about summary refs log tree commit diff
path: root/nixpkgs/pkgs/os-specific/linux/iptables/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/iptables/default.nix')
-rw-r--r--nixpkgs/pkgs/os-specific/linux/iptables/default.nix34
1 files changed, 25 insertions, 9 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/iptables/default.nix b/nixpkgs/pkgs/os-specific/linux/iptables/default.nix
index cf06ff353253..f556d7368e97 100644
--- a/nixpkgs/pkgs/os-specific/linux/iptables/default.nix
+++ b/nixpkgs/pkgs/os-specific/linux/iptables/default.nix
@@ -1,32 +1,48 @@
-{ stdenv, fetchurl, bison, flex, pkgconfig, pruneLibtoolFiles
-, libnetfilter_conntrack, libnftnl, libmnl, libpcap }:
+{ stdenv, fetchurl, pkgconfig, pruneLibtoolFiles, flex, bison
+, libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap
+, nftablesCompat ? false
+}:
+
+with stdenv.lib;
 
 stdenv.mkDerivation rec {
+  version = "1.8.4";
   pname = "iptables";
-  version = "1.8.3";
 
   src = fetchurl {
     url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
-    sha256 = "106xkkg5crsscjlinxvqvprva23fwwqfgrzl8m2nn841841sqg52";
+    sha256 = "0z0mgs1ghvn3slc868mgbf2g26njgrzcy5ggyb5w4i55j1a3lflr";
   };
 
-  nativeBuildInputs = [ bison flex pkgconfig pruneLibtoolFiles ];
+  nativeBuildInputs = [ pkgconfig pruneLibtoolFiles flex bison ];
 
-  buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ];
+  buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ];
 
   preConfigure = ''
     export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl"
   '';
 
   configureFlags = [
+    "--enable-bpf-compiler"
     "--enable-devel"
+    "--enable-libipq"
+    "--enable-nfsynproxy"
     "--enable-shared"
-    "--enable-bpf-compiler"
-  ];
+  ] ++ optional (!nftablesCompat) "--disable-nftables";
 
   outputs = [ "out" "dev" ];
 
-  meta = with stdenv.lib; {
+  postInstall = optional nftablesCompat ''
+    rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
+    ln -sv xtables-nft-multi $out/bin/iptables
+    ln -sv xtables-nft-multi $out/bin/iptables-restore
+    ln -sv xtables-nft-multi $out/bin/iptables-save
+    ln -sv xtables-nft-multi $out/bin/ip6tables
+    ln -sv xtables-nft-multi $out/bin/ip6tables-restore
+    ln -sv xtables-nft-multi $out/bin/ip6tables-save
+  '';
+
+  meta = {
     description = "A program to configure the Linux IP packet filtering ruleset";
     homepage = https://www.netfilter.org/projects/iptables/index.html;
     platforms = platforms.linux;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-09 10:01:57 +0000