pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / iptables / default.nix
at 23.05-pre 70 lines 2.5 kB view raw
1{ lib, stdenv, fetchurl, pkg-config, pruneLibtoolFiles, flex, bison 2, libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap 3, nftablesCompat ? true 4, fetchpatch 5}: 6 7stdenv.mkDerivation rec { 8 version = "1.8.8"; 9 pname = "iptables"; 10 11 src = fetchurl { 12 url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2"; 13 sha256 = "sha256-ccdYidxxBnZjFVPrFRHaAXe7qvG1USZbkS0jbD9RhZ8="; 14 }; 15 16 patches = [ 17 # xshared: Fix build for -Werror=format-security 18 (fetchpatch { 19 url = "https://git.netfilter.org/iptables/patch/?id=b72eb12ea5a61df0655ad99d5048994e916be83a"; 20 sha256 = "sha256-pnamqOagwNWoiwlxPnKCqSc2N7MP/eZlT7JiE09c8OE="; 21 }) 22 # treewide: use uint* instead of u_int* 23 (fetchpatch { 24 url = "https://git.netfilter.org/iptables/patch/?id=f319389525b066b7dc6d389c88f16a0df3b8f189"; 25 sha256 = "sha256-rOxCEWZoI8Ac5fQDp286YHAwvreUAoDVAbomboKrGyM="; 26 }) 27 # fix Musl build 28 (fetchpatch { 29 url = "https://git.netfilter.org/iptables/patch/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e"; 30 sha256 = "18mnvqfxzd7ifq3zjb4vyifcyadpxdi8iqcj8wsjgw23n49lgrbj"; 31 }) 32 ]; 33 34 outputs = [ "out" "dev" "man" ]; 35 36 nativeBuildInputs = [ pkg-config pruneLibtoolFiles flex bison ]; 37 38 buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ]; 39 40 preConfigure = '' 41 export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl" 42 ''; 43 44 configureFlags = [ 45 "--enable-bpf-compiler" 46 "--enable-devel" 47 "--enable-libipq" 48 "--enable-nfsynproxy" 49 "--enable-shared" 50 ] ++ lib.optional (!nftablesCompat) "--disable-nftables"; 51 52 postInstall = lib.optionalString nftablesCompat '' 53 rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save} 54 ln -sv xtables-nft-multi $out/bin/iptables 55 ln -sv xtables-nft-multi $out/bin/iptables-restore 56 ln -sv xtables-nft-multi $out/bin/iptables-save 57 ln -sv xtables-nft-multi $out/bin/ip6tables 58 ln -sv xtables-nft-multi $out/bin/ip6tables-restore 59 ln -sv xtables-nft-multi $out/bin/ip6tables-save 60 ''; 61 62 meta = with lib; { 63 description = "A program to configure the Linux IP packet filtering ruleset"; 64 homepage = "https://www.netfilter.org/projects/iptables/index.html"; 65 platforms = platforms.linux; 66 maintainers = with maintainers; [ fpletz ]; 67 license = licenses.gpl2; 68 downloadPage = "https://www.netfilter.org/projects/iptables/files/"; 69 }; 70}