[Swan] iptables
Antony Antony
antony at phenome.org
Mon Sep 25 10:14:41 EEST 2023
Hi Armen,
I use the following patches to build deb packages. May you can use them?
One patch for libreswan/main branch, main-enable-nftable-deb.patch, and the
other one for Debian repository.
regards,
-antony
On Sun, Sep 24, 2023 at 09:59:38PM +0600, Armen Dilanyan wrote:
I am building a deb package following the instructions: "## Building for DEB based systems The packaging/debian directory is used to build deb files. Simply issue the command: make deb."
The deb package is being built with iptables dependencies, and I have to install iptables even though I do not use it.
Is there any information in the documentation on how to build packages without iptables dependencies?
-------------- next part --------------
>From 10f22a36f94bb7a4c19868f453bac11eb3995246 Mon Sep 17 00:00:00 2001
From: Antony Antony <antony at phenome.org>
Date: Sat, 25 Feb 2023 10:34:14 +0000
Subject: [PATCH] enable nftable
upstream added nftables support use that instead of iptables.
- add nftables package dependency
- remove iptables dependency
- disable iptbales support(upstream default).
Signed-off-by: Antony Antony <antony at phenome.org>
---
debian/control | 2 +-
debian/rules | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/control b/debian/control
index c8849e998f9b..7e6fc896cc45 100644
--- a/debian/control
+++ b/debian/control
@@ -44,8 +44,8 @@ Depends:
dns-root-data,
host,
iproute2 | iproute (>= 20071016),
- iptables,
libnss3-tools,
+ nftbables,
${misc:Depends},
${shlibs:Depends},
Recommends:
diff --git a/debian/rules b/debian/rules
index 5491fbfc118a..514977b6f3d9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -46,6 +46,8 @@ DEBIAN_LIBRESWAN_BUILD_FLAGS = \
USE_NSS_IPSEC_PROFILE=$(IPSEC_PROFILE_AVAILABILITY) \
USE_NSS_AVA_COPY=$(NSS_AVA_MISSING) \
USE_DNSSEC=true \
+ HAVE_NFTABLES=true \
+ HAVE_IPTABLES=false \
DEFAULT_DNSSEC_ROOTKEY_FILE=/usr/share/dns/root.key
override_dh_auto_build:
--
2.41.0
-------------- next part --------------
>From e8c2d3d7622d14834b0d8e769826ac4f414ace77 Mon Sep 17 00:00:00 2001
From: Antony Antony <antony at phenome.org>
Date: Sat, 25 Feb 2023 10:34:14 +0000
Subject: [PATCH] packaging: debian enable nftable
enable nftables support use that instead of iptable
- add nftables package dependency
- remove iptables dependency
- disable iptbales support(upstream default).
Signed-off-by: Antony Antony <antony at phenome.org>
---
packaging/debian/control | 2 +-
packaging/debian/rules | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/packaging/debian/control b/packaging/debian/control
index ce9564e475e4..7c464b784529 100644
--- a/packaging/debian/control
+++ b/packaging/debian/control
@@ -44,10 +44,10 @@ Depends:
dns-root-data,
bind9-host,
iproute2,
- iptables,
libnspr4,
libnss3 (>= 3.16),
libnss3-tools,
+ nftbables,
${misc:Depends},
${shlibs:Depends},
Recommends:
diff --git a/packaging/debian/rules b/packaging/debian/rules
index 522e902d91c7..0f6c67d5714f 100755
--- a/packaging/debian/rules
+++ b/packaging/debian/rules
@@ -27,6 +27,8 @@ override_dh_auto_build:
LIBEXECDIR=/usr/libexec/ipsec \
MANDIR=/usr/share/man \
USE_LDAP=true \
+ HAVE_NFTABLES=true \
+ HAVE_IPTABLES=false \
INITSYSTEM=systemd \
$(ENABLE_LIBCAP_NG) \
$(ENABLE_SELINUX)
@@ -40,6 +42,8 @@ override_dh_auto_install-arch:
LIBEXECDIR=/usr/libexec/ipsec \
MANDIR=/usr/share/man \
USE_LDAP=true \
+ HAVE_NFTABLES=true \
+ HAVE_IPTABLES=false \
INITSYSTEM=systemd \
$(ENABLE_LIBCAP_NG) \
$(ENABLE_SELINUX) \
--
2.41.0
More information about the Swan
mailing list