Following recent dependency rework, we can switch
between iptables-legacy and iptables-nft, and they both
PROVIDES iptables. Make it easier for user that want/need to
stick to firewall3/iptables-legacy to do so.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
It will be mostly implemented with ucode templates installed at
/usr/share/ss-rules and called from init script. The generated nftables
rules will be stored at /etc/nftables.d/
Incompatible changes were introduced as described in the README.md file
- Netfilter ipset was replaced with nftables sets
- UCI options ipt_args and dst_forward_recentrst of section ss_rules
are now deprecated. The former does not apply to nftables. The
later not yet implemented with nftables.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
ss-rules with iptables needs presence of netfilter nat table to work.
ss-rules works before without explicitly requesting it as a dependency
because it's present by default on a pre-firewall4/nftables OpenWrt
install. We request it explicitly now to make life easier in case
people would like to try ss-rules/iptables on firewall4/nftables enabled
OpenWrt system
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
shorewall-core macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall-core requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
shorewall macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
shorewall6-lite macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall6-lite requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
3. fakeuname does not work in install.sh because install.sh
redefines PATH.
This patch removes PATH=... from install.sh on macos
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
shorewall6 macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall6 requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
shorewall-lite macos build fails due to:
1. MacOS bash is too old (3.x), but shorewall-lite requires bash>4
This patch uses OpenWrt tools/bash built for macos (bash 5.x)
2. install.sh detects Darwin using uname and changes install logic,
but it fails in case of cross-platform build
This patch uses fakeuname/host tool to avoid Darwin detection
3. fakeuname does not work in install.sh because install.sh
redefines PATH.
This patch removes PATH=... from install.sh on macos
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The FreeBSD project stopped publishing HTTP date headers and seeks to
limit further resource taxing by distributed htpdate clients using the
www.freebsd.org host as default time source.
Fixes: #17924
Reported-by: Allan Jude <allanjude@freebsd.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* include gnunet-service-zonemaster-monitor in gnunet-gns package
* rename namestore-heap back to namestore-flat
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The "build" script was replacing a ~DATE~ with current date.
Now it uses $(SOURCE_DATE_EPOCH).
Fixes#17848
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
ipvsadm build fails on macos due to libipvs Makefiles uses system
`ar` that is not compatible with the objectes generated by OpenWrt
GCC Toolchain.
This commit adds patch to allow ar redefining
This commit modifes an old patch (removing CC=gcc is not required
due to it is redefinable)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
In the build environment the autotools finds the `passwd` binary in
/usr/bin. But in the target image it is available under /bin instead.
Manually set the path to `passwd` binary to `/bin/passwd`
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
There is no need to remove root password from /etc/shadow as the
password in the file is blank anyway in the failsafe mode.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
Rosen Penev
Tianling Shen
Christian Lachner
Etienne Champetier
Yousong Zhou
Chao Liu
Nikos Mavrogiannopoulos
Matthew Hagan
Van Waholtz
Alexandru Ardelean
Oleg Derevenetz
Sergey V. Lobanov
R4SAS I2P
Jo-Philipp Wich
George Iv
Daniel Golle
David Bauer
Lucian Cristian
Luiz Angelo Daros de Luca
Jeffery To
Nicholas Smith
Josef Schlehofer
Rucke Teg
Tiago Gaspar
Chip Lee
Jan Hák