summary refs log tree commit diff
path: root/pkgs
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs')
-rw-r--r--pkgs/os-specific/linux/iptables/default.nix32
-rw-r--r--pkgs/top-level/all-packages.nix4
2 files changed, 27 insertions, 9 deletions
diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix
index cf06ff35325..6b25342ed4c 100644
--- a/pkgs/os-specific/linux/iptables/default.nix
+++ b/pkgs/os-specific/linux/iptables/default.nix
@@ -1,32 +1,48 @@
-{ stdenv, fetchurl, bison, flex, pkgconfig, pruneLibtoolFiles
-, libnetfilter_conntrack, libnftnl, libmnl, libpcap }:
+{ stdenv, fetchurl, pkgconfig, pruneLibtoolFiles, flex, bison
+, libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap
+, modeCompat ? false
+}:
+
+with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  pname = "iptables";
   version = "1.8.3";
+  pname = "iptables";
 
   src = fetchurl {
     url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
     sha256 = "106xkkg5crsscjlinxvqvprva23fwwqfgrzl8m2nn841841sqg52";
   };
 
-  nativeBuildInputs = [ bison flex pkgconfig pruneLibtoolFiles ];
+  nativeBuildInputs = [ pkgconfig pruneLibtoolFiles flex bison ];
 
-  buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ];
+  buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ];
 
   preConfigure = ''
     export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl"
   '';
 
   configureFlags = [
+    "--enable-bpf-compiler"
     "--enable-devel"
+    "--enable-libipq"
+    "--enable-nfsynproxy"
     "--enable-shared"
-    "--enable-bpf-compiler"
-  ];
+  ] ++ optional (!modeCompat) "--disable-nftables";
 
   outputs = [ "out" "dev" ];
 
-  meta = with stdenv.lib; {
+  postInstall = optional modeCompat ''
+    rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
+    ln -sv xtables-nft-multi $out/bin/iptables
+    ln -sv xtables-nft-multi $out/bin/iptables-restore
+    ln -sv xtables-nft-multi $out/bin/iptables-save
+    ln -sv xtables-nft-multi $out/bin/ip6tables
+    ln -sv xtables-nft-multi $out/bin/ip6tables-restore
+    ln -sv xtables-nft-multi $out/bin/ip6tables-save
+  '';
+
+  meta = {
     description = "A program to configure the Linux IP packet filtering ruleset";
     homepage = https://www.netfilter.org/projects/iptables/index.html;
     platforms = platforms.linux;
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a0205c331b8..f946f432ae4 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -15629,7 +15629,9 @@ in
 
   iputils = callPackage ../os-specific/linux/iputils { };
 
-  iptables = callPackage ../os-specific/linux/iptables { };
+  iptables = iptables-legacy;
+  iptables-legacy = callPackage ../os-specific/linux/iptables { };
+  iptables-compat = callPackage ../os-specific/linux/iptables { modeCompat = true; };
 
   iptstate = callPackage ../os-specific/linux/iptstate { } ;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-27 15:51:45 +0000