Leo Famulari writes: > These patches update iptables to the latest and add some new > dependencies that it requires by default. > > We could avoid these dependencies by configuring iptables with > '--disable-nftables'. > > From 5d2bb12bdfdc6202b5d05296ef4552dc8bc97654 Mon Sep 17 00:00:00 2001 > From: Leo Famulari > Date: Sat, 15 Apr 2017 17:57:00 -0400 > Subject: [PATCH 1/3] gnu: Add libmnl. > > * gnu/packages/linux.scm (libmnl): New variable. > --- > gnu/packages/linux.scm | 22 ++++++++++++++++++++++ > 1 file changed, 22 insertions(+) > > diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm > index e1ae84e3a..4e1aa0b14 100644 > --- a/gnu/packages/linux.scm > +++ b/gnu/packages/linux.scm > @@ -3711,3 +3711,25 @@ and more on DMI-capable x86 or EFI (IA-64) systems and on some PowerPC > machines (PowerMac G4 is known to work).") > (home-page "https://www.ezix.org/project/wiki/HardwareLiSter") > (license license:gpl2+))) > + > +(define-public libmnl > + (package > + (name "libmnl") > + (version "1.0.4") > + (source > + (origin > + (method url-fetch) > + (uri (string-append "https://www.netfilter.org/projects/libmnl/files/" > + "libmnl-" version ".tar.bz2")) > + (sha256 > + (base32 > + "108zampspaalv44zn0ar9h386dlfixpd149bnxa5hsi8kxlqj7qp")))) > + (build-system gnu-build-system) > + (home-page "https://www.netfilter.org/projects/libmnl/") > + (synopsis "Netlink utility library") > + (description "Libmnl is a minimalistic user-space library oriented to > +Netlink developers. There are a lot of common tasks in parsing, validating, > +constructing of both the Netlink header and TLVs that are repetitive and easy to > +get wrong. This library aims to provide simple helpers that allows you to > +re-use code and to avoid re-inventing the wheel.") > + (license license:lgpl2.1+))) > -- > 2.12.2 > > > From 6aa620fc5490bad32a83089332c612634f76d013 Mon Sep 17 00:00:00 2001 > From: Leo Famulari > Date: Sat, 15 Apr 2017 18:12:31 -0400 > Subject: [PATCH 2/3] gnu: Add libnftnl. > > * gnu/packages/linux.scm (libnftnl): New variable. > --- > gnu/packages/linux.scm | 25 +++++++++++++++++++++++++ > 1 file changed, 25 insertions(+) > > diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm > index 4e1aa0b14..7a744ede6 100644 > --- a/gnu/packages/linux.scm > +++ b/gnu/packages/linux.scm > @@ -3733,3 +3733,28 @@ constructing of both the Netlink header and TLVs that are repetitive and easy to > get wrong. This library aims to provide simple helpers that allows you to > re-use code and to avoid re-inventing the wheel.") > (license license:lgpl2.1+))) > + > +(define-public libnftnl > + (package > + (name "libnftnl") > + (version "1.0.7") > + (source > + (origin > + (method url-fetch) > + (uri (string-append "https://www.netfilter.org/projects/libnftnl/files/" > + "libnftnl-" version ".tar.bz2")) > + (sha256 > + (base32 > + "10irjrylcfkbp11617yr19vpfhgl54w0kw02jhj0i1abqv5nxdlv")))) > + (build-system gnu-build-system) > + (native-inputs > + `(("pkg-config" ,pkg-config))) > + (inputs > + `(("libmnl" ,libmnl))) > + (home-page "https://www.netfilter.org/projects/libnftnl/index.html") > + (synopsis "Netlink programming interface to the Linux nf_tables subsystem") > + (description "Libnftnl is a userspace library providing a low-level netlink > +programming interface to the in-kernel nf_tables subsystem. The library > +libnftnl has been previously known as libnftables. This library is currently > +used by nftables.") > + (license license:gpl2+))) > -- > 2.12.2 > > > From d2c481f1aa97f0f40dcf3afd14ae8e930abbdf92 Mon Sep 17 00:00:00 2001 > From: Leo Famulari > Date: Sat, 15 Apr 2017 17:57:15 -0400 > Subject: [PATCH 3/3] gnu: iptables: Update to 1.6.1. > > * gnu/packages/linux.scm (iptables): Update to 1.6.1. > [source], [home-page]: Use HTTPS URLs. > [inputs]: Add libmnl and libnftnl. > [native-inputs]: Add bison, flex, and pkg-config. > --- > gnu/packages/linux.scm | 15 +++++++++++---- > 1 file changed, 11 insertions(+), 4 deletions(-) > > diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm > index 7a744ede6..7075e7c85 100644 > --- a/gnu/packages/linux.scm > +++ b/gnu/packages/linux.scm > @@ -1016,21 +1016,28 @@ external rate conversion.") > (define-public iptables > (package > (name "iptables") > - (version "1.4.21") > + (version "1.6.1") > (source (origin > (method url-fetch) > (uri (string-append > - "http://www.netfilter.org/projects/iptables/files/iptables-" > + "https://www.netfilter.org/projects/iptables/files/iptables-" > version ".tar.bz2")) > (sha256 > (base32 > - "1q6kg7sf0pgpq0qhab6sywl23cngxxfzc9zdzscsba8x09l4q02j")))) > + "1x8c9y340x79djsq54bc1674ryv59jfphrk4f88i7qbvbnyxghhg")))) > (build-system gnu-build-system) > + (native-inputs > + `(("pkg-config" ,pkg-config) > + ("flex" ,flex) > + ("bison" ,bison))) > + (inputs > + `(("libmnl" ,libmnl) > + ("libnftnl" ,libnftnl))) > (arguments > '(#:tests? #f ; no test suite > #:configure-flags ; add $libdir to the RUNPATH of executables > (list (string-append "LDFLAGS=-Wl,-rpath=" %output "/lib")))) > - (home-page "http://www.netfilter.org/projects/iptables/index.html") > + (home-page "https://www.netfilter.org/projects/iptables/index.html") > (synopsis "Program to configure the Linux IP packet filtering rules") > (description > "iptables is the userspace command line program used to configure the These LGTM. The size increase of iptables is only about 0.7 MB on my end, so I don't think we have to disable any of the new standard features.