pkgs/os-specific/linux/iptables/default.nix at master

pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / iptables / default.nix
at master 100 lines 2.1 kB view raw
wrap content
nikstur iptables: add separate lib output 6 months ago
5211a3ec
  1{
  2  lib,
  3  stdenv,
  4  fetchurl,
  5  autoreconfHook,
  6  pkg-config,
  7  pruneLibtoolFiles,
  8  flex,
  9  bison,
 10  libmnl,
 11  libnetfilter_conntrack,
 12  libnfnetlink,
 13  libnftnl,
 14  libpcap,
 15  bash,
 16  bashNonInteractive,
 17  nftablesCompat ? true,
 18  gitUpdater,
 19}:
 20
 21stdenv.mkDerivation rec {
 22  version = "1.8.11";
 23  pname = "iptables";
 24
 25  __structuredAttrs = true;
 26
 27  src = fetchurl {
 28    url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.xz";
 29    sha256 = "2HMD1V74ySvK1N0/l4sm0nIBNkKwKUJXdfW60QCf57I=";
 30  };
 31
 32  outputs = [
 33    "out"
 34    "lib"
 35    "dev"
 36    "man"
 37  ];
 38
 39  strictDeps = true;
 40
 41  nativeBuildInputs = [
 42    autoreconfHook
 43    pkg-config
 44    pruneLibtoolFiles
 45    flex
 46    bison
 47  ];
 48
 49  buildInputs = [
 50    libmnl
 51    libnetfilter_conntrack
 52    libnfnetlink
 53    libnftnl
 54    libpcap
 55    bash
 56  ];
 57
 58  configureFlags = [
 59    "--enable-bpf-compiler"
 60    "--enable-devel"
 61    "--enable-libipq"
 62    "--enable-nfsynproxy"
 63    "--enable-shared"
 64  ]
 65  ++ lib.optional (!nftablesCompat) "--disable-nftables";
 66
 67  enableParallelBuilding = true;
 68
 69  postInstall = lib.optionalString nftablesCompat ''
 70    rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
 71    ln -sv xtables-nft-multi $out/bin/iptables
 72    ln -sv xtables-nft-multi $out/bin/iptables-restore
 73    ln -sv xtables-nft-multi $out/bin/iptables-save
 74    ln -sv xtables-nft-multi $out/bin/ip6tables
 75    ln -sv xtables-nft-multi $out/bin/ip6tables-restore
 76    ln -sv xtables-nft-multi $out/bin/ip6tables-save
 77  '';
 78
 79  outputChecks.lib.disallowedRequisites = [
 80    bash
 81    bashNonInteractive
 82  ];
 83
 84  passthru = {
 85    updateScript = gitUpdater {
 86      url = "https://git.netfilter.org/iptables";
 87      rev-prefix = "v";
 88    };
 89  };
 90
 91  meta = with lib; {
 92    description = "Program to configure the Linux IP packet filtering ruleset";
 93    homepage = "https://www.netfilter.org/projects/iptables/index.html";
 94    platforms = platforms.linux;
 95    mainProgram = "iptables";
 96    maintainers = with maintainers; [ fpletz ];
 97    license = licenses.gpl2Plus;
 98    downloadPage = "https://www.netfilter.org/projects/iptables/files/";
 99  };
100}