about summary refs log tree commit diff
path: root/nixpkgs/pkgs/os-specific/linux/iptables/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/iptables/default.nix')
-rw-r--r--nixpkgs/pkgs/os-specific/linux/iptables/default.nix55
1 files changed, 55 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/iptables/default.nix b/nixpkgs/pkgs/os-specific/linux/iptables/default.nix
new file mode 100644
index 000000000000..82157ffa0791
--- /dev/null
+++ b/nixpkgs/pkgs/os-specific/linux/iptables/default.nix
@@ -0,0 +1,55 @@
+{ lib, stdenv, fetchurl, pkg-config, pruneLibtoolFiles, flex, bison
+, libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap
+, nftablesCompat ? false
+}:
+
+with lib;
+
+stdenv.mkDerivation rec {
+  version = "1.8.6";
+  pname = "iptables";
+
+  src = fetchurl {
+    url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
+    sha256 = "0rvp0k8a72h2snrdx48cfn75bfa0ycrd2xl3kjysbymq7q6gxx50";
+  };
+
+  nativeBuildInputs = [ pkg-config pruneLibtoolFiles flex bison ];
+
+  buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ];
+
+  preConfigure = ''
+    export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl"
+  '';
+
+  configureFlags = [
+    "--enable-bpf-compiler"
+    "--enable-devel"
+    "--enable-libipq"
+    "--enable-nfsynproxy"
+    "--enable-shared"
+  ] ++ optional (!nftablesCompat) "--disable-nftables";
+
+  outputs = [ "out" "dev" ];
+
+  postInstall = optional nftablesCompat ''
+    rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
+    ln -sv xtables-nft-multi $out/bin/iptables
+    ln -sv xtables-nft-multi $out/bin/iptables-restore
+    ln -sv xtables-nft-multi $out/bin/iptables-save
+    ln -sv xtables-nft-multi $out/bin/ip6tables
+    ln -sv xtables-nft-multi $out/bin/ip6tables-restore
+    ln -sv xtables-nft-multi $out/bin/ip6tables-save
+  '';
+
+  meta = {
+    description = "A program to configure the Linux IP packet filtering ruleset";
+    homepage = "https://www.netfilter.org/projects/iptables/index.html";
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ fpletz ];
+    license = licenses.gpl2;
+    downloadPage = "https://www.netfilter.org/projects/iptables/files/";
+    updateWalker = true;
+    inherit version;
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 21:34:33 +0000