pyrox.dev
1{
2 lib,
3 stdenv,
4 fetchurl,
5 autoreconfHook,
6 pkg-config,
7 pruneLibtoolFiles,
8 flex,
9 bison,
10 libmnl,
11 libnetfilter_conntrack,
12 libnfnetlink,
13 libnftnl,
14 libpcap,
15 nftablesCompat ? true,
16 gitUpdater,
17}:
18
19stdenv.mkDerivation rec {
20 version = "1.8.11";
21 pname = "iptables";
22
23 src = fetchurl {
24 url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.xz";
25 sha256 = "2HMD1V74ySvK1N0/l4sm0nIBNkKwKUJXdfW60QCf57I=";
26 };
27
28 outputs = [
29 "out"
30 "dev"
31 "man"
32 ];
33
34 nativeBuildInputs = [
35 autoreconfHook
36 pkg-config
37 pruneLibtoolFiles
38 flex
39 bison
40 ];
41
42 buildInputs = [
43 libmnl
44 libnetfilter_conntrack
45 libnfnetlink
46 libnftnl
47 libpcap
48 ];
49
50 configureFlags = [
51 "--enable-bpf-compiler"
52 "--enable-devel"
53 "--enable-libipq"
54 "--enable-nfsynproxy"
55 "--enable-shared"
56 ] ++ lib.optional (!nftablesCompat) "--disable-nftables";
57
58 enableParallelBuilding = true;
59
60 postInstall = lib.optionalString nftablesCompat ''
61 rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
62 ln -sv xtables-nft-multi $out/bin/iptables
63 ln -sv xtables-nft-multi $out/bin/iptables-restore
64 ln -sv xtables-nft-multi $out/bin/iptables-save
65 ln -sv xtables-nft-multi $out/bin/ip6tables
66 ln -sv xtables-nft-multi $out/bin/ip6tables-restore
67 ln -sv xtables-nft-multi $out/bin/ip6tables-save
68 '';
69
70 passthru = {
71 updateScript = gitUpdater {
72 url = "https://git.netfilter.org/iptables";
73 rev-prefix = "v";
74 };
75 };
76
77 meta = with lib; {
78 description = "Program to configure the Linux IP packet filtering ruleset";
79 homepage = "https://www.netfilter.org/projects/iptables/index.html";
80 platforms = platforms.linux;
81 maintainers = with maintainers; [ fpletz ];
82 license = licenses.gpl2Plus;
83 downloadPage = "https://www.netfilter.org/projects/iptables/files/";
84 };
85}