[openwrt/openwrt] iptables: use ALTERNATIVES for ip(6)tables(-nft)
LEDE Commits
lede-commits at lists.infradead.org
Wed Feb 2 15:14:18 PST 2022
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/3a5df36cf694ca821ad5486ff360969bd3492aaa
commit 3a5df36cf694ca821ad5486ff360969bd3492aaa
Author: Etienne Champetier <champetier.etienne at gmail.com>
AuthorDate: Wed Jan 26 17:09:44 2022 -0500
iptables: use ALTERNATIVES for ip(6)tables(-nft)
As nftables is now the default, ip(6)tables-nft gets higher priority
The removed symlinks ("$(CP)" line) will now be installed by the
ALTERNATIVES mechanism
Signed-off-by: Etienne Champetier <champetier.etienne at gmail.com>
---
package/network/utils/iptables/Makefile | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 853bff39c6..cf87d6de06 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -49,6 +49,10 @@ $(call Package/iptables/Default)
TITLE:=IP firewall administration tool
MENU:=1
DEPENDS+= +kmod-ipt-core +libip4tc +IPV6:libip6tc +libxtables
+ ALTERNATIVES:=\
+ 200:/usr/sbin/iptables:/usr/sbin/xtables-legacy-multi \
+ 200:/usr/sbin/iptables-restore:/usr/sbin/xtables-legacy-multi \
+ 200:/usr/sbin/iptables-save:/usr/sbin/xtables-legacy-multi
endef
define Package/iptables/config
@@ -109,6 +113,10 @@ define Package/iptables-nft
$(call Package/iptables/Default)
TITLE:=IP firewall administration tool nft
DEPENDS:=@IPTABLES_NFTABLES +libxtables-nft +libip4tc +IPV6:libip6tc +kmod-ipt-core +kmod-nft-compat
+ ALTERNATIVES:=\
+ 300:/usr/sbin/iptables:/usr/sbin/xtables-nft-multi \
+ 300:/usr/sbin/iptables-restore:/usr/sbin/xtables-nft-multi \
+ 300:/usr/sbin/iptables-save:/usr/sbin/xtables-nft-multi
endef
define Package/iptables-nft/description
@@ -450,12 +458,20 @@ $(call Package/iptables/Default)
CATEGORY:=Network
TITLE:=IPv6 firewall administration tool
MENU:=1
+ ALTERNATIVES:=\
+ 200:/usr/sbin/ip6tables:/usr/sbin/xtables-legacy-multi \
+ 200:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-legacy-multi \
+ 200:/usr/sbin/ip6tables-save:/usr/sbin/xtables-legacy-multi
endef
define Package/ip6tables-nft
$(call Package/iptables/Default)
DEPENDS:=@IPV6 +kmod-ip6tables +iptables-nft
TITLE:=IP firewall administration tool nft
+ ALTERNATIVES:=\
+ 300:/usr/sbin/ip6tables:/usr/sbin/xtables-nft-multi \
+ 300:/usr/sbin/ip6tables-restore:/usr/sbin/xtables-nft-multi \
+ 300:/usr/sbin/ip6tables-save:/usr/sbin/xtables-nft-multi
endef
define Package/ip6tables-nft/description
@@ -598,7 +614,6 @@ endef
define Package/iptables/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/xtables-legacy-multi $(1)/usr/sbin/
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/iptables{,-restore,-save} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/lib/iptables
endef
@@ -611,7 +626,6 @@ endef
define Package/ip6tables/install
$(INSTALL_DIR) $(1)/usr/sbin
- $(CP) $(PKG_INSTALL_DIR)/usr/sbin/ip6tables{,-restore,-save} $(1)/usr/sbin/
endef
define Package/ip6tables-nft/install
More information about the lede-commits
mailing list