kernel: update linux 3.1 to 3.1.9

[openwrt.git] / package / iptables / Makefile

diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index 2f12dbd..67dedca 100644 (file)
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -1,138 +1,518 @@
-# $Id$
+#
+# Copyright (C) 2006-2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#

 
 include $(TOPDIR)/rules.mk
 
 include $(TOPDIR)/rules.mk

-include kernelconfig.mk
+include $(INCLUDE_DIR)/kernel.mk

 
 

-PKG_NAME := iptables
-PKG_VERSION := 1.3.1
-PKG_RELEASE := 1
-PKG_MD5SUM := c3358a3bd0d7755df0b64a5063db296b
+PKG_NAME:=iptables
+PKG_VERSION:=1.4.10
+PKG_RELEASE:=4

 
 

-PKG_SOURCE_SITE := http://www.netfilter.org/files
-PKG_SOURCE_FILE := $(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_SOURCE_CAT := bzcat
-PKG_SOURCE_DIR := $(PKG_NAME)-$(PKG_VERSION)
+PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
+       ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
+       ftp://ftp.de.netfilter.org/pub/netfilter/iptables/ \
+       ftp://ftp.no.netfilter.org/pub/netfilter/iptables/

 
 

-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_SOURCE_DIR)
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1

 
 

-PKG_IPT := $(PACKAGE_DIR)/iptables_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
-PKG_IPT_UTILS := $(PACKAGE_DIR)/iptables-utils_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
-PKG_IPT_EXTRA := $(PACKAGE_DIR)/iptables-extra_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
-PKG_IP6T := $(PACKAGE_DIR)/ip6tables_$(PKG_VERSION)-$(PKG_RELEASE)_$(ARCH).ipk
+include $(INCLUDE_DIR)/package.mk
+ifeq ($(DUMP),)
+  -include $(LINUX_DIR)/.config
+  include $(INCLUDE_DIR)/netfilter.mk
+  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell $(SH_FUNC) grep 'NETFILTER' $(LINUX_DIR)/.config | md5s)
+endif

 
 

-I_IPT := $(PKG_BUILD_DIR)/ipkg/iptables
-I_IPT_UTILS := $(PKG_BUILD_DIR)/ipkg/iptables-utils
-I_IPT_EXTRA := $(PKG_BUILD_DIR)/ipkg/iptables-extra
-I_IP6T := $(PKG_BUILD_DIR)/ipkg/ip6tables

 
 

-TARGETS := $(STAGING_DIR)/libipq/libipq.a $(PKG_IPT)
-ifneq ($(BR2_PACKAGE_IPTABLES_UTILS),)
-TARGETS += $(PKG_IPT_UTILS)
-endif
-ifneq ($(BR2_PACKAGE_IPTABLES_EXTRA),)
-TARGETS += $(PKG_IPT_EXTRA)
-endif
-ifneq ($(BR2_PACKAGE_IP6TABLES),)
-TARGETS += $(PKG_IP6T)
-endif
+define Package/iptables/Default
+  SECTION:=net
+  CATEGORY:=Network
+  SUBMENU:=Firewall
+  URL:=http://netfilter.org/
+endef

 
 

-INSTALL_TARGETS := $(IPKG_STATE_DIR)/info/iptables.list
-ifeq ($(BR2_PACKAGE_IPTABLES_UTILS),y)
-INSTALL_TARGETS += $(IPKG_STATE_DIR)/info/iptables-utils.list
-endif
-ifeq ($(BR2_PACKAGE_IPTABLES_EXTRA),y)
-INSTALL_TARGETS += $(IPKG_STATE_DIR)/info/iptables-extra.list
-endif
-ifeq ($(BR2_PACKAGE_IP6TABLES),y)
-INSTALL_TARGETS += $(IPKG_STATE_DIR)/info/ip6tables.list
-endif
+define Package/iptables/Module
+$(call Package/iptables/Default)
+  DEPENDS:=iptables $(1)
+endef

 
 

-$(DL_DIR)/$(PKG_SOURCE_FILE):
-       mkdir -p $(DL_DIR)
-       $(SCRIPT_DIR)/download.pl $(DL_DIR) $(PKG_SOURCE_FILE) $(PKG_MD5SUM) $(PKG_SOURCE_SITE)
+define Package/iptables
+$(call Package/iptables/Default)
+  TITLE:=IPv4 firewall administration tool
+  MENU:=1
+  DEPENDS+= +kmod-ipt-core +libip4tc +libxtables
+endef

 
 

-$(PKG_BUILD_DIR)/.patched: $(DL_DIR)/$(PKG_SOURCE_FILE)
-       mkdir -p $(PKG_BUILD_DIR)/modules
-       $(PKG_SOURCE_CAT) $(DL_DIR)/$(PKG_SOURCE_FILE) | tar -C $(BUILD_DIR) $(TAR_OPTIONS) -
-       $(PATCH) $(PKG_BUILD_DIR) ./patches
-       touch $(PKG_BUILD_DIR)/.patched
+define Package/iptables/description
+IPv4 firewall administration tool.

 
 

-$(PKG_BUILD_DIR)/iptables: $(PKG_BUILD_DIR)/.patched
-       $(TARGET_CONFIGURE_OPTS) \
-       $(MAKE) -C $(PKG_BUILD_DIR) \
-               KERNEL_DIR=$(LINUX_DIR) PREFIX=/usr \
-               CC=$(TARGET_CC) COPT_FLAGS="$(TARGET_CFLAGS)"
-               
-$(STAGING_DIR)/libipq/libipq.a: $(PKG_BUILD_DIR)/iptables
+ Matches:
+  - icmp
+  - tcp
+  - udp
+  - comment
+  - limit
+  - mac
+  - multiport
+
+ Targets:
+  - ACCEPT
+  - DROP
+  - REJECT
+  - LOG
+  - TCPMSS
+
+ Tables:
+  - filter
+  - mangle
+
+endef
+
+define Package/iptables-mod-conntrack
+$(call Package/iptables/Module, +kmod-ipt-conntrack)
+  TITLE:=Basic connection tracking extensions
+endef
+
+define Package/iptables-mod-conntrack/description
+Basic iptables extensions for connection tracking.
+
+ Matches:
+  - state
+  - conntrack
+
+ Targets:
+  - NOTRACK
+
+ Tables:
+  - raw
+
+endef
+
+define Package/iptables-mod-conntrack-extra
+$(call Package/iptables/Module, +kmod-ipt-conntrack-extra)
+  TITLE:=Extra connection tracking extensions
+endef
+
+define Package/iptables-mod-conntrack-extra/description
+Extra iptables extensions for connection tracking.
+
+ Matches:
+  - connbytes
+  - connmark
+  - recent
+  - helper
+
+ Targets:
+  - CONNMARK
+
+endef
+
+define Package/iptables-mod-filter
+$(call Package/iptables/Module, +kmod-ipt-filter)
+  TITLE:=Content inspection extensions
+endef
+
+define Package/iptables-mod-filter/description
+iptables extensions for packet content inspection.
+Includes support for:
+
+ Matches:
+  - layer7
+  - string
+
+endef
+
+define Package/iptables-mod-ipopt
+$(call Package/iptables/Module, +kmod-ipt-ipopt)
+  TITLE:=IP/Packet option extensions
+endef
+
+define Package/iptables-mod-ipopt/description
+iptables extensions for matching/changing IP packet options.
+
+ Matches:
+  - dscp
+  - hashlimit
+  - ecn
+  - length
+  - mark
+  - statistic
+  - tcpmss
+  - time
+  - unclean
+  - hl
+
+ Targets:
+  - DSCP
+  - CLASSIFY
+  - ECN
+  - MARK
+  - HL
+
+endef
+
+define Package/iptables-mod-ipsec
+$(call Package/iptables/Module, +kmod-ipt-ipsec)
+  TITLE:=IPsec extensions
+endef
+
+define Package/iptables-mod-ipsec/description
+iptables extensions for matching ipsec traffic.
+
+ Matches:
+  - ah
+  - esp
+  - policy
+
+endef
+
+define Package/iptables-mod-ipset
+$(call Package/iptables/Module,)
+  TITLE:=IPset iptables extensions
+endef
+
+define Package/iptables-mod-ipset/description
+IPset iptables extensions.
+
+ Matches:
+  - set
+
+ Targets:
+  - SET
+
+endef
+
+define Package/iptables-mod-nat
+$(call Package/iptables/Module, +kmod-ipt-nat)
+  TITLE:=Basic NAT extensions
+endef
+
+define Package/iptables-mod-nat/description
+iptables extensions for basic NAT targets.
+
+ Targets:
+  - SNAT
+  - DNAT
+  - MASQUERADE
+
+ Tables:
+  - nat
+
+endef
+
+define Package/iptables-mod-nat-extra
+$(call Package/iptables/Module, +kmod-ipt-nat-extra)
+  TITLE:=Extra NAT extensions
+endef
+
+define Package/iptables-mod-nat-extra/description
+iptables extensions for extra NAT targets.
+
+ Targets:
+  - MIRROR
+  - NETMAP
+  - REDIRECT
+endef
+
+define Package/iptables-mod-ulog
+$(call Package/iptables/Module, +kmod-ipt-ulog)
+  TITLE:=user-space packet logging
+endef
+
+define Package/iptables-mod-ulog/description
+iptables extensions for user-space packet logging.
+
+ Targets:
+  - ULOG
+
+endef
+
+define Package/iptables-mod-hashlimit
+$(call Package/iptables/Module, +kmod-ipt-hashlimit)
+  TITLE:=hashlimit matching
+endef
+
+define Package/iptables-mod-hashlimit/description
+iptables extensions for hashlimit matching
+
+ Matches:
+  - hashlimit
+
+endef
+
+define Package/iptables-mod-iprange
+$(call Package/iptables/Module, +kmod-ipt-iprange)
+  TITLE:=IP range extension
+endef
+
+define Package/iptables-mod-iprange/description
+iptables extensions for matching ip ranges.
+
+ Matches:
+  - iprange
+
+endef
+
+define Package/iptables-mod-extra
+$(call Package/iptables/Module, +kmod-ipt-extra)
+  TITLE:=Other extra iptables extensions
+endef
+
+define Package/iptables-mod-extra/description
+Other extra iptables extensions.
+
+ Matches:
+  - condition
+  - owner
+  - physdev (if ebtables is enabled)
+  - pkttype
+  - quota
+
+endef
+
+define Package/iptables-mod-led
+$(call Package/iptables/Module, +kmod-ipt-led)
+  TITLE:=LED trigger iptables extension
+endef
+
+define Package/iptables-mod-led/description
+iptables extension for triggering a LED.
+
+ Targets:
+  - LED
+
+endef
+
+define Package/iptables-mod-tproxy
+$(call Package/iptables/Module, +kmod-ipt-tproxy)
+  TITLE:=Transparent proxy iptables extensions
+endef
+
+define Package/iptables-mod-tproxy/description
+Transparent proxy iptables extensions.
+
+ Matches:
+  - socket
+
+ Targets:
+  - TPROXY
+
+endef
+
+define Package/iptables-mod-tee
+$(call Package/iptables/Module, +kmod-ipt-tee)
+  TITLE:=TEE iptables extensions
+endef
+
+define Package/iptables-mod-tee/description
+TEE iptables extensions.
+
+ Targets:
+  - TEE
+
+endef
+
+define Package/iptables-mod-u32
+$(call Package/iptables/Module, +kmod-ipt-u32)
+  TITLE:=U32 iptables extensions
+endef
+
+define Package/iptables-mod-u32/description
+U32 iptables extensions.
+
+ Matches:
+  - u32
+
+endef
+
+define Package/ip6tables
+$(call Package/iptables/Default)
+  DEPENDS:=+kmod-ip6tables +libip6tc +libxtables
+  CATEGORY:=IPv6
+  TITLE:=IPv6 firewall administration tool
+  MENU:=1
+endef
+
+define Package/libiptc
+$(call Package/iptables/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  DEPENDS:=+libip4tc +libip6tc
+  TITLE:=IPv4/IPv6 firewall - shared libiptc library (compatibility stub)
+endef
+
+define Package/libip4tc
+$(call Package/iptables/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=IPv4 firewall - shared libiptc library
+endef
+
+define Package/libip6tc
+$(call Package/iptables/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=IPv6 firewall - shared libiptc library
+endef
+
+define Package/libxtables
+ $(call Package/iptables/Default)
+ SECTION:=libs
+ CATEGORY:=Libraries
+ TITLE:=IPv4/IPv6 firewall - shared xtables library
+endef
+
+define Package/libipq
+  $(call Package/iptables/Default)
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=IPv4/IPv6 firewall - shared libipq library
+endef
+
+TARGET_CPPFLAGS := \
+       -I$(PKG_BUILD_DIR)/include \
+       -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include \
+       $(TARGET_CPPFLAGS)
+
+TARGET_CFLAGS += \
+       -I$(PKG_BUILD_DIR)/include \
+       -I$(LINUX_DIR)/arch/$(LINUX_KARCH)/include
+
+CONFIGURE_ARGS += \
+       --enable-shared \
+       --enable-devel \
+       --enable-ipv6 \
+       --enable-libipq \
+       --with-kernel="$(LINUX_DIR)" \
+       --with-xtlibdir=/usr/lib/iptables
+
+MAKE_FLAGS := \

        $(TARGET_CONFIGURE_OPTS) \
        $(TARGET_CONFIGURE_OPTS) \

-       $(MAKE) -C $(PKG_BUILD_DIR) \
-               KERNEL_DIR=$(LINUX_DIR) PREFIX=/usr \
-               CC=$(TARGET_CC) COPT_FLAGS="$(TARGET_CFLAGS)" \
-               libipq/libipq.a
-       cp -a $(PKG_BUILD_DIR)/include/* $(STAGING_DIR)/include/
-       cp $(PKG_BUILD_DIR)/libipq/libipq.a $(STAGING_DIR)/lib/
-       cp $(PKG_BUILD_DIR)/libiptc/libiptc.a $(STAGING_DIR)/lib/
-
-$(PKG_IPT): $(PKG_BUILD_DIR)/iptables
-       $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_IPT) control/iptables.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH) 
-       mkdir -p $(I_IPT)/usr/sbin
-       cp -af $(PKG_BUILD_DIR)/iptables $(I_IPT)/usr/sbin/
-       $(STRIP) $(I_IPT)/usr/sbin/iptables
-       mkdir -p $(I_IPT)/usr/lib/iptables
-       (cd $(PKG_BUILD_DIR)/extensions; \
-        cp $(patsubst %,libipt_%.so,$(ext-y)) $(I_IPT)/usr/lib/iptables)
-       -$(STRIP) $(I_IPT)/usr/lib/iptables/*.so
-       mkdir -p $(PACKAGE_DIR)
-       $(IPKG_BUILD) $(I_IPT) $(PACKAGE_DIR)
-
-$(IPKG_STATE_DIR)/info/iptables.list: $(PKG_IPT)
-       $(IPKG) install $(PKG_IPT)
-
-$(PKG_IPT_EXTRA): $(PKG_BUILD_DIR)/iptables
-       $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_IPT_EXTRA) control/iptables-extra.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH) 
-       mkdir -p $(I_IPT_EXTRA)/usr/lib/iptables
-       (cd $(PKG_BUILD_DIR)/extensions; \
-        cp $(patsubst %,libipt_%.so,$(ext-m)) $(I_IPT_EXTRA)/usr/lib/iptables)
-       -$(STRIP) $(I_IPT_EXTRA)/usr/lib/iptables/*.so
-       mkdir -p $(PACKAGE_DIR)
-       $(IPKG_BUILD) $(I_IPT_EXTRA) $(PACKAGE_DIR)
-
-$(IPKG_STATE_DIR)/info/iptables-extra.list: $(PKG_IPT)
-       $(IPKG) install $(PKG_IPT_EXTRA)
-
-$(PKG_IPT_UTILS): $(PKG_BUILD_DIR)/iptables
-       $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_IPT_UTILS) control/iptables-utils.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH) 
-       mkdir -p $(I_IPT_UTILS)/usr/sbin
-       cp $(PKG_BUILD_DIR)/iptables-save $(I_IPT_UTILS)/usr/sbin
-       cp $(PKG_BUILD_DIR)/iptables-restore $(I_IPT_UTILS)/usr/sbin
-       -$(STRIP) $(I_IPT_UTILS)/usr/sbin/*
-       mkdir -p $(PACKAGE_DIR)
-       $(IPKG_BUILD) $(I_IPT_UTILS) $(PACKAGE_DIR)
-
-$(IPKG_STATE_DIR)/info/iptables-utils.list: $(PKG_IPT)
-       $(IPKG) install $(PKG_IPT_UTILS)
-
-$(PKG_IP6T): $(PKG_BUILD_DIR)/iptables
-       $(SCRIPT_DIR)/make-ipkg-dir.sh $(I_IP6T) control/ip6tables.control $(PKG_VERSION)-$(PKG_RELEASE) $(ARCH) 
-       mkdir -p $(I_IP6T)/usr/sbin
-       cp -af $(PKG_BUILD_DIR)/ip6tables $(I_IP6T)/usr/sbin/
-       $(STRIP) $(I_IP6T)/usr/sbin/ip6tables
-       mkdir -p $(I_IP6T)/usr/lib/iptables
-       (cd $(PKG_BUILD_DIR)/extensions; \
-        cp libip6t_*.so $(I_IP6T)/usr/lib/iptables)
-       -$(STRIP) $(I_IP6T)/usr/lib/iptables/*.so
-       mkdir -p $(PACKAGE_DIR)
-       $(IPKG_BUILD) $(I_IP6T) $(PACKAGE_DIR)
-
-$(IPKG_STATE_DIR)/info/ip6tables.list: $(PKG_IP6T)
-       $(IPKG) install $(PKG_IP6T)
-
-
-source: $(DL_DIR)/$(PKG_SOURCE_FILE)
-prepare: $(PKG_BUILD_DIR)/.patched
-compile: $(TARGETS)
-install: $(INSTALL_TARGETS)
-
-clean:
-       rm -rf $(PKG_BUILD_DIR)
-       rm -f $(PKG_IPT) $(PKG_IPT_EXTRA) $(PKG_IP6T)
+       COPT_FLAGS="$(TARGET_CFLAGS)" \
+       LDFLAGS="-rdynamic" \
+       KERNEL_DIR="$(LINUX_DIR)" PREFIX=/usr \
+       KBUILD_OUTPUT="$(LINUX_DIR)" \
+
+define Build/InstallDev
+       $(INSTALL_DIR) $(1)/usr/include
+       $(INSTALL_DIR) $(1)/usr/include/iptables
+       $(INSTALL_DIR) $(1)/usr/include/net/netfilter
+
+       # XXX: iptables header fixup, some headers are not installed by iptables anymore
+       $(CP) $(PKG_BUILD_DIR)/include/net/netfilter/*.h $(1)/usr/include/net/netfilter/
+       $(CP) $(PKG_BUILD_DIR)/include/iptables/*.h $(1)/usr/include/iptables/
+       $(CP) $(PKG_BUILD_DIR)/include/iptables.h $(1)/usr/include/
+       $(CP) $(PKG_BUILD_DIR)/include/libipq/libipq.h $(1)/usr/include/
+       $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
+       $(CP) $(PKG_BUILD_DIR)/include/libiptc $(1)/usr/include/
+
+       $(CP) $(PKG_INSTALL_DIR)/usr/include/* $(1)/usr/include/
+       $(INSTALL_DIR) $(1)/usr/lib
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip*tc.so* $(1)/usr/lib/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.so* $(1)/usr/lib/
+       $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/xtables.pc $(1)/usr/lib/pkgconfig/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libiptc.pc $(1)/usr/lib/pkgconfig/
+endef
+
+define Package/iptables/install
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/iptables $(1)/usr/sbin/
+       $(LN) iptables $(1)/usr/sbin/iptables-save
+       $(LN) iptables $(1)/usr/sbin/iptables-restore
+       $(INSTALL_DIR) $(1)/usr/lib/iptables
+       (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
+               for m in $(patsubst xt_%,ipt_%,$(IPT_BUILTIN)) $(patsubst ipt_%,xt_%,$(IPT_BUILTIN)); do \
+                       if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so ]; then \
+                               $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$${m}.so $(1)/usr/lib/iptables/ ;\
+                       fi; \
+               done \
+       )
+endef
+
+define Package/ip6tables/install
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables $(1)/usr/sbin/
+       $(LN) ip6tables $(1)/usr/sbin/ip6tables-save
+       $(LN) ip6tables $(1)/usr/sbin/ip6tables-restore
+       $(INSTALL_DIR) $(1)/usr/lib/iptables
+       (cd $(PKG_INSTALL_DIR)/usr/lib/iptables ; \
+               $(CP) libip6t_*.so $(1)/usr/lib/iptables/ \
+       )
+endef
+
+define Package/libiptc/install
+       $(INSTALL_DIR) $(1)/usr/lib
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libiptc.so* $(1)/usr/lib/
+endef
+
+define Package/libip4tc/install
+       $(INSTALL_DIR) $(1)/usr/lib
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip4tc.so* $(1)/usr/lib/
+endef
+
+define Package/libip6tc/install
+       $(INSTALL_DIR) $(1)/usr/lib
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libip6tc.so* $(1)/usr/lib/
+endef
+
+define Package/libxtables/install
+       $(INSTALL_DIR) $(1)/usr/lib
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libxtables.so* $(1)/usr/lib/
+endef
+
+define Package/libipq/install
+       $(INSTALL_DIR) $(1)/usr/lib
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/libipq.so* $(1)/usr/lib/
+endef
+
+define BuildPlugin
+  define Package/$(1)/install
+       $(INSTALL_DIR) $$(1)/usr/lib/iptables
+       for m in $(patsubst xt_%,ipt_%,$(2)) $(patsubst ipt_%,xt_%,$(2)); do \
+               if [ -f $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so ]; then \
+                       $(CP) $(PKG_INSTALL_DIR)/usr/lib/iptables/lib$$$$$$$${m}.so $$(1)/usr/lib/iptables/ ; \
+               fi; \
+       done
+       $(3)
+  endef
+
+  $$(eval $$(call BuildPackage,$(1)))
+endef
+
+L7_INSTALL:=\
+       $(INSTALL_DIR) $$(1)/etc/l7-protocols; \
+       $(CP) files/l7/*.pat $$(1)/etc/l7-protocols/
+
+
+$(eval $(call BuildPackage,iptables))
+$(eval $(call BuildPlugin,iptables-mod-conntrack,$(IPT_CONNTRACK-m)))
+$(eval $(call BuildPlugin,iptables-mod-conntrack-extra,$(IPT_CONNTRACK_EXTRA-m)))
+$(eval $(call BuildPlugin,iptables-mod-extra,$(IPT_EXTRA-m)))
+$(eval $(call BuildPlugin,iptables-mod-filter,$(IPT_FILTER-m),$(L7_INSTALL)))
+$(eval $(call BuildPlugin,iptables-mod-ipopt,$(IPT_IPOPT-m)))
+$(eval $(call BuildPlugin,iptables-mod-ipsec,$(IPT_IPSEC-m)))
+$(eval $(call BuildPlugin,iptables-mod-ipset,ipt_set ipt_SET))
+$(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
+$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
+$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
+$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
+$(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m)))
+$(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
+$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
+$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
+$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
+$(eval $(call BuildPackage,ip6tables))
+$(eval $(call BuildPackage,libiptc))
+$(eval $(call BuildPackage,libip4tc))
+$(eval $(call BuildPackage,libip6tc))
+$(eval $(call BuildPackage,libxtables))
+$(eval $(call BuildPackage,libipq))