQUEUE.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_NOTRACK.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_nfacct.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_osf.so
%attr(755,root,root) %{_libdir}/xtables/libxt_owner.so
%attr(755,root,root) %{_libdir}/xtables/libxt_physdev.so
%attr(755,root,root) %{_libdir}/xtables/libxt_pkttype.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_policy.so
%attr(755,root,root) %{_libdir}/xtables/libxt_quota.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_RATEEST.so
%attr(755,root,root) %{_libdir}/xtables/libxt_rateest.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_recent.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_rpfilter.so
%attr(755,root,root) %{_libdir}/xtables/libxt_sctp.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_SECMARK.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_set.so
%attr(755,root,root) %{_libdir}/xtables/libxt_socket.so
%attr(755,root,root) %{_libdir}/xtables/libxt_standard.so
%attr(755,root,root) %{_libdir}/xtables/libxt_state.so
%attr(755,root,root) %{_libdir}/xtables/libxt_statistic.so
%attr(755,root,root) %{_libdir}/xtables/libxt_string.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TCPMSS.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TCPOPTSTRIP.so
%attr(755,root,root) %{_libdir}/xtables/libxt_tcp.so
+%attr(755,root,root) %{_libdir}/xtables/libxt_tcpmss.so
%attr(755,root,root) %{_libdir}/xtables/libxt_time.so
%attr(755,root,root) %{_libdir}/xtables/libxt_tos.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TOS.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TPROXY.so
-%attr(755,root,root) %{_libdir}/xtables/libxt_TRACE.so
%attr(755,root,root) %{_libdir}/xtables/libxt_u32.so
%attr(755,root,root) %{_libdir}/xtables/libxt_udp.so
-%else
-%attr(755,root,root) %{_libdir}/xtables/*.so
-%endif
-%{_mandir}/man8/*
+%{?with_ipt_IPV4OPTSSTRIP:%attr(755,root,root) %{_libdir}/xtables/libipt_IPV4OPTSSTRIP.so}
+%{?with_ipt_rpc:%attr(755,root,root) %{_libdir}/xtables/libipt_rpc.so}
+%{?with_xt_layer7:%attr(755,root,root) %{_libdir}/xtables/libxt_layer7.so}
+%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ethertypes
+%{_mandir}/man1/iptables-xml.1*
+%{_mandir}/man8/ip6tables.8*
+%{_mandir}/man8/ip6tables-restore.8*
+%{_mandir}/man8/ip6tables-save.8*
+%{_mandir}/man8/iptables.8*
+%{_mandir}/man8/iptables-extensions.8*
+%{_mandir}/man8/iptables-restore.8*
+%{_mandir}/man8/iptables-save.8*
+
+%files libs
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/libip4tc.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libip4tc.so.0
+%attr(755,root,root) %{_libdir}/libip6tc.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libip6tc.so.0
+%attr(755,root,root) %{_libdir}/libipq.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libipq.so.0
+%attr(755,root,root) %{_libdir}/libxtables.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libxtables.so.12
%files devel
%defattr(644,root,root,755)
%{?with_doc:%doc iptables-howtos/netfilter-hacking-HOWTO*}
-%{_libdir}/lib*.a
-%{_includedir}/*.h
-%dir %{_includedir}/libip*
-%{_includedir}/libip*/*.h
-%{_mandir}/man3/*
+%attr(755,root,root) %{_libdir}/libip4tc.so
+%attr(755,root,root) %{_libdir}/libip6tc.so
+%attr(755,root,root) %{_libdir}/libipq.so
+%attr(755,root,root) %{_libdir}/libiptc.so
+%attr(755,root,root) %{_libdir}/libxtables.so
+%{_libdir}/libip4tc.la
+%{_libdir}/libip6tc.la
+%{_libdir}/libipq.la
+%{_libdir}/libxtables.la
+%{_includedir}/libipq.h
+%{_includedir}/xtables.h
+%{_includedir}/xtables-version.h
+%{_includedir}/libiptc
+%{_pkgconfigdir}/libip4tc.pc
+%{_pkgconfigdir}/libip6tc.pc
+%{_pkgconfigdir}/libipq.pc
+%{_pkgconfigdir}/libiptc.pc
+%{_pkgconfigdir}/xtables.pc
+%{_mandir}/man3/ipq_*.3*
+%{_mandir}/man3/libipq.3*
+
+%if %{with static}
+%files static
+%defattr(644,root,root,755)
+%{_libdir}/libip4tc.a
+%{_libdir}/libip6tc.a
+%{_libdir}/libipq.a
+%{_libdir}/libxtables.a
+%endif
%files init
%defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{orgname}-config
+%config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/%{name6}-config
%attr(754,root,root) /etc/rc.d/init.d/iptables
%attr(754,root,root) /etc/rc.d/init.d/ip6tables
+%{systemdunitdir}/%{orgname}.service
+%{systemdunitdir}/%{name6}.service
+
+%files ebtables
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_sbindir}/ebtables