From fdeaa02ccfe69929fc137253e835fa61c62ec585 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Tue, 5 Apr 2022 14:30:35 +0200 Subject: [PATCH] strongswan: do not force to use iptable-legacy The default firewall is the fw4, which uses nft. In order to not install the legacy implementation when installing strongswan, the build system should decide which firewall backend to use. While we are at it, I have also added the dependency packages for IPV6. Signed-off-by: Florian Eckert --- net/strongswan/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile index d80e2b1b7..3cb1c94a6 100644 --- a/net/strongswan/Makefile +++ b/net/strongswan/Makefile @@ -732,7 +732,7 @@ $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-charon +strongswan-ipsec)) $(eval $(call BuildPlugin,test-vectors,crypto test vectors,)) $(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci)) $(eval $(call BuildPlugin,unity,Cisco Unity extension,)) -$(eval $(call BuildPlugin,updown,updown firewall,+iptables-legacy +iptables-mod-ipsec +kmod-ipt-ipsec)) +$(eval $(call BuildPlugin,updown,updown firewall,+iptables +IPV6:ip6tables +iptables-mod-ipsec +kmod-ipt-ipsec)) $(eval $(call BuildPlugin,vici,Versatile IKE Configuration Interface,)) $(eval $(call BuildPlugin,whitelist,peer identity whitelisting,)) $(eval $(call BuildPlugin,x509,x509 certificate,))