summary refs log tree commit diff
path: root/pkgs/os-specific/linux/iptables/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/iptables/default.nix')
-rw-r--r--pkgs/os-specific/linux/iptables/default.nix32
1 files changed, 24 insertions, 8 deletions
diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix
index cf06ff35325..882c24057bb 100644
--- a/pkgs/os-specific/linux/iptables/default.nix
+++ b/pkgs/os-specific/linux/iptables/default.nix
@@ -1,32 +1,48 @@
-{ stdenv, fetchurl, bison, flex, pkgconfig, pruneLibtoolFiles
-, libnetfilter_conntrack, libnftnl, libmnl, libpcap }:
+{ stdenv, fetchurl, pkgconfig, pruneLibtoolFiles, flex, bison
+, libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap
+, nftablesCompat ? false
+}:
+
+with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  pname = "iptables";
   version = "1.8.3";
+  pname = "iptables";
 
   src = fetchurl {
     url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
     sha256 = "106xkkg5crsscjlinxvqvprva23fwwqfgrzl8m2nn841841sqg52";
   };
 
-  nativeBuildInputs = [ bison flex pkgconfig pruneLibtoolFiles ];
+  nativeBuildInputs = [ pkgconfig pruneLibtoolFiles flex bison ];
 
-  buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ];
+  buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ];
 
   preConfigure = ''
     export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl"
   '';
 
   configureFlags = [
+    "--enable-bpf-compiler"
     "--enable-devel"
+    "--enable-libipq"
+    "--enable-nfsynproxy"
     "--enable-shared"
-    "--enable-bpf-compiler"
-  ];
+  ] ++ optional (!nftablesCompat) "--disable-nftables";
 
   outputs = [ "out" "dev" ];
 
-  meta = with stdenv.lib; {
+  postInstall = optional nftablesCompat ''
+    rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
+    ln -sv xtables-nft-multi $out/bin/iptables
+    ln -sv xtables-nft-multi $out/bin/iptables-restore
+    ln -sv xtables-nft-multi $out/bin/iptables-save
+    ln -sv xtables-nft-multi $out/bin/ip6tables
+    ln -sv xtables-nft-multi $out/bin/ip6tables-restore
+    ln -sv xtables-nft-multi $out/bin/ip6tables-save
+  '';
+
+  meta = {
     description = "A program to configure the Linux IP packet filtering ruleset";
     homepage = https://www.netfilter.org/projects/iptables/index.html;
     platforms = platforms.linux;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-28 18:53:33 +0000