tjh.dev
1{
2 lib,
3 stdenv,
4 fetchurl,
5 autoreconfHook,
6 pkg-config,
7 pruneLibtoolFiles,
8 flex,
9 bison,
10 libmnl,
11 libnetfilter_conntrack,
12 libnfnetlink,
13 libnftnl,
14 libpcap,
15 nftablesCompat ? true,
16 gitUpdater,
17}:
18
19stdenv.mkDerivation rec {
20 version = "1.8.11";
21 pname = "iptables";
22
23 src = fetchurl {
24 url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.xz";
25 sha256 = "2HMD1V74ySvK1N0/l4sm0nIBNkKwKUJXdfW60QCf57I=";
26 };
27
28 outputs = [
29 "out"
30 "dev"
31 "man"
32 ];
33
34 nativeBuildInputs = [
35 autoreconfHook
36 pkg-config
37 pruneLibtoolFiles
38 flex
39 bison
40 ];
41
42 buildInputs = [
43 libmnl
44 libnetfilter_conntrack
45 libnfnetlink
46 libnftnl
47 libpcap
48 ];
49
50 configureFlags = [
51 "--enable-bpf-compiler"
52 "--enable-devel"
53 "--enable-libipq"
54 "--enable-nfsynproxy"
55 "--enable-shared"
56 ]
57 ++ lib.optional (!nftablesCompat) "--disable-nftables";
58
59 enableParallelBuilding = true;
60
61 postInstall = lib.optionalString nftablesCompat ''
62 rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
63 ln -sv xtables-nft-multi $out/bin/iptables
64 ln -sv xtables-nft-multi $out/bin/iptables-restore
65 ln -sv xtables-nft-multi $out/bin/iptables-save
66 ln -sv xtables-nft-multi $out/bin/ip6tables
67 ln -sv xtables-nft-multi $out/bin/ip6tables-restore
68 ln -sv xtables-nft-multi $out/bin/ip6tables-save
69 '';
70
71 passthru = {
72 updateScript = gitUpdater {
73 url = "https://git.netfilter.org/iptables";
74 rev-prefix = "v";
75 };
76 };
77
78 meta = with lib; {
79 description = "Program to configure the Linux IP packet filtering ruleset";
80 homepage = "https://www.netfilter.org/projects/iptables/index.html";
81 platforms = platforms.linux;
82 mainProgram = "iptables";
83 maintainers = with maintainers; [ fpletz ];
84 license = licenses.gpl2Plus;
85 downloadPage = "https://www.netfilter.org/projects/iptables/files/";
86 };
87}