Menu
▾
▴
astlinux-commits
|
From: <kr...@us...> - 2006-08-14 01:44:41
|
Revision: 248 Author: krisk84 Date: 2006-08-13 18:44:34 -0700 (Sun, 13 Aug 2006) ViewCVS: http://svn.sourceforge.net/astlinux/?rev=248&view=rev Log Message: ----------- more small arno/astfw/iptables fixes Modified Paths: -------------- trunk/package/iptables/iptables.init trunk/target/generic/target_skeleton/stat/etc/rc.conf trunk/target/generic/target_skeleton/usr/sbin/genkd Modified: trunk/package/iptables/iptables.init =================================================================== --- trunk/package/iptables/iptables.init 2006-08-14 01:13:14 UTC (rev 247) +++ trunk/package/iptables/iptables.init 2006-08-14 01:44:34 UTC (rev 248) @@ -5,24 +5,47 @@ start () { if [ "$INTIF" ] then -if [ "$FWVERS" = "arno" ] + +if [ ! -x /usr/sbin/iptables ] then +echo "You don't have iptables installed." +exit 1 +fi + +if [ "$FWVERS" -a "$FWVERS" = "arno" ] +then + +if [ -x /usr/sbin/arno-iptables-firewall ] /usr/sbin/arno-iptables-firewall start else +echo "You don't have arno iptables firewall installed" +fi + +else echo "Starting iptables..." + if [ -x /mnt/kd/astfw ] then /mnt/kd/astfw else /usr/sbin/astfw fi + fi + fi } stop () { if [ "$INTIF" ] then + +if [ ! -x /usr/sbin/iptables ] +then +echo "You don't have iptables installed." +exit 1 +fi + if [ "$FWVERS" = "arno" ] then /usr/sbin/arno-iptables-firewall stop Modified: trunk/target/generic/target_skeleton/stat/etc/rc.conf =================================================================== --- trunk/target/generic/target_skeleton/stat/etc/rc.conf 2006-08-14 01:13:14 UTC (rev 247) +++ trunk/target/generic/target_skeleton/stat/etc/rc.conf 2006-08-14 01:44:34 UTC (rev 248) @@ -152,14 +152,13 @@ #PPOEIF="w1ad" PPPOEKERNEL="YES" -### Firewall support. Two firewall scripts are now included. Set that variable +### Firewall support. Two firewall scripts are now available. Set that variable ### here. Values are astfw or arno. If not set, defaults to astfw. ### Settings for Arno's firewall should be made by copying the config file from ### /stat/etc/arno-iptables-firewall.conf to /mnt/kd. REBOOT or restart iptables ### If using Arno's firewall, the firewall settings in rc.conf are presently ignored. +FWVERS="astfw" -FWVERS= - ### astfw Firewall (iptables) ##If you have more than one IP on the EXTIF, here is where you configure 1:1 NAT maps Modified: trunk/target/generic/target_skeleton/usr/sbin/genkd =================================================================== --- trunk/target/generic/target_skeleton/usr/sbin/genkd 2006-08-14 01:13:14 UTC (rev 247) +++ trunk/target/generic/target_skeleton/usr/sbin/genkd 2006-08-14 01:44:34 UTC (rev 248) @@ -98,7 +98,6 @@ touch /mnt/kd/dnsmasq.leases fi -cp -a /usr/sbin/astfw /mnt/kd/ cp -a /var/log/asterisk/cdr-csv /mnt/kd/ cp -a /stat/etc/wanpipe /mnt/kd/ cp -a /var/spool/cron/crontabs /mnt/kd/ @@ -110,5 +109,17 @@ touch /mnt/kd/astdb fi +if [ "$FWVERS" -a "$FWVERS" = "arno" ] +then + +if [ -f /stat/etc/arno-iptables-firewall.conf ] +then +cp -a /stat/etc/arno-iptables-firewall.conf /mnt/kd/ +else +echo "You haven't installed the arno iptables firewall." +fi + +fi + echo "Done. I STRONGLY URGE YOU TO REBOOT NOW." echo "Type reboot to cleanly restart now." This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <kr...@us...> - 2006-08-14 01:50:32
|
Revision: 249 Author: krisk84 Date: 2006-08-13 18:50:24 -0700 (Sun, 13 Aug 2006) ViewCVS: http://svn.sourceforge.net/astlinux/?rev=249&view=rev Log Message: ----------- don't install astfw if you don't have iptables Modified Paths: -------------- trunk/package/iptables/iptables.init trunk/package/iptables/iptables.mk Added Paths: ----------- trunk/package/iptables/astfw Removed Paths: ------------- trunk/target/generic/target_skeleton/usr/sbin/astfw Copied: trunk/package/iptables/astfw (from rev 247, trunk/target/generic/target_skeleton/usr/sbin/astfw) =================================================================== --- trunk/package/iptables/astfw (rev 0) +++ trunk/package/iptables/astfw 2006-08-14 01:50:24 UTC (rev 249) @@ -0,0 +1,207 @@ +#!/bin/sh + +. /etc/rc.conf + +if [ "$DENYACT" ] +then +DACTION=$DENYACT +else +DACTION=DROP +fi + +IPBASE=`echo $INTIP | cut -d. -f1-3` + +if [ "$INT2IF" ] +then +IP2BASE=`echo $INT2IP | cut -d. -f1-3` +fi + +if [ "$INT3IF" ] +then +IP3BASE=`echo $INT3IP | cut -d. -f1-3` +fi + +# some basic setup +# ignore_all not yet used: this should be satisfactory +echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts +# drop spoofed addr: turn this off on non-loop-free networks +echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter +echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter +# do not honor source route flags +echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route +echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route +# protect against syn flood attacks +echo 1 >/proc/sys/net/ipv4/tcp_syncookies + +modprobe ip_conntrack_ftp +modprobe ip_conntrack_tftp +modprobe ip_conntrack_irc +modprobe ip_nat_ftp +modprobe ip_nat_tftp +modprobe ip_nat_irc + +#Allow traffic with loopback +iptables -A INPUT -i lo -j ACCEPT + +#Allow INPUT from INTIF +iptables -A INPUT -i $INTIF -j ACCEPT + +if [ "$INT2IF" ] +then +iptables -A INPUT -i $INT2IF -j ACCEPT +fi + +if [ "$INT3IF" ] +then +iptables -A INPUT -i $INT3IF -j ACCEPT +fi + +#Already established traffic from anywhere +iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT + +#DMZ Support +if [ "$DMZIF" ] +then + +if [ "$DMZTYPE" = "extonly" ] +then +#Pass traffic out EXTIF +iptables -A FORWARD -i $DMZIF -o $EXTIF -j ACCEPT +#DNS, ICMP support to AstLinux machine +iptables -A INPUT -i $DMZIF -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT +iptables -A INPUT -i $DMZIF -p icmp --icmp-type any -j ACCEPT +fi + +if [ "$DMZTYPE" = "extme" ] +then +#Pass traffic out EXTIF +iptables -A FORWARD -i $DMZIF -o $EXTIF -j ACCEPT +# Allow all traffic to AstLinux machine +iptables -A INPUT -i $DMZIF -j ACCEPT +fi + +if [ "$DMZTYPE" = "open" ] +then +# Forget it all and open the gates +iptables -A INPUT -i $DMZIF -j ACCEPT +iptables -A FORWARD -i $DMZIF -j ACCEPT +fi + +if [ "$DMZTYPE" = "manual" ] +then +echo "Fill in some rules. You are on your own!" +fi + +fi + + +if [ "$EXTOPEN" ] +then +for i in $EXTOPEN +do +if `echo $i | grep -q "u"` +then +PROTOCOL=udp +fi + +if `echo $i | grep -q "t"` +then +PROTOCOL=tcp +fi + +if `echo $i | grep -q "i"` +then +PROTOCOL=icmp +fi + +PORT=`echo $i | tr -d itu` + +if [ "$PROTOCOL" = "icmp" ] +then +iptables -A INPUT -i $EXTIF -m icmp -p icmp --icmp-type $PORT -j ACCEPT +else +iptables -A INPUT -m state --state NEW -i $EXTIF -m $PROTOCOL -p $PROTOCOL --dport $PORT -j ACCEPT +fi + +done +fi + +#allow forwaring from each interface to the internet... +iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT + +if [ "$INT2IF" ] +then +iptables -A FORWARD -i $INT2IF -o $EXTIF -j ACCEPT +fi + +if [ "$INT3IF" ] +then +iptables -A FORWARD -i $INT3IF -o $EXTIF -j ACCEPT +fi + +#Setup 1:1 Maps... +if [ "$EXTMAP10" ] +then +COUNT=10 + +while [ "$COUNT" ] +do + +IPLINE=`set | grep EXTMAP$COUNT|tr -d \'` +PORTMAP=`set | grep OPENMAP$COUNT|tr -d \'` +IFALIAS=`expr $COUNT - 9` + +if [ $IPLINE ] + then + NATEXTIP=`echo $IPLINE | cut -d"=" -f2` + NATINTIP=`echo $IPLINE | cut -d"=" -f3` + ifconfig $EXTIF:$IFALIAS $NATEXTIP netmask $EXTNM + iptables -t nat -A PREROUTING -d $NATEXTIP -i $EXTIF -j DNAT --to-destination $NATINTIP + iptables -t nat -A POSTROUTING -s $NATEXTIP -o $EXTIF -j SNAT --to-source $NATINTIP + iptables -t nat -A POSTROUTING -s $NATINTIP -o $EXTIF -j SNAT --to-source $NATEXTIP + # iptables -A FORWARD -i $EXTIF -o $INTIF -d $NATINTIP -m state --state NEW -j ACCEPT + + if [ $PORTMAP ] + then + PORTS=`echo $PORTMAP | cut -d"=" -f2` + (IFS=: + for i in $PORTS + do + iptables -A FORWARD -i $EXTIF -o $INTIF -d $NATINTIP -m state --state NEW -p tcp -m multiport --dport $i -j ACCEPT + iptables -A FORWARD -i $EXTIF -o $INTIF -d $NATINTIP -m state --state NEW -p udp -m multiport --dport $i -j ACCEPT + + done) + fi + + COUNT=`expr $COUNT + 1` + +else + + COUNT= + +fi + +done + +fi + +#turn on NAT (PAT) for everything\everyone else... +iptables -t nat -A POSTROUTING -s $IPBASE.0/$INTNM -o $EXTIF -j MASQUERADE + +if [ "$INT2IF" ] +then +iptables -t nat -A POSTROUTING -s $IP2BASE.0/$INT2NM -o $EXTIF -j MASQUERADE +fi + +if [ "$INT3IF" ] +then +iptables -t nat -A POSTROUTING -s $IP3BASE.0/$INT3NM -o $EXTIF -j MASQUERADE +fi + +#Default Deny FOR ALL REMAINING INTERFACES +iptables -A INPUT -j $DACTION +iptables -A FORWARD -j $DACTION + +#activate forwarding in the kernel +sysctl -w net.ipv4.ip_forward=1 Modified: trunk/package/iptables/iptables.init =================================================================== --- trunk/package/iptables/iptables.init 2006-08-14 01:44:34 UTC (rev 248) +++ trunk/package/iptables/iptables.init 2006-08-14 01:50:24 UTC (rev 249) @@ -19,6 +19,8 @@ /usr/sbin/arno-iptables-firewall start else echo "You don't have arno iptables firewall installed" +echo "I'll use astfw for now" +/usr/sbin/astfw fi else Modified: trunk/package/iptables/iptables.mk =================================================================== --- trunk/package/iptables/iptables.mk 2006-08-14 01:44:34 UTC (rev 248) +++ trunk/package/iptables/iptables.mk 2006-08-14 01:50:24 UTC (rev 249) @@ -40,6 +40,7 @@ $(STRIP) -g $(TARGET_DIR)/usr/sbin/iptables* $(STRIP) -g $(TARGET_DIR)/usr/lib/iptables/*.so $(INSTALL) -D -m 0755 package/iptables/iptables.init $(TARGET_DIR)/etc/init.d/iptables + $(INSTALL) -D -m 0755 package/iptables/astfw $(TARGET_DIR)/usr/sbin/astfw iptables: uclibc linux $(TARGET_DIR)/usr/sbin/iptables Deleted: trunk/target/generic/target_skeleton/usr/sbin/astfw =================================================================== --- trunk/target/generic/target_skeleton/usr/sbin/astfw 2006-08-14 01:44:34 UTC (rev 248) +++ trunk/target/generic/target_skeleton/usr/sbin/astfw 2006-08-14 01:50:24 UTC (rev 249) @@ -1,207 +0,0 @@ -#!/bin/sh - -. /etc/rc.conf - -if [ "$DENYACT" ] -then -DACTION=$DENYACT -else -DACTION=DROP -fi - -IPBASE=`echo $INTIP | cut -d. -f1-3` - -if [ "$INT2IF" ] -then -IP2BASE=`echo $INT2IP | cut -d. -f1-3` -fi - -if [ "$INT3IF" ] -then -IP3BASE=`echo $INT3IP | cut -d. -f1-3` -fi - -# some basic setup -# ignore_all not yet used: this should be satisfactory -echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -# drop spoofed addr: turn this off on non-loop-free networks -echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter -echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter -# do not honor source route flags -echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route -echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route -# protect against syn flood attacks -echo 1 >/proc/sys/net/ipv4/tcp_syncookies - -modprobe ip_conntrack_ftp -modprobe ip_conntrack_tftp -modprobe ip_conntrack_irc -modprobe ip_nat_ftp -modprobe ip_nat_tftp -modprobe ip_nat_irc - -#Allow traffic with loopback -iptables -A INPUT -i lo -j ACCEPT - -#Allow INPUT from INTIF -iptables -A INPUT -i $INTIF -j ACCEPT - -if [ "$INT2IF" ] -then -iptables -A INPUT -i $INT2IF -j ACCEPT -fi - -if [ "$INT3IF" ] -then -iptables -A INPUT -i $INT3IF -j ACCEPT -fi - -#Already established traffic from anywhere -iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT - -#DMZ Support -if [ "$DMZIF" ] -then - -if [ "$DMZTYPE" = "extonly" ] -then -#Pass traffic out EXTIF -iptables -A FORWARD -i $DMZIF -o $EXTIF -j ACCEPT -#DNS, ICMP support to AstLinux machine -iptables -A INPUT -i $DMZIF -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT -iptables -A INPUT -i $DMZIF -p icmp --icmp-type any -j ACCEPT -fi - -if [ "$DMZTYPE" = "extme" ] -then -#Pass traffic out EXTIF -iptables -A FORWARD -i $DMZIF -o $EXTIF -j ACCEPT -# Allow all traffic to AstLinux machine -iptables -A INPUT -i $DMZIF -j ACCEPT -fi - -if [ "$DMZTYPE" = "open" ] -then -# Forget it all and open the gates -iptables -A INPUT -i $DMZIF -j ACCEPT -iptables -A FORWARD -i $DMZIF -j ACCEPT -fi - -if [ "$DMZTYPE" = "manual" ] -then -echo "Fill in some rules. You are on your own!" -fi - -fi - - -if [ "$EXTOPEN" ] -then -for i in $EXTOPEN -do -if `echo $i | grep -q "u"` -then -PROTOCOL=udp -fi - -if `echo $i | grep -q "t"` -then -PROTOCOL=tcp -fi - -if `echo $i | grep -q "i"` -then -PROTOCOL=icmp -fi - -PORT=`echo $i | tr -d itu` - -if [ "$PROTOCOL" = "icmp" ] -then -iptables -A INPUT -i $EXTIF -m icmp -p icmp --icmp-type $PORT -j ACCEPT -else -iptables -A INPUT -m state --state NEW -i $EXTIF -m $PROTOCOL -p $PROTOCOL --dport $PORT -j ACCEPT -fi - -done -fi - -#allow forwaring from each interface to the internet... -iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT - -if [ "$INT2IF" ] -then -iptables -A FORWARD -i $INT2IF -o $EXTIF -j ACCEPT -fi - -if [ "$INT3IF" ] -then -iptables -A FORWARD -i $INT3IF -o $EXTIF -j ACCEPT -fi - -#Setup 1:1 Maps... -if [ "$EXTMAP10" ] -then -COUNT=10 - -while [ "$COUNT" ] -do - -IPLINE=`set | grep EXTMAP$COUNT|tr -d \'` -PORTMAP=`set | grep OPENMAP$COUNT|tr -d \'` -IFALIAS=`expr $COUNT - 9` - -if [ $IPLINE ] - then - NATEXTIP=`echo $IPLINE | cut -d"=" -f2` - NATINTIP=`echo $IPLINE | cut -d"=" -f3` - ifconfig $EXTIF:$IFALIAS $NATEXTIP netmask $EXTNM - iptables -t nat -A PREROUTING -d $NATEXTIP -i $EXTIF -j DNAT --to-destination $NATINTIP - iptables -t nat -A POSTROUTING -s $NATEXTIP -o $EXTIF -j SNAT --to-source $NATINTIP - iptables -t nat -A POSTROUTING -s $NATINTIP -o $EXTIF -j SNAT --to-source $NATEXTIP - # iptables -A FORWARD -i $EXTIF -o $INTIF -d $NATINTIP -m state --state NEW -j ACCEPT - - if [ $PORTMAP ] - then - PORTS=`echo $PORTMAP | cut -d"=" -f2` - (IFS=: - for i in $PORTS - do - iptables -A FORWARD -i $EXTIF -o $INTIF -d $NATINTIP -m state --state NEW -p tcp -m multiport --dport $i -j ACCEPT - iptables -A FORWARD -i $EXTIF -o $INTIF -d $NATINTIP -m state --state NEW -p udp -m multiport --dport $i -j ACCEPT - - done) - fi - - COUNT=`expr $COUNT + 1` - -else - - COUNT= - -fi - -done - -fi - -#turn on NAT (PAT) for everything\everyone else... -iptables -t nat -A POSTROUTING -s $IPBASE.0/$INTNM -o $EXTIF -j MASQUERADE - -if [ "$INT2IF" ] -then -iptables -t nat -A POSTROUTING -s $IP2BASE.0/$INT2NM -o $EXTIF -j MASQUERADE -fi - -if [ "$INT3IF" ] -then -iptables -t nat -A POSTROUTING -s $IP3BASE.0/$INT3NM -o $EXTIF -j MASQUERADE -fi - -#Default Deny FOR ALL REMAINING INTERFACES -iptables -A INPUT -j $DACTION -iptables -A FORWARD -j $DACTION - -#activate forwarding in the kernel -sysctl -w net.ipv4.ip_forward=1 This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <dha...@us...> - 2006-08-14 18:19:50
|
Revision: 253 Author: dhartman Date: 2006-08-14 11:19:47 -0700 (Mon, 14 Aug 2006) ViewCVS: http://svn.sourceforge.net/astlinux/?rev=253&view=rev Log Message: ----------- init fixes in astshape and iptables Modified Paths: -------------- trunk/package/iproute2/astshape.init trunk/package/iptables/iptables.init Modified: trunk/package/iproute2/astshape.init =================================================================== --- trunk/package/iproute2/astshape.init 2006-08-14 03:05:37 UTC (rev 252) +++ trunk/package/iproute2/astshape.init 2006-08-14 18:19:47 UTC (rev 253) @@ -20,7 +20,6 @@ fi fi -fi } stop () { Modified: trunk/package/iptables/iptables.init =================================================================== --- trunk/package/iptables/iptables.init 2006-08-14 03:05:37 UTC (rev 252) +++ trunk/package/iptables/iptables.init 2006-08-14 18:19:47 UTC (rev 253) @@ -16,6 +16,7 @@ then if [ -x /usr/sbin/arno-iptables-firewall ] +then /usr/sbin/arno-iptables-firewall start else echo "You don't have arno iptables firewall installed" This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <dha...@us...> - 2008-02-13 05:54:53
|
Revision: 1583
http://astlinux.svn.sourceforge.net/astlinux/?rev=1583&view=rev
Author: dhartman
Date: 2008-02-12 21:54:59 -0800 (Tue, 12 Feb 2008)
Log Message:
-----------
ip_nat_sip changes from Philip
Modified Paths:
--------------
trunk/package/iptables/astfw
trunk/package/iptables/iptables.mk
Modified: trunk/package/iptables/astfw
===================================================================
--- trunk/package/iptables/astfw 2008-02-12 13:35:55 UTC (rev 1582)
+++ trunk/package/iptables/astfw 2008-02-13 05:54:59 UTC (rev 1583)
@@ -36,9 +36,20 @@
# protect against syn flood attacks
echo 1 >/proc/sys/net/ipv4/tcp_syncookies
+SIPCOMMA=""
+for i in $SIP_PORTS
+do
+SIPCOMMA="$SIPCOMMA${SIPCOMMA:+,}$i"
+done
+
modprobe ip_conntrack_ftp
modprobe ip_conntrack_tftp
modprobe ip_conntrack_irc
+if [ "$SIPCOMMA" ]
+then
+modprobe ip_conntrack_sip ports="$SIPCOMMA"
+modprobe ip_nat_sip
+fi
modprobe ip_nat_ftp
modprobe ip_nat_tftp
modprobe ip_nat_irc
@@ -145,9 +156,18 @@
done
fi
-if [ "$EXTOPEN" ]
+#
+# this is tedious but necessary
+#
+EXTPLUS=""
+for i in $SIP_PORTS
+do
+EXTPLUS="$EXTPLUS u$i"
+done
+
+if [ "$EXTOPEN" -o "$EXTPLUS" ]
then
-for i in $EXTOPEN
+for i in $EXTOPEN $EXTPLUS
do
if `echo $i | grep -q "u"`
then
@@ -305,21 +325,12 @@
for i in $EXTOPEN
do
-if `echo $i | grep -q "u"`
-then
-PROTOCOL=udp
-fi
+case $i in
+u*) PROTOCOL=udp ;;
+t*) PROTOCOL=tcp ;;
+i*) PROTOCOL=icmp ;;
+esac
-if `echo $i | grep -q "t"`
-then
-PROTOCOL=tcp
-fi
-
-if `echo $i | grep -q "i"`
-then
-PROTOCOL=icmp
-fi
-
PORT=`echo $i | tr -d itu`
if [ "$PROTOCOL" = "icmp" ]
Modified: trunk/package/iptables/iptables.mk
===================================================================
--- trunk/package/iptables/iptables.mk 2008-02-12 13:35:55 UTC (rev 1582)
+++ trunk/package/iptables/iptables.mk 2008-02-13 05:54:59 UTC (rev 1583)
@@ -7,6 +7,8 @@
IPTABLES_SOURCE_URL:=ftp.netfilter.org/pub/iptables/
IPTABLES_SOURCE:=iptables-$(IPTABLES_VER).tar.bz2
IPTABLES_BUILD_DIR:=$(BUILD_DIR)/iptables-$(IPTABLES_VER)
+IPTABLES_BIN:=/usr/sbin/iptables
+ASTFW_BIN:=/usr/sbin/astfw
$(DL_DIR)/$(IPTABLES_SOURCE):
$(WGET) -P $(DL_DIR) $(IPTABLES_SOURCE_URL)/$(IPTABLES_SOURCE)
@@ -26,34 +28,29 @@
KERNEL_DIR=$(LINUX_DIR) PREFIX=/usr \
CC=$(TARGET_CC) COPT_FLAGS="$(TARGET_CFLAGS)"
-$(TARGET_DIR)/usr/sbin/iptables: $(IPTABLES_BUILD_DIR)/iptables
+$(TARGET_DIR)$(IPTABLES_BIN): $(IPTABLES_BUILD_DIR)/iptables
$(TARGET_CONFIGURE_OPTS) \
$(MAKE) -C $(IPTABLES_BUILD_DIR) \
DO_IPV6=0 NO_SHARED_LIBS=1 \
KERNEL_DIR=$(LINUX_DIR) PREFIX=/usr \
CC=$(TARGET_CC) COPT_FLAGS="$(TARGET_CFLAGS)" \
DESTDIR=$(STAGING_DIR) install
- $(INSTALL) -D -m 0755 $(STAGING_DIR)/usr/sbin/iptables $(TARGET_DIR)/usr/sbin/iptables
- -$(INSTALL) -D -m 0755 $(STAGING_DIR)/usr/sbin/ip6tables $(TARGET_DIR)/usr/sbin/ip6tables
- $(STRIP) $(TARGET_DIR)/usr/sbin/iptables
- -$(STRIP) $(TARGET_DIR)/usr/sbin/ip6tables
+ $(INSTALL) -D -m 0755 -s $(STAGING_DIR)$(IPTABLES_BIN) $(TARGET_DIR)$(IPTABLES_BIN)
$(INSTALL) -D -m 0755 package/iptables/iptables.init $(TARGET_DIR)/etc/init.d/iptables
- $(INSTALL) -D -m 0755 package/iptables/astfw $(TARGET_DIR)/usr/sbin/astfw
+ $(INSTALL) -D -m 0755 package/iptables/astfw $(TARGET_DIR)$(ASTFW_BIN)
-iptables: uclibc linux $(TARGET_DIR)/usr/sbin/iptables
+iptables: uclibc linux $(TARGET_DIR)$(IPTABLES_BIN)
iptables-source: $(DL_DIR)/$(IPTABLES_SOURCE)
iptables-clean:
-$(MAKE) -C $(IPTABLES_BUILD_DIR) KERNEL_DIR=$(LINUX_DIR) clean
- -rm -rf $(STAGING_DIR)/usr/sbin/iptables
- -rm -rf $(TARGET_DIR)/usr/sbin/iptables
- -rm -rf $(STAGING_DIR)/usr/sbin/ip6tables
- -rm -rf $(TARGET_DIR)/usr/sbin/ip6tables
- rm -rf $(TARGET_DIR)/etc/init.d/iptables
+ rm -f $(STAGING_DIR)$(IPTABLES_BIN) $(TARGET_DIR)$(IPTABLES_BIN) \
+ $(TARGET_DIR)/etc/init.d/iptables
iptables-dirclean:
rm -rf $(IPTABLES_BUILD_DIR)
+
#############################################################
#
# Toplevel Makefile options
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X