pyrox.dev
1{
2 lib,
3 stdenv,
4 fetchurl,
5 pkg-config,
6 bison,
7 flex,
8 asciidoc,
9 libxslt,
10 findXMLCatalogs,
11 docbook_xml_dtd_45,
12 docbook_xsl,
13 libmnl,
14 libnftnl,
15 libpcap,
16 gmp,
17 jansson,
18 autoreconfHook,
19 withDebugSymbols ? false,
20 withCli ? true,
21 libedit,
22 withXtables ? true,
23 iptables,
24 nixosTests,
25 gitUpdater,
26}:
27
28stdenv.mkDerivation rec {
29 version = "1.1.3";
30 pname = "nftables";
31
32 src = fetchurl {
33 url = "https://netfilter.org/projects/nftables/files/${pname}-${version}.tar.xz";
34 hash = "sha256-nIpktZyQsIJeVAqbj8udLZQsY2+BulAZnwaP3kTzTtg=";
35 };
36
37 patches = [
38 (fetchurl {
39 name = "musl.patch";
40 url = "https://lore.kernel.org/netfilter-devel/20241219231001.1166085-2-hi@alyssa.is/raw";
41 hash = "sha256-7vMBIoDWcI/JBInYP5yYWp8BnYbATRfMTxqyZr2L9Sk=";
42 })
43 ];
44
45 nativeBuildInputs = [
46 autoreconfHook
47 pkg-config
48 bison
49 flex
50 asciidoc
51 docbook_xml_dtd_45
52 docbook_xsl
53 findXMLCatalogs
54 libxslt
55 ];
56
57 buildInputs =
58 [
59 libmnl
60 libnftnl
61 libpcap
62 gmp
63 jansson
64 ]
65 ++ lib.optional withCli libedit
66 ++ lib.optional withXtables iptables;
67
68 configureFlags =
69 [
70 "--with-json"
71 (lib.withFeatureAs withCli "cli" "editline")
72 ]
73 ++ lib.optional (!withDebugSymbols) "--disable-debug"
74 ++ lib.optional withXtables "--with-xtables";
75
76 enableParallelBuilding = true;
77
78 passthru.tests = {
79 inherit (nixosTests) firewall-nftables;
80 lxd-nftables = nixosTests.lxd.nftables;
81 nat = { inherit (nixosTests.nat.nftables) firewall standalone; };
82 };
83
84 passthru.updateScript = gitUpdater {
85 url = "https://git.netfilter.org/nftables";
86 rev-prefix = "v";
87 };
88
89 meta = with lib; {
90 description = "Project that aims to replace the existing {ip,ip6,arp,eb}tables framework";
91 homepage = "https://netfilter.org/projects/nftables/";
92 license = licenses.gpl2Only;
93 platforms = platforms.linux;
94 maintainers = with maintainers; [ izorkin ];
95 mainProgram = "nft";
96 };
97}