# Compiling Time: ~0.2 SBU
# Contributor: Miklos Vajna <vmiklos@frugalware.org>
# Maintainer: crazy <crazy@frugalware.org>

# TODO: implement service for iptables ipv6
#	libnetfilter_conntrack missing now

pkgname=iptables
pkgver=1.6.0
pkgrel=3
pkgdesc="IP packet filter administration"
url="http://www.iptables.org/"
depends=('glibc>=2.22-7' 'libmnl>=1.0.4' 'libnftnl>=1.0.6-2')
groups=('base')
archs=('i686' 'x86_64' 'arm')
backup=(etc/sysconfig/{firewall,iptables})
up2date="lynx -dump http://www.iptables.org/projects/iptables/downloads.html|grep bz2$|sed 's/.*-\(.*\)\.t.*/\1/;q'"
source=(ftp://ftp.netfilter.org/pub/iptables/iptables-$pkgver.tar.bz2 \
	iptables firewall firewall.libexec firewall.service)
signatures=($source.sig '' '' '' '')
_F_systemd_units=(firewall=e)
Finclude systemd

# As you can see, the /etc/sysconfig/firewall file was generated by
# iptables-save. I used the following commands before using iptables-save:
#
# iptables -P INPUT DROP
# # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -i lo -j ACCEPT

build()
{
	Fbuild --with-kernel=/usr --enable-devel --enable-libipq
	Ffile /etc/sysconfig/iptables
	Finstall 600 /etc/sysconfig/firewall
	Fexe firewall.libexec /usr/libexec/firewall
	Ffile /lib/systemd/system/firewall.service
	Fgenscriptlet
}

# optimization OK