xtables-addons: New package.

The xtables-addons package provides many additional filter modules for iptables. Currently we are only building the "geoip" module which can be used to create firewall rules which will do actions based on the country membership of the senders/targets address. In order to build the required kernel modules I had to change build order for several packages as well.
2026-04-09 18:45:54 +02:00 · 2015-01-03 14:07:49 +01:00
parent 72074fcdd2
commit b8e0573b5c
4 changed files with 150 additions and 3 deletions
--- a/config/rootfiles/common/xtables-addons
+++ b/config/rootfiles/common/xtables-addons
@@ -0,0 +1,7 @@
+lib/xtables/libxt_geoip.so
+#usr/libexec/xtables-addons
+usr/libexec/xtables-addons/xt_geoip_build
+usr/libexec/xtables-addons/xt_geoip_dl
+#usr/share/man/man1/xt_geoip_build.1
+#usr/share/man/man1/xt_geoip_dl.1
+#usr/share/man/man8/xtables-addons.8
--- a/config/xtables-addons/mconfig
+++ b/config/xtables-addons/mconfig
@@ -0,0 +1,24 @@
+# -*- Makefile -*-
+#
+build_ACCOUNT=n
+build_CHAOS=n
+build_DELUDE=n
+build_DHCPMAC=n
+build_DNETMAP=n
+build_ECHO=n
+build_IPMARK=n
+build_LOGMARK=n
+build_SYSRQ=n
+build_TARPIT=n
+build_condition=n
+build_fuzzy=n
+build_geoip=m
+build_gradm=n
+build_iface=n
+build_ipp2p=n
+build_ipv4options=n
+build_length2=n
+build_lscan=n
+build_pknock=n
+build_psd=n
+build_quota2=n
--- a/lfs/xtables-addons
+++ b/lfs/xtables-addons
@@ -0,0 +1,110 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2014  IPFire Team <info@ipfire.org>                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VERSUFIX = ipfire$(KCFG)
+MODPATH = /lib/modules/$(KVER)-$(VERSUFIX)/extra/
+
+VER        = 2.6
+
+THISAPP    = xtables-addons-$(VER)
+DL_FILE    = $(THISAPP).tar.xz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+
+ifeq "$(USPACE)" "1"
+  TARGET = $(DIR_INFO)/$(THISAPP)
+else
+  TARGET = $(DIR_INFO)/$(THISAPP)-kmod-$(KVER)-$(VERSUFIX)
+endif
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 087835ba7e564481b6fd398692268340
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+	$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+
+	# Only build the specified modules.
+	cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \
+		$(DIR_APP)/mconfig
+
+# Check if we build the modules for a kernel or the userspace parts.
+ifeq "$(USPACE)" "1"
+	cd $(DIR_APP) && ./configure \
+		--prefix=/usr \
+		--without-kbuild
+
+	cd $(DIR_APP) && make $(MAKETUNING)
+	cd $(DIR_APP) && make install
+else
+	cd $(DIR_APP) && ./configure \
+		--with-kbuild=/usr/src/linux-$(KVER)/
+
+	cd $(DIR_APP) && make $(MAKETUNING)
+
+	# Install the built kernel modules.
+	cd $(DIR_APP) && for f in $$(ls extensions/*.ko); do \
+		install -m 644 $$f $(MODPATH); \
+	done
+endif
+
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
--- a/make.sh
+++ b/make.sh
@@ -383,6 +383,7 @@ buildipfire() {
  export LOGFILE
  ipfiremake configroot
  ipfiremake backup
+  ipfiremake pkg-config
  ipfiremake libusb
  ipfiremake libusbx
  ipfiremake libpcap
@@ -403,6 +404,8 @@ buildipfire() {
  ipfiremake multipath-tools
  ipfiremake freetype
  ipfiremake grub
+  ipfiremake libmnl
+  ipfiremake iptables

  case "${TARGET_ARCH}" in
 	i586)
@@ -412,6 +415,7 @@ buildipfire() {
 		ipfiremake e1000e			KCFG="-pae"
 		ipfiremake igb				KCFG="-pae"
 		ipfiremake ixgbe			KCFG="-pae"
+		ipfiremake xtables-addons		KCFG="-pae"
 		ipfiremake linux-initrd			KCFG="-pae"

 		# x86 kernel build
@@ -420,6 +424,7 @@ buildipfire() {
 		ipfiremake e1000e			KCFG=""
 		ipfiremake igb				KCFG=""
 		ipfiremake ixgbe			KCFG=""
+		ipfiremake xtables-addons		KCFG=""
 		ipfiremake linux-initrd			KCFG=""
 		;;

@@ -427,6 +432,7 @@ buildipfire() {
 		# arm-rpi (Raspberry Pi) kernel build
 		ipfiremake linux			KCFG="-rpi"
 		ipfiremake cryptodev			KCFG="-rpi"
+		ipfiremake xtables-addons		KCFG="-rpi"
 		ipfiremake linux-initrd			KCFG="-rpi"

 		# arm multi platform (Panda, Wandboard ...) kernel build
@@ -435,6 +441,7 @@ buildipfire() {
 		ipfiremake e1000e			KCFG="-multi"
 		ipfiremake igb				KCFG="-multi"
 		ipfiremake ixgbe			KCFG="-multi"
+		ipfiremake xtables-addons		KCFG="-multi"
 		ipfiremake linux-initrd			KCFG="-multi"

 		# arm-kirkwood (Dreamplug, ICY-Box ...) kernel build
@@ -443,10 +450,11 @@ buildipfire() {
 		ipfiremake e1000e			KCFG="-kirkwood"
 		ipfiremake igb				KCFG="-kirkwood"
 		ipfiremake ixgbe			KCFG="-kirkwood"
+		ipfiremake xtables-addons		KCFG="-kirkwood"
 		ipfiremake linux-initrd			KCFG="-kirkwood"
 		;;
  esac
-  ipfiremake pkg-config
+  ipfiremake xtables-addons			USPACE="1"
  ipfiremake openssl
  ipfiremake openssl-compat
  ipfiremake libgpg-error
@@ -521,8 +529,6 @@ buildipfire() {
  ipfiremake mtools
  ipfiremake initscripts
  ipfiremake whatmask
-  ipfiremake libmnl
-  ipfiremake iptables
  ipfiremake conntrack-tools
  ipfiremake libupnp
  ipfiremake ipaddr