[PR PATCH] iptables: split out an iptables-nft subpackage with nftables-based wrappers.

[voidlinux-github@inbox.vuxu.org]

[-- Attachment #1: Type: text/plain, Size: 643 bytes --]

There is a new pull request by CMB against master on the void-packages repository

https://github.com/CMB/void-packages iptables-nft
https://github.com/void-linux/void-packages/pull/13362

iptables: split out an iptables-nft subpackage with nftables-based wrappers.
Possibly this could be useful for people who use iptables and want to run
docker on Void.  Docker tries to add firewall rules with iptables, but
mixing iptables and nftables is a bad idea.
In my brief experimentation, the nftables-based wrappers for iptables
solve that problem for me.

A patch file from https://github.com/void-linux/void-packages/pull/13362.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-iptables-nft-13362.patch --]
[-- Type: text/x-diff, Size: 2820 bytes --]

From 3317e53b5891c92b09d8d88e09f8e75447068901 Mon Sep 17 00:00:00 2001
From: Christopher Brannon <chris@the-brannons.com>
Date: Sat, 27 Jul 2019 02:31:13 -0700
Subject: [PATCH] iptables: split out an iptables-nft subpackage with
 nftables-based wrappers.

Possibly this could be useful for people who use iptables and want to run
docker on Void.  Docker tries to add firewall rules with iptables, but
mixing iptables and nftables is a bad idea.
In my brief experimentation, the nftables-based wrappers for iptables
solve that problem for me.
---
 srcpkgs/iptables-nft      |  1 +
 srcpkgs/iptables/template | 25 ++++++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 120000 srcpkgs/iptables-nft

diff --git a/srcpkgs/iptables-nft b/srcpkgs/iptables-nft
new file mode 120000
index 00000000000..59cead781ec
--- /dev/null
+++ b/srcpkgs/iptables-nft
@@ -0,0 +1 @@
+iptables
\ No newline at end of file
diff --git a/srcpkgs/iptables/template b/srcpkgs/iptables/template
index 1b2d42bf7ea..309cdbdf610 100644
--- a/srcpkgs/iptables/template
+++ b/srcpkgs/iptables/template
@@ -1,7 +1,7 @@
 # Template file for 'iptables'
 pkgname=iptables
 version=1.8.3
-revision=1
+revision=2
 build_style=gnu-configure
 configure_args="--enable-libipq --enable-shared --enable-devel --enable-bpf-compiler"
 hostmakedepends="pkg-config flex"
@@ -13,6 +13,13 @@ license="GPL-2.0-or-later"
 homepage="https://www.netfilter.org/"
 distfiles="https://www.netfilter.org/projects/iptables/files/iptables-${version}.tar.bz2"
 checksum=a23cac034181206b4545f4e7e730e76e08b5f3dd78771ba9645a6756de9cdd80
+	alternatives="
+		iptables:ip6tables:/usr/bin/xtables-legacy-multi
+		iptables:ip6tables-restore:/usr/bin/xtables-legacy-multi
+		iptables:ip6tables-save:/usr/bin/xtables-legacy-multi
+		iptables:iptables:/usr/bin/xtables-legacy-multi
+		iptables:iptables-restore:/usr/bin/xtables-legacy-multi
+		iptables:iptables-save:/usr/bin/xtables-legacy-multi"
 
 pre_build() {
 	rm include/linux/types.h
@@ -31,6 +38,9 @@ post_install() {
 		vinstall ${FILESDIR}/empty-${f}.rules 644 \
 			var/lib/iptables empty-${f}.rules
 	done
+	for i in ip{6,}tables{-save,-restore,} ; do
+		rm -f "usr/bin/${i}"
+	done
 }
 
 iptables-devel_package() {
@@ -43,3 +53,16 @@ iptables-devel_package() {
 		vmove usr/share/man/man3
 	}
 }
+
+iptables-nft_package() {
+	build_style=meta
+	depends="${sourcepkg}>=${version}_${revision}"
+	short_desc="Iptables-compatible wrapper commands for nftables"
+	alternatives="
+		iptables:ip6tables:/usr/bin/xtables-nft-multi
+		iptables:ip6tables-restore:/usr/bin/xtables-nft-multi
+		iptables:ip6tables-save:/usr/bin/xtables-nft-multi
+		iptables:iptables:/usr/bin/xtables-nft-multi
+		iptables:iptables-restore:/usr/bin/xtables-nft-multi
+		iptables:iptables-save:/usr/bin/xtables-nft-multi"
+}