%bcond_with systemd

Summary: Packet filtering tool
Summary(ja): パケットフィルタリングツール
Name: iptables
Version: 1.8.7
Release: 1%{?_dist_release}%{?with_systemd:.systemd}
Group: admin-tools,network
Vendor: Project Vine
Distribution: Vine Linux
Packager: daisuke

# pf.os: ISC license
# iptables-apply: Artistic Licence 2.0
License: GPLv2 and Artistic Licence 2.0 and ISC
URL: http://www.netfilter.org/
Source0: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
Source1: iptables.init
Source2: iptables-config
Source3: iptables.service
Source4: sysconfig_iptables
Source5: sysconfig_ip6tables

Patch1: 0001-ebtables-Exit-gracefully-on-invalid-table-names.patch

BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: bison flex perl
BuildRequires: kernel-headers >= 2.4.0
BuildRequires: libmnl-devel
BuildRequires: libnetfilter_conntrack-devel
BuildRequires: libnfnetlink-devel
BuildRequires: libnftnl-devel
BuildRequires: libpcap-devel
Conflicts : kernel < 2.4.20
%if %{with systemd}
%{?systemd_requires}
%else
Requires(post): chkconfig
Requires(preun): chkconfig
%endif

%global script_path %{_libexecdir}/iptables

%description
The iptables utility controls the network packet filtering code in the
Linux kernel. If you need to set up firewalls and/or IP masquerading,
you should install this package.

%description -l ja
iptables は Linux kernel のネットワークパケットフィルタを制御するための
ユーティリティです。これを用いることで、ファイアウオールや IP マスカレー
ディング, NAT などを設定することができます。


%package devel
Summary: Libraries, includes, etc. to develop iptables
Summary(ja): iptables 開発用ライブラリ、ヘッダファイル
Group: programming
Requires: iptables = %{version}-%{release}

%description devel
Libraries, include files, etc you can use to develop iptables.

%description devel -l ja
iptables を用いた開発に使用するライブラリやヘッダファイルです。


%package ipv6
Summary: IPv6 Packet filtering tool
Summary(ja): IPv6 用パケットフィルタリングツール
Group: admin-tools,network
Requires: %{name} = %{version}-%{release}
Requires(post): chkconfig
Requires(preun): chkconfig

%description ipv6
The iptables package contains IPv6 (the next version of the IP
protocol) support for iptables. Iptables controls the Linux kernel
network packet filtering code, allowing you to set up firewalls and IP
masquerading. 

%description ipv6 -l ja
iptables-ipv6 は iptables で IPv6 をサポートするためのパッケージです。
これを用いることで、IPv6 環境におけるファイアウオールや IP マスカレー
ディング, NAT などを設定することができます。


%debug_package


%prep
%autosetup -p1


%build
./autogen.sh
CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" \
%configure \
	    --enable-devel \
	    --enable-bpf-compiler \
	    --enable-libipq \
	    --bindir=/bin \
	    --sbindir=/sbin \
	    --libexecdir=/%{_lib} \
	    --with-xtlibdir=/%{_lib}/xtables \
	    --with-kernel=/usr \
	    --with-kbuild=/usr \
	    --with-ksource=/usr

# do not use rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool

rm -f include/linux/types.h

%make_build


%install
rm -rf %{buildroot}

make install DESTDIR=%{buildroot} 
# remove la file(s)
rm -f %{buildroot}/%{_libdir}/*.la

# install ip*tables.h header files
install -m 644 include/ip*tables.h %{buildroot}%{_includedir}/

# install ipulog header file
install -d -m 755 %{buildroot}%{_includedir}/libipulog/
install -m 644 include/libipulog/*.h %{buildroot}%{_includedir}/libipulog/

install -d -m 755 %{buildroot}/etc/sysconfig
install -c -m 755 %{SOURCE2} %{buildroot}/etc/sysconfig/iptables-config
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE2} > ip6tables-config
install -c -m 755 ip6tables-config %{buildroot}/etc/sysconfig/ip6tables-config

%if %{with systemd}
# install systemd service files
install -d -m 755 %{buildroot}/%{_unitdir}
install -c -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}
sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
install -c -m 644 ip6tables.service %{buildroot}/%{_unitdir}

# install init scripts and configuration files
install -d -m 755 %{buildroot}%{script_path}
install -c -m 755 %{SOURCE1} %{buildroot}%{script_path}/iptables.init
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
install -c -m 755 ip6tables.init %{buildroot}%{script_path}/ip6tables.init
install -c -m 600 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/iptables
install -c -m 600 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables
%else
# install init scripts and configuration files
install -d -m 755 %{buildroot}/etc/rc.d/init.d
install -c -m 755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/iptables
sed -e 's;iptables;ip6tables;g' -e 's;IPTABLES;IP6TABLES;g' < %{SOURCE1} > ip6tables.init
install -c -m 755 ip6tables.init %{buildroot}/etc/rc.d/init.d/ip6tables
%endif


%clean
rm -rf %{buildroot}


%post
%if %{with systemd}
%systemd_post iptables.service
%else
/sbin/chkconfig --add iptables
%endif

%preun
%if %{with systemd}
%systemd_preun iptables.service
%else
if [ "$1" = 0 ]; then
	/sbin/chkconfig --del iptables
fi
%endif

%if %{with systemd}
%postun
%systemd_postun iptables.service
%endif

%post ipv6
%if %{with systemd}
%systemd_post ip6tables.service
%else
/sbin/chkconfig --add ip6tables
%endif

%preun ipv6
%if %{with systemd}
%systemd_preun ip6tables.service
%else
if [ "$1" = 0 ]; then
	/sbin/chkconfig --del ip6tables
fi
%endif

%if %{with systemd}
%postun ipv6
%systemd_postun ip6tables.service
%endif


%files
%defattr(-,root,root)
%license COPYING
%doc INSTALL INCOMPATIBILITIES
%if %{with systemd}
%{_unitdir}/iptables.service
%dir %{script_path}
%{script_path}/iptables.init
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables
%else
%attr(0755,root,root) /etc/rc.d/init.d/iptables
%endif
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/iptables-config
%config(noreplace) %attr(0600,root,root) /etc/ethertypes
/sbin/arptables*
/sbin/ebtables*
/sbin/iptables*
/sbin/nfbpf_compile
/sbin/nfnl_osf
/sbin/xtables-*
%{_mandir}/man1/*
%{_mandir}/man8/*
%exclude %{_mandir}/man8/ip6tables*
%dir /%{_lib}/xtables
/%{_lib}/xtables/libarpt*
/%{_lib}/xtables/libebt*
/%{_lib}/xtables/libipt*
/%{_lib}/xtables/libxt*
%{_libdir}/libip*tc.so.*
%{_libdir}/libxtables.so.*
%{_libdir}/libipq.so.*
%{_datadir}/xtables/pf.os

%files ipv6
%defattr(-,root,root)
%if %{with systemd}
%{_unitdir}/ip6tables.service
%dir %{script_path}
%{script_path}/ip6tables.init
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables
%else
%attr(0755,root,root) /etc/rc.d/init.d/ip6tables
%endif
%config(noreplace) %attr(0600,root,root) /etc/sysconfig/ip6tables-config
/sbin/ip6tables*
/bin/iptables-xml
%{_mandir}/man8/ip6tables*
/%{_lib}/xtables/libip6t*

%files devel
%defattr(-,root,root)
%{_includedir}/*.h
%dir %{_includedir}/libiptc
%{_includedir}/libiptc/*.h
%dir %{_includedir}/libipulog
%{_includedir}/libipulog/*.h
%{_mandir}/man3/*
%{_libdir}/libipq.so
%{_libdir}/libip*tc.so
%{_libdir}/libxtables.so
%{_libdir}/pkgconfig/libiptc.pc
%{_libdir}/pkgconfig/libip4tc.pc
%{_libdir}/pkgconfig/libip6tc.pc
%{_libdir}/pkgconfig/libipq.pc
%{_libdir}/pkgconfig/xtables.pc


%changelog
* Fri Mar 12 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.7-1
- new upstream release.
- updated ip{,6}tables.service.
- imported Patch1 from rawhide.

* Sun Apr 05 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.4-2
- added --wait option to ip{,6}tables.init.

* Sun Apr 05 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.4-1
- new upstream release.
- added systemd stuff (disabled as default).

* Mon Sep 02 2019 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.8.3-1
- new upstream release.

* Sat Feb 24 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.6.2-1
- new upstream release.

* Tue Dec 10 2013 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.4.21
- new upstream release.

* Fri Oct 19 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.4.16.3
- new upstream release 1.4.16.2
- update source1 url 

* Thu Oct 18 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.4.16.2
- new upstream release 1.4.16.2
- fix ipv6 subpackage ja discription
- drop old patch
- add with-xtlibdir in configure section

* Fri Apr 22 2011 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.10-1
- update to 1.4.10

* Thu Mar 04 2010 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.7-1
- new upstream release

* Wed Aug 12 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.4-2
- don't fail initscript if config file is not found.

* Wed Jun 17 2009 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.4.4-1
- new upstream release

* Mon Apr 13 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.3.2-1
- new upstream release

* Mon Apr 13 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.3.1-1
- new upstream release
  - libiptc is now shared
- drop patch1
- update patch2
- fix typo in spec file

* Fri Apr 03 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.2-2
- rebuild to add sign..

* Wed Apr 01 2009 Daisuke SUZUKI <daisuke@linux.or.jp> 1.4.2-1
- new upstream release
- spec in utf-8

* Sat Jul 28 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1.3.6-0vl2
- changed devel package Group to Development/Libraries

* Sat Nov 04 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 1.3.6-0vl1
- new upstream release
- remove libiptc.a from %%files
  - libiptc is not a public interface

* Wed Sep 06 2006 Kazutaka HARADA <kazutaka@dc4.so-net.ne.jp> 1.3.5-0vl4
- updates Summaries and Descriptions (<BTS:0101>)

* Sun Aug 13 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 1.3.5-0vl3
- updates Summaries (<BTS:0101>)

* Thu Jul 06 2006 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 1.3.5-0vl2
- add Patch10 (to include libipt_recent.so)

* Tue Jun 13 2006 Daisuke SUZUKI <daisuke@linux.or.jp> 1.3.5-0vl1
- new upstream release

* Tue Jun 22 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 1.2.11-0vl1
- new upstream release

* Thu Jun 17 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 1.2.10-0vl1
- new upstream release

* Fri Nov 21 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 1.2.9-0vl1
- new upstream release

* Thu Jul 24 2003 Takeru INOUE <takeru.inoue@gamma.ocn.ne.jp> 1.2.7a-0vl3
- add ipv6 version

* Sun Mar 23 2003 Takeru INOUE <takeru.inoue@gamma.ocn.ne.jp> 1.2.7a-0vl2
- rebuild development version

* Sun Sep 29 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 1.2.7a-0vl1
- new upstream release 1.2.7a

* Mon Mar 25 2002 Seiya Nishizawa <seiya@kugi.kyoto-u.ac.jp> 1.2.6-0vl0
- updated to 1.2.6

* Thu Mar 07 2002 Toru Sagami <sagami@vinelinux.org> 1.2.5-0vl1
- kernel24 -> kernel for Requires

* Sat Mar 02 2002 Toru Sagami <sagami@vinelinux.org> 1.2.5-0vl0
- updated to 1.2.5 and merged with RHL's spec 
- compatibilities: %%{_sbindir} -> /sbin, %%{_libdir} -> /lib

* Mon Nov 19 2001 Daisuke SUZUKI <daisuke@linux.or.jp> 1.2.2-2vl1
- build for Vine Linux based on conectiva iptables package.

* Sun Jun 17 2001 Harald Welte <laforge@conectiva.com>
+ iptables-1.2.2-2cl
- fixes iptables-save / -restore problems (Closes: #3673)
- fixes REJECT save problem
- fixes ipv6 compile problem
- moved binaries to sbindir instead of bindir

* Wed May 30 2001 Harald Welte <laforge@conectiva.com>
+ iptables-1.2.2-1cl
- updated to 1.2.2 (Closes: #3376)

* Wed May 30 2001 Wanderlei Antonio Cavassin <cavassin@conectiva.com>
+ iptables-1.2.1a-2cl
- recompiled for kernel-2.4.4-2cl (Closes: #3354)
- spec file changes provided by Vagner Farias <vfarias@conectiva.com>

* Fri Apr 20 2001 Harald Welte <laforge@conectiva.com>
+ iptables-1.2.1a-1cl
- updated to version 1.2.1a because of various bugfixes

* Fri Mar 16 2001 Harald Welte <laforge@conectiva.com>
+ iptables-1.2.1-1cl
- updated to version 1.2.1

* Wed Jan 10 2001 Andreas Hasenack <andreas@conectiva.com>
- updated to version 1.2
- added requirement for kernel >= 2.4.0

* Thu Dec 14 2000 Andreas Hasenack <andreas@conectiva.com>
- first package for Conectiva Linux