tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / iptables / default.nix
at netboot-syslinux-multiplatform 68 lines 2.2 kB view raw
1{ lib, stdenv, fetchurl 2, autoreconfHook, pkg-config, pruneLibtoolFiles, flex, bison 3, libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap 4, nftablesCompat ? true 5, fetchpatch 6}: 7 8stdenv.mkDerivation rec { 9 version = "1.8.9"; 10 pname = "iptables"; 11 12 src = fetchurl { 13 url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.xz"; 14 sha256 = "72Y5pDvoMlpPjqaBI/+sI2y2lujHhQG2ToEGr7AIyH8="; 15 }; 16 17 patches = [ 18 (fetchpatch { 19 name = "format-security.patch"; 20 url = "https://git.netfilter.org/iptables/patch/?id=ed4082a7405a5838c205a34c1559e289949200cc"; 21 sha256 = "OdytFmHk+3Awu+sDQpGTl5/qip4doRblmW2vQzfNZiU="; 22 }) 23 (fetchurl { 24 name = "static.patch"; 25 url = "https://lore.kernel.org/netfilter-devel/20230402232939.1060151-1-hi@alyssa.is/raw"; 26 sha256 = "PkH+1HbJjBb3//ffBe0XUQok1lBwgj/STL8Ppu/28f4="; 27 }) 28 ]; 29 30 outputs = [ "out" "dev" "man" ]; 31 32 nativeBuildInputs = [ 33 autoreconfHook pkg-config pruneLibtoolFiles flex bison 34 ]; 35 36 buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ]; 37 38 preConfigure = '' 39 export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl" 40 ''; 41 42 configureFlags = [ 43 "--enable-bpf-compiler" 44 "--enable-devel" 45 "--enable-libipq" 46 "--enable-nfsynproxy" 47 "--enable-shared" 48 ] ++ lib.optional (!nftablesCompat) "--disable-nftables"; 49 50 postInstall = lib.optionalString nftablesCompat '' 51 rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save} 52 ln -sv xtables-nft-multi $out/bin/iptables 53 ln -sv xtables-nft-multi $out/bin/iptables-restore 54 ln -sv xtables-nft-multi $out/bin/iptables-save 55 ln -sv xtables-nft-multi $out/bin/ip6tables 56 ln -sv xtables-nft-multi $out/bin/ip6tables-restore 57 ln -sv xtables-nft-multi $out/bin/ip6tables-save 58 ''; 59 60 meta = with lib; { 61 description = "A program to configure the Linux IP packet filtering ruleset"; 62 homepage = "https://www.netfilter.org/projects/iptables/index.html"; 63 platforms = platforms.linux; 64 maintainers = with maintainers; [ fpletz ]; 65 license = licenses.gpl2; 66 downloadPage = "https://www.netfilter.org/projects/iptables/files/"; 67 }; 68}