From 4deb74b760d43d28e9ce6c32fc54aa83cfffa684 Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Mon, 19 Aug 2019 20:20:27 +0300
Subject: iptables-compat: init iptables with nftables compatibility

---
 pkgs/os-specific/linux/iptables/default.nix | 32 +++++++++++++++++++++--------
 pkgs/top-level/all-packages.nix             |  4 +++-
 2 files changed, 27 insertions(+), 9 deletions(-)

(limited to 'pkgs')

diff --git a/pkgs/os-specific/linux/iptables/default.nix b/pkgs/os-specific/linux/iptables/default.nix
index cf06ff35325..6b25342ed4c 100644
--- a/pkgs/os-specific/linux/iptables/default.nix
+++ b/pkgs/os-specific/linux/iptables/default.nix
@@ -1,32 +1,48 @@
-{ stdenv, fetchurl, bison, flex, pkgconfig, pruneLibtoolFiles
-, libnetfilter_conntrack, libnftnl, libmnl, libpcap }:
+{ stdenv, fetchurl, pkgconfig, pruneLibtoolFiles, flex, bison
+, libmnl, libnetfilter_conntrack, libnfnetlink, libnftnl, libpcap
+, modeCompat ? false
+}:
+
+with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  pname = "iptables";
   version = "1.8.3";
+  pname = "iptables";
 
   src = fetchurl {
     url = "https://www.netfilter.org/projects/${pname}/files/${pname}-${version}.tar.bz2";
     sha256 = "106xkkg5crsscjlinxvqvprva23fwwqfgrzl8m2nn841841sqg52";
   };
 
-  nativeBuildInputs = [ bison flex pkgconfig pruneLibtoolFiles ];
+  nativeBuildInputs = [ pkgconfig pruneLibtoolFiles flex bison ];
 
-  buildInputs = [ libnetfilter_conntrack libnftnl libmnl libpcap ];
+  buildInputs = [ libmnl libnetfilter_conntrack libnfnetlink libnftnl libpcap ];
 
   preConfigure = ''
     export NIX_LDFLAGS="$NIX_LDFLAGS -lmnl -lnftnl"
   '';
 
   configureFlags = [
+    "--enable-bpf-compiler"
     "--enable-devel"
+    "--enable-libipq"
+    "--enable-nfsynproxy"
     "--enable-shared"
-    "--enable-bpf-compiler"
-  ];
+  ] ++ optional (!modeCompat) "--disable-nftables";
 
   outputs = [ "out" "dev" ];
 
-  meta = with stdenv.lib; {
+  postInstall = optional modeCompat ''
+    rm $out/sbin/{iptables,iptables-restore,iptables-save,ip6tables,ip6tables-restore,ip6tables-save}
+    ln -sv xtables-nft-multi $out/bin/iptables
+    ln -sv xtables-nft-multi $out/bin/iptables-restore
+    ln -sv xtables-nft-multi $out/bin/iptables-save
+    ln -sv xtables-nft-multi $out/bin/ip6tables
+    ln -sv xtables-nft-multi $out/bin/ip6tables-restore
+    ln -sv xtables-nft-multi $out/bin/ip6tables-save
+  '';
+
+  meta = {
     description = "A program to configure the Linux IP packet filtering ruleset";
     homepage = https://www.netfilter.org/projects/iptables/index.html;
     platforms = platforms.linux;
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a0205c331b8..f946f432ae4 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -15629,7 +15629,9 @@ in
 
   iputils = callPackage ../os-specific/linux/iputils { };
 
-  iptables = callPackage ../os-specific/linux/iptables { };
+  iptables = iptables-legacy;
+  iptables-legacy = callPackage ../os-specific/linux/iptables { };
+  iptables-compat = callPackage ../os-specific/linux/iptables { modeCompat = true; };
 
   iptstate = callPackage ../os-specific/linux/iptstate { } ;
 
-- 
cgit 1.4.1