# Compiling Time: ~0.2 SBU
# Contributor: Miklos Vajna <vmiklos@frugalware.org>
# Maintainer: whoever <none@frugalware.org>

# TODO: implement service for iptables ipv6
#	libnetfilter_conntrack missing now

pkgname=iptables
pkgver=1.8.7
pkgrel=1
pkgdesc="IP packet filter administration"
url="http://www.iptables.org/"
depends=('glibc>=2.29-5' 'libmnl>=1.0.4-3' 'libnftnl>=1.1.5')
groups=('base')
archs=('x86_64')
backup=(etc/sysconfig/{firewall,iptables})
up2date="lynx -dump http://www.iptables.org/projects/iptables/downloads.html|grep bz2$|sed 's/.*-\(.*\)\.t.*/\1/;q'"
source=(http://www.iptables.org/projects/iptables/files/iptables-$pkgver.tar.bz2 \
	iptables firewall firewall.libexec firewall.service)
signatures=($source.sig '' '' '' '' )
_F_systemd_units=(firewall=e)
Finclude systemd

provides=('ebtables')
replaces=('ebtables')
conflicts=('ebtables')

# As you can see, the /etc/sysconfig/firewall file was generated by
# iptables-save. I used the following commands before using iptables-save:
#
# iptables -P INPUT DROP
# # iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -i lo -j ACCEPT

build()
{
	Fbuild \
		--with-kernel=/usr \
		--sbindir=/sbin \
		--enable-devel \
		--enable-libipq \
		--runstatedir=/run
	Ffile /etc/sysconfig/iptables
	Finstall 600 /etc/sysconfig/firewall
	Fexe firewall.libexec /usr/lib/$pkgname/firewall
	Ffile /lib/systemd/system/firewall.service
	Fgenscriptlet
}

# optimization OK