summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/iptables/iptables
Commit message (Collapse)AuthorAgeFilesLines
* iptables: correctly enable libnetfilter_conntrack supportAlexander Kanavin10 days1-49/+0
| | | | | | | | | | | | | This is done via configure option, and makes 0004-configure.ac-only-check-conntrack-when-libnfnetlink-.patch unnecessary, as both libnetfilter_conntrack and libnfnetlink are enabled in lockstep. (From OE-Core rev: 04ffb341864b443544e9f594248c0c785f601a55) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: remove unneeded ↵Alexander Kanavin10 days1-31/+0
| | | | | | | | | | | | 0002-iptables-xshared.h-add-missing-sys.types.h-include.patch Somewhere on the way it ceased to be necessary. (From OE-Core rev: b5a32b5744b4ebb1bdc8937e5ebbc35dced0b1a7) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: submit ↵Alexander Kanavin10 days1-18/+26
| | | | | | | | | | 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch upstream (From OE-Core rev: 67f6c3534a18520f3b7c5eed27dc2744c5bf44c2) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade 1.8.9 -> 1.8.10Changhyeok Bae2023-12-045-96/+18
| | | | | | | | | | | | - 0003-x is not required anymore because to xtables.conf is dropped. - format-security.patch is already in upstream. - Other patches are refreshed. (From OE-Core rev: 4616ada82e7079f0cc7e995c2f421f43b54d4a08) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: update 1.8.8 -> 1.8.9Alexander Kanavin2023-03-115-39/+44
| | | | | | | | | | | Replace one format string fixing patch with another format string fixing patch. (one problem fixed upstream, another introduced) (From OE-Core rev: 4a7b4d41ddcfaeaf47cf75200f2346639c64b11c) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade 1.8.7 -> 1.8.8Alexander Kanavin2022-05-202-0/+60
| | | | | | | | (From OE-Core rev: b44d6bc7e56121d977a7bc491aec00cf3fb510fb) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: do not install /etc/ethertypesTrevor Gamblin2022-03-111-0/+40
| | | | | | | | | | | | | | | Take inspiration from the ebtables recipe in meta-networking and omit installation of etc/ethertypes, since it is provided by netbase. If we don't do this, the following error occurs during build: Error: Transaction test error: file /etc/ethertypes conflicts between attempted installs of iptables-1.8.7-r0.core2_64 and netbase-1:6.3-r0.noarch (From OE-Core rev: 297fde1a6fc9ddf12bb4b0cba1d5b03664a3f378) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade 1.8.5 -> 1.8.6Alexander Kanavin2020-11-031-45/+0
| | | | | | | (From OE-Core rev: d81f9f3ed497241d6ac93d3c756eb55747eb07a0) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: fix invalid symbolic link for ip6tables-applyYi Zhao2020-06-171-0/+45
| | | | | | | | | | | | | | | | | The iptables-apply is not installed which makes ip6tables-apply as an invalid symbolic link: $ ls -l /usr/sbin/ip6tables-apply lrwxrwxrwx 1 root root 14 Jun 11 08:27 /usr/sbin/ip6tables-apply -> iptables-apply $ ls -l /usr/sbin/iptables-apply ls: cannot access '/usr/sbin/iptables-apply': No such file or directory Backport a patch to fix the issue. (From OE-Core rev: c3070d3b2e31a31fc32294972e7a3fae46b6e70f) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: Add systemd helper unit for IPv6 tooNiko Mauno2019-12-043-3/+16
| | | | | | | | | | | | Commit bc66b2f45ade2c63cfd14d5388f6ca0905a23bb0 added systemd helper unit for automatic IPv4 rule loading. Complement the effort by adding systemd helper unit also for automatic IPv6 rule loading. (From OE-Core rev: 3b8df6b6aba3632de7c3c01c8468fbcedb032493) Signed-off-by: Niko Mauno <niko.mauno@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: Allow overriding rules file locationNiko Mauno2019-12-041-2/+2
| | | | | | | | | | | | | In some cases a distribution may want to install rules file into a location other than /etc/iptables/ so introduce custom recipe-level IPTABLES_RULES_DIR parameter which allows conveniently overriding the rules directory location. (From OE-Core rev: 64eeedcdc586c221e3684861ba85e8e4bc9c5dd1) Signed-off-by: Niko Mauno <niko.mauno@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: add systemd helper unit to load/restore rulesJack Mitchell2019-09-162-0/+13
| | | | | | | | | | | | | | | | | | | There is currently no way to automatically load iptables rules in OE. Add a systemd unit file to automatically load rules on network connection. This is cribbed from the way ArchLinux handles iptables with some minor modifications for OE. New rules can be generated directly on the target using: # iptables-save -f /etc/iptables/iptables.rules Good documentation for writing rules offline is lacking, but the basics are explained here: https://unix.stackexchange.com/q/400163/49405 (From OE-Core rev: 76d3574d17c38d93ba4660bdae5730ac222994d4) Signed-off-by: Jack Mitchell <jack@embed.me.uk> Signed-off-by: Diego Rondini <diego.rondini@kynetics.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade 1.8.2 -> 1.8.3Anuj Mittal2019-07-232-178/+0
| | | | | | | | | | | | | Remove upstreamed patches and manually package symlinks which aren't handled by do_split_package. Changelog: http://git.netfilter.org/iptables/log/?qt=range&q=v1.8.3...v1.8.2 (From OE-Core rev: 845af88f86f143ca0b119f0489397cd505571cae) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: Security Advisory - iptables - CVE-2019-11360Li Zhou2019-07-191-0/+117
| | | | | | | | | | | Porting patch from <https://git.netfilter.org/iptables/commit/iptables/ xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e> to solve CVE-2019-11360. (From OE-Core rev: 5a38ef7eef9ecef2d27ae89f01691072bb94a25e) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade 1.6.2 -> 1.8.2Changhyeok Bae2019-04-161-0/+61
| | | | | | | | | | To enable security flash, get the build error. To fix this, 0003-extensions-format-security-fixes-in-libipt_icmp.patch is required. (From OE-Core rev: 2e135cea41c1276566a7390320468d1925481558) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: drop unnecessary patchesAlexander Kanavin2018-03-092-95/+0
| | | | | | | | | | | | These were adding definitions for the second time (see bug #10450 for why) or adding an include that isn't anymore necessary for musl builds. (From OE-Core rev: bed5ea53c74c4b444b2145e7a83ca9fd44ea30ec) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade to 1.6.1Maxin B. John2017-02-232-27/+54
| | | | | | | | | | | | | | 1.6.0 -> 1.6.1 Refreshed the following patches: a) 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b) 0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch (From OE-Core rev: 0148bb131b2ac68f168562e9eaedce8aa4e4a875) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade to 1.6.0Maxin B. John2016-01-072-86/+33
| | | | | | | | | | | | | | | | | | 1.4.21 -> 1.6.0 xtables_globals structure layout has changed. * Refreshed below listed patches to work with this release: 1. 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch 2. 0001-fix-build-with-musl.patch * Added PACKAGECONFIG for libnftnl (From OE-Core rev: 8609c4e5eadfdd60664640c4ae07e250c98dd86b) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: only check libnetfilter-conntrack when libnfnetlink is enabledKai Kang2015-10-121-0/+34
| | | | | | | | | | | | | | | | | | | | Package libnetfilter-conntrack depends on package libnfnetlink. iptables checks package libnetfilter-conntrack whatever its package config libnfnetlink is enabled or not. When libnfnetlink is disabled but package libnetfilter-conntrack exists, it fails randomly with: | In file included from .../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0: | .../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42: fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory | compilation terminated. | GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it. (From OE-Core rev: 31f34494b842d6c49b040db70ba5da428594f32c) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: Fix build on muslKhem Raj2015-04-131-0/+89
| | | | | | | | | | | Added needed headers and resuffled existing ones to get it portable Added defined for missing TCOPTS* Change-Id: I74977dd052c5569b00631379d7f4bacfb86cf381 (From OE-Core rev: d30fba63286dc8f5ac72ac65fae6af6001e58ec2) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade to 1.4.19.1Cristian Iorga2013-06-071-44/+0
| | | | | | | | | | fix-iptables-extensions-build-error.patch no longer needed. (From OE-Core rev: 02971543527e993b60132ddb101a9093efa3f324) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade to 1.4.18Cristian Iorga2013-05-121-86/+0
| | | | | | | | | | | fix-link-failure-ip6t-NETMAP.patch removed; already included in upstream. (From OE-Core rev: f5f2959391721a98d4259421650d90ccf475b025) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: Turn ipv6 and libnfnetlink support into PACKAGECONFIGKhem Raj2013-03-181-0/+47
| | | | | | | | | | | | | | | | | | | | | | | Detection of libnfnetlink is automatic in configure which means that when you have meta-networking in your cosmos, it would create a race condition where if libnfnetlink is already staged then it will be enabled otherwise disabled. The issue happens quite often with sstate and high parallelism. Since the dependency libnfnetlink is not part of OE-Core, this patch turns it into a PACKAGECONFIG which is diabled by default and iptables is patched to provide the knob. If you want to enable libnfnetlink support then it can be done in a bbappend where you are sure that you are also including meta-networking in your distro. While at it also turned ipv6 support into packageconfig (From OE-Core rev: 0332551d90c866c5874529e81819b81b534e14be) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade to 1.4.17Cristian Iorga2013-01-182-0/+130
| | | | | | | | | | patch added to fix cross-compilation issues (From OE-Core rev: f6c7d5e0590e3e70fb435e747ffdb9fe586e7bfc) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade to version 1.4.13Dongxiao Xu2012-05-011-18/+0
| | | | | | | | | Remove a patch since it is already in upstream. (From OE-Core rev: 90f32e0fffaef55415088f523e282ca3c08fa7ee) Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: fix build error against 3.2+ kernel headersBruce Ashfield2012-03-241-0/+49
| | | | | | | | | | | | | | | | | The iptables local linux/types.h overrides the kernel/sysroot types.h. As such, we need to provide some defines that are required to build against 3.2+ kernel headers. ifndef protection is provided for the defines to ensure that configuration that already have these defines are still buildable. This commit is temporary until a new version of iptables can be used that contains the defines. (From OE-Core rev: 1642f519bb30b3ebcfb6170cdbbc0e327d057012) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade to 1.4.12.2Shane Wang2012-01-241-0/+18
This patch is to upgrade iptables to 1.4.12.2, and introduce a patch not to check unknown symbols. Otherwise, when it is compiled, it will report "libxtables.so.7" from LD_PRELOAD cannot be preloaded. (From OE-Core rev: 27ed7024cf2ee9c9f84246fd931bc390cb638851) Signed-off-by: Shane Wang <shane.wang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-07 00:03:23 +0000