summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/iptables/iptables
AgeCommit message (Collapse)Author
2019-12-04iptables: Add systemd helper unit for IPv6 tooNiko Mauno
Commit bc66b2f45ade2c63cfd14d5388f6ca0905a23bb0 added systemd helper unit for automatic IPv4 rule loading. Complement the effort by adding systemd helper unit also for automatic IPv6 rule loading. Signed-off-by: Niko Mauno <niko.mauno@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-04iptables: Allow overriding rules file locationNiko Mauno
In some cases a distribution may want to install rules file into a location other than /etc/iptables/ so introduce custom recipe-level IPTABLES_RULES_DIR parameter which allows conveniently overriding the rules directory location. Signed-off-by: Niko Mauno <niko.mauno@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-09-16iptables: add systemd helper unit to load/restore rulesJack Mitchell
There is currently no way to automatically load iptables rules in OE. Add a systemd unit file to automatically load rules on network connection. This is cribbed from the way ArchLinux handles iptables with some minor modifications for OE. New rules can be generated directly on the target using: # iptables-save -f /etc/iptables/iptables.rules Good documentation for writing rules offline is lacking, but the basics are explained here: https://unix.stackexchange.com/q/400163/49405 Signed-off-by: Jack Mitchell <jack@embed.me.uk> Signed-off-by: Diego Rondini <diego.rondini@kynetics.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2019-07-22iptables: upgrade 1.8.2 -> 1.8.3Anuj Mittal
Remove upstreamed patches and manually package symlinks which aren't handled by do_split_package. Changelog: http://git.netfilter.org/iptables/log/?qt=range&q=v1.8.3...v1.8.2 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-19iptables: Security Advisory - iptables - CVE-2019-11360Li Zhou
Porting patch from <https://git.netfilter.org/iptables/commit/iptables/ xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e> to solve CVE-2019-11360. Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-04-16iptables: upgrade 1.6.2 -> 1.8.2Changhyeok Bae
To enable security flash, get the build error. To fix this, 0003-extensions-format-security-fixes-in-libipt_icmp.patch is required. Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-09iptables: drop unnecessary patchesAlexander Kanavin
These were adding definitions for the second time (see bug #10450 for why) or adding an include that isn't anymore necessary for musl builds. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23iptables: upgrade to 1.6.1Maxin B. John
1.6.0 -> 1.6.1 Refreshed the following patches: a) 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b) 0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-01-07iptables: upgrade to 1.6.0Maxin B. John
1.4.21 -> 1.6.0 xtables_globals structure layout has changed. * Refreshed below listed patches to work with this release: 1. 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch 2. 0001-fix-build-with-musl.patch * Added PACKAGECONFIG for libnftnl Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-10-12iptables: only check libnetfilter-conntrack when libnfnetlink is enabledKai Kang
Package libnetfilter-conntrack depends on package libnfnetlink. iptables checks package libnetfilter-conntrack whatever its package config libnfnetlink is enabled or not. When libnfnetlink is disabled but package libnetfilter-conntrack exists, it fails randomly with: | In file included from .../iptables/1.4.21-r0/iptables-1.4.21/extensions/libxt_connlabel.c:8:0: | .../tmp/sysroots/qemumips/usr/include/libnetfilter_conntrack/libnetfilter_conntrack.h:14:42: fatal error: libnfnetlink/linux_nfnetlink.h: No such file or directory | compilation terminated. | GNUmakefile:96: recipe for target 'libxt_connlabel.oo' failed Only check libnetfilter-conntrack when libnfnetlink is enabled to fix it. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-04-13iptables: Fix build on muslKhem Raj
Added needed headers and resuffled existing ones to get it portable Added defined for missing TCOPTS* Change-Id: I74977dd052c5569b00631379d7f4bacfb86cf381 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-06-07iptables: upgrade to 1.4.19.1Cristian Iorga
fix-iptables-extensions-build-error.patch no longer needed. Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-05-12iptables: upgrade to 1.4.18Cristian Iorga
fix-link-failure-ip6t-NETMAP.patch removed; already included in upstream. Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-03-18iptables: Turn ipv6 and libnfnetlink support into PACKAGECONFIGKhem Raj
Detection of libnfnetlink is automatic in configure which means that when you have meta-networking in your cosmos, it would create a race condition where if libnfnetlink is already staged then it will be enabled otherwise disabled. The issue happens quite often with sstate and high parallelism. Since the dependency libnfnetlink is not part of OE-Core, this patch turns it into a PACKAGECONFIG which is diabled by default and iptables is patched to provide the knob. If you want to enable libnfnetlink support then it can be done in a bbappend where you are sure that you are also including meta-networking in your distro. While at it also turned ipv6 support into packageconfig Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-01-18iptables: upgrade to 1.4.17Cristian Iorga
patch added to fix cross-compilation issues Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-05-01iptables: upgrade to version 1.4.13Dongxiao Xu
Remove a patch since it is already in upstream. Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
2012-03-24iptables: fix build error against 3.2+ kernel headersBruce Ashfield
The iptables local linux/types.h overrides the kernel/sysroot types.h. As such, we need to provide some defines that are required to build against 3.2+ kernel headers. ifndef protection is provided for the defines to ensure that configuration that already have these defines are still buildable. This commit is temporary until a new version of iptables can be used that contains the defines. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
2012-01-24iptables: upgrade to 1.4.12.2Shane Wang
This patch is to upgrade iptables to 1.4.12.2, and introduce a patch not to check unknown symbols. Otherwise, when it is compiled, it will report "libxtables.so.7" from LD_PRELOAD cannot be preloaded. Signed-off-by: Shane Wang <shane.wang@intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-25 08:07:51 +0000