Wednesday, March 23, 2011

Porting iptables 1.4.10 to Android

(Update 25 Aprile 2011: This port is now in Google Code called iptables4n1).


The Android source comes with iptables 1.3.7. But that distribution is not compatible with Linux kernel 2.6.32 or newer versions. For example, even though iptables 1.3.7 can be built into the Android Emulator and Google Dev Phone 2 (a.k.a. HTC Magic) which are based on Linux kernel 2.6.29, it won't compile with kernel 2.6.32 used in Nexus One and many newer Android devices. The main difference between iptables 1.3.7 and 1.4.x is the emergence of "xtables" in the latter version. Fortunately, Google has done a commendable job in keeping Android in sync with Linux kernel releases. This makes porting a new version of iptables to Android largely an exercise of makefile changes. I will outline the steps here as a service to the open source community.


Below are steps for porting iptables 1.4.10 to Android/Linux kernel 2.6.32.
  1. Check out the Android source.
  2. Download iptables 1.4.10 source from the Netfilter project.
  3. Go to the checked out Android source and change to $SRC/external/iptables. Delete the content underneath that directory (or make a backup if you want) and then copy the downloaded iptables 1.4.10 content to that directory.
  4. Create a new file under $SRC/external/iptables. This is the Android makefile. You can model yours after the one from the original Android source but you need to accommodate naming changes to iptable extensions that went from libiptXXX in 1.3.7 to libxtXXX in 1.4.10.
  5. Change to $SRC/external/iptables/extensions and create a new create_initext4 file there. 
  6. Change back to $SRC/external/iptables and run make. Fix header inclusion issues as needed.

ifneq ($(TARGET_SIMULATOR),true)
ifeq ($(BUILD_IPTABLES),1)
LOCAL_PATH:= $(call my-dir)
# Build libraries
# libxtables
include $(CLEAR_VARS)
    $(LOCAL_PATH)/include/ \
# libip4tc
include $(CLEAR_VARS)
# libext4
include $(CLEAR_VARS)
# LOCAL_MODULE_CLASS must be defined before calling $(local-intermediates-dir)
intermediates := $(call local-intermediates-dir)
    $(LOCAL_PATH)/include/ \
PF_EXT_SLIB:=ah addrtype ecn 
PF_EXT_SLIB+=icmp #2mark
EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T))
# xtable stuff
NEW_PF_EXT_SLIB:=comment conntrack connmark dscp tcpmss esp
NEW_PF_EXT_SLIB+=hashlimit helper iprange length limit mac multiport
NEW_PF_EXT_SLIB+=owner physdev pkttype policy sctp standard state tcp
EXT_FUNC+=$(foreach N,$(NEW_PF_EXT_SLIB),xt_$(N))
# generated headers
GEN_INITEXT:= $(intermediates)/extensions/gen_initext4.c
$(GEN_INITEXT): PRIVATE_CUSTOM_TOOL = $(PRIVATE_PATH)/extensions/create_initext4 "$(EXT_FUNC)" > $@
$(intermediates)/extensions/initext4.o : $(GEN_INITEXT)
    $(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).c) \
    $(foreach N,$(NEW_PF_EXT_SLIB),extensions/libxt_$(N).c) \
# Build iptables
include $(CLEAR_VARS)
    $(LOCAL_PATH)/include/ \
    iptables.c \
    iptables-standalone.c \
    libip4tc \
    libext4  \

Sample create_initext4

echo ""
for i in $1; do
    echo "extern void lib${i}_init(void);";
echo "void init_extensions(void);"
echo "void init_extensions(void) {"
for i in $1; do
    echo "    lib${i}_init();";
echo "}"

That is all. Happy hacking!


  1. please be little more descriptive. The link for android source in the above post doesn't work. and also there is no idea where all this $SRC/ directories should be created and how to carry the rest process. I am a beginner, and want to use your way.

    I want to enable full netfilter functionality in the newly compiled kernel and successfully deploy it on to the emulator.
    please help.

    1. Thank you for excellent article.You made an article that is interesting.
      Tavera car for rent in chennai|Indica car for rent in chennai|innova car for rent in chennai|mini bus for rent in chennai|tempo traveller for rent in chennai
      Keep on the good work and write more article like this...
      innova car rental chennai|Tavera car rental chennai
      Great work !!!!Congratulations for this blog

  2. please check this thread, i am stuck with this.

  3. I am getting this error when executing the make command after ./configure:

    In file included from ../include/xtables.h:15,
    from libxt_CHECKSUM.c:17:
    ../include/linux/types.h:4:23: warning: asm/types.h: No such file or directory
    ../include/linux/types.h:8:31: warning: linux/posix_types.h: No such file or directory
    In file included from ../include/xtables.h:15,
    from libxt_CHECKSUM.c:17:
    ../include/linux/types.h:27: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__le16’
    ../include/linux/types.h:28: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__be16’
    ../include/linux/types.h:29: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__le32’
    ../include/linux/types.h:30: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__be32’
    ../include/linux/types.h:31: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__le64’
    ../include/linux/types.h:32: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__be64’
    ../include/linux/types.h:34: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__sum16’
    ../include/linux/types.h:35: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__wsum’
    In file included from ../include/xtables.h:16,
    from libxt_CHECKSUM.c:17:
    ../include/linux/netfilter.h:52: error: expected specifier-qualifier-list before ‘__u32’
    In file included from ../include/xtables.h:17,
    from libxt_CHECKSUM.c:17:
    ../include/linux/netfilter/x_tables.h:13: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:20: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:27: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:36: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:43: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:50: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:73: error: expected specifier-qualifier-list before ‘__u8’
    ../include/linux/netfilter/x_tables.h:88: error: expected specifier-qualifier-list before ‘__u8’
    ../include/linux/netfilter/x_tables.h:105: error: expected specifier-qualifier-list before ‘__u64’
    In file included from libxt_CHECKSUM.c:18:
    ../include/linux/netfilter/xt_CHECKSUM.h:15: error: expected specifier-qualifier-list before ‘__u8’
    libxt_CHECKSUM.c: In function ‘CHECKSUM_parse’:
    libxt_CHECKSUM.c:42: error: ‘struct xt_CHECKSUM_info’ has no member named ‘operation’
    libxt_CHECKSUM.c: In function ‘CHECKSUM_print’:
    libxt_CHECKSUM.c:67: error: ‘const struct xt_CHECKSUM_info’ has no member named ‘operation’
    libxt_CHECKSUM.c: In function ‘CHECKSUM_save’:
    libxt_CHECKSUM.c:76: error: ‘const struct xt_CHECKSUM_info’ has no member named ‘operation’
    make[2]: *** [libxt_CHECKSUM.oo] Error 1
    make[1]: *** [all-recursive] Error 1
    make: *** [all] Error 2


  4. Follow-up: where are we supposed to put the Makefile in the platform distro? For example, I am trying to build and image for my nook color platform and the original source has a "net" folder that has a bunch of makefiles - which one(s) am I supposed to update: ip4, ip6, etc?

  5. This port is now in Googe code. It is called iptables4n1. Check it out at Hope that will answer all questions posted here.

  6. Hi ,

    I m trying o port iptables on Android msm kernel 2.6.35. However it comes installed with iptables 1.3.7 and when I replace it with the sources of iptables 1.4.11 and the make file as above. Server warnings and errors are thrown. Do you have an updated make file( for it? Please help me.

  7. Congratulations guys, quality information you have given!!!..Its really useful blog. Thanks for sharing this useful information

    Android Training institute in chennai with placement | Android Training in chennai |Android Training in Velachery | android development course fees in chennai

  8. This information is impressive; I am inspired with your post writing style & how continuously you describe this topic. After reading your post, thanks for taking the time to discuss this, I feel happy about it and I love learning more about this topic.Android Training in chennai | Android Training|Android Training in chennai with placement | Android Training in velachery

  9. I'm read this knowledge, It's my original word of this blog sections. We share very great knowledgeful learning post here.
    Android Training in Chennai | Dot Net Training in Chennai | Selenium Training in Chennai | Hadoop Training in Chennai with Placement

  10. The site was so nice, I found out about a lot of great things. I like the way you make your blog posts. Keep up the good work and may you gain success in the long run.
    Click here:
    angularjs6 Training in Chennai
    Click here:
    angularjs Training in online

  11. Thank you for this post. Thats all I are able to say. You most absolutely have built this blog website into something speciel. You clearly know what you are working on, youve insured so many corners.thanks
    Click here:
    Microsoft azure training in btm
    Click here:
    Microsoft azure training in rajajinagar

  12. Excellent blog, I wish to share your post with my folks circle. It’s really helped me a lot, so keep sharing post like this
    Blueprism training in marathahalli

    AWS Training in chennai

    AWS Training in bangalore

  13. Thanks you for sharing this unique useful information content with us. Really awesome work. keep on blogging
    Devops training in velachery
    Devops training in annanagar

  14. A very nice guide. I will definitely follow these tips. Thank you for sharing such detailed article. I am learning a lot from you.

    rpa training in electronic-city | rpa training in btm | rpa training in marathahalli | rpa training in pune

  15. Resources like the one you mentioned here will be very useful to me ! I will post a link to this page on my blog. I am sure my visitors will find that very useful
    java training in chennai | java training in bangalore

    java interview questions and answers | core java interview questions and answers

  16. This comment has been removed by the author.

  17. Thanks for posting this info. I just want to let you know that I just check out your site and I find it very interesting and informative. I can't wait to read lots of your posts

    angularjs Training in chennai
    angularjs-Training in pune

    angularjs-Training in chennai

    angularjs Training in chennai

    angularjs-Training in tambaram

    angularjs-Training in sholinganallur

  18. You have provided a nice article, Thank you very much for this. I hope this will be useful for many people. Please keep on updating these type of blogs with good content.Thank You...
    aws online training
    aws training in hyderabad
    aws online training in hyderabad

  19. Thank you so much for sharing this informative blog with us, this was really amazing and I’m really thankful to you.
    .. VIEW MORE:- Freelance Seo Expert in Delhi

  20. am amzaed by the way you have explained things in this post. This post is quite interesting and i am looking forward to read more of your posts.
    mi service center in chennai
    redmi service center in chennai
    xiaomi service centre chennai
    redmi service center
    mi service center
    redmi service center near me

  21. Nice post. Thanks for sharing! I want people to know just how good this information is in your article. It’s interesting content and Great work.
    Thanks & Regards,
    VRIT Professionals,
    No.1 Leading Web Designing Training Institute In Chennai.

    And also those who are looking for
    Web Designing Training Institute in Chennai
    SEO Training Institute in Chennai
    Photoshop Training Institute in Chennai
    PHP & Mysql Training Institute in Chennai
    Android Training Institute in Chennai

  22. This is the exact information I am been searching for, Thanks for sharing the required infos with the clear update and required points. To appreciate this I like to share some useful information regarding Microsoft Azure which is latest and newest,


    Azure Training in Chennai
    Azure Training Center in Chennai
    Best Azure Training in Chennai
    Azure Devops Training in Chenna
    Azure Training Institute in Chennai
    Azure Training in Chennai OMR
    Azure Training in Chennai Velachery
    Azure Online Training
    Azure Training in Chennai Credo Systemz

  23. I appreciate that you produced this wonderful article to help us get more knowledge about this topic. I know, it is not an easy task to write such a big article in one day, I've tried that and I've failed. But, here you are, trying the big task and finishing it off and getting good comments and ratings. That is one hell of a job done!
    angularjs online training

    apache spark online training

    informatica mdm online training

    devops online training

    aws online training

  24. I prefer to study this kind of material. Nicely written information in this post, the quality of content is fine and the conclusion is lovely. Things are very open and intensely clear explanation of issues
    Microsoft Azure online training
    Selenium online training
    Java online training
    Python online training
    uipath online training

  25. This comment has been removed by the author.


  26. Nice Article… I love to read your articles because your writing style is too good, its is very very helpful for all of us and I never get bored while reading your article because, they are becomes a more and more interesting from the starting lines until the end

    Check out : hadoop training in chennai cost
    hadoop certification training in chennai
    big data hadoop course in chennai with placement
    big data certification in chennai

  27. A good blog for the people who really needs information about this. Good work keep it up.


  28. I think things like this are really interesting. I absolutely love to find unique places like this. It really looks super creepy though!!

    big data hadoop training cost in chennai | hadoop training in Chennai | best bigdata hadoop training in chennai | best hadoop certification in Chennai

  29. Alleyaaircool is the one of the best home appliances repair canter in all over Delhi we deals in repairing window ac, Split ac , fridge , microwave, washing machine, water cooler, RO and more other home appliances in cheap rates

    Window AC Repair in vaishali
    Split AC Repair in indirapuram
    Fridge Repair in kaushambi
    Microwave Repair in patparganj
    Washing Machine Repair in vasundhara
    Water Cooler Repair in indirapuram
    RO Service AMC in vasundhara
    Any Cooling System in vaishali
    Window AC Repair in indirapuram

  30. if you had done love marraige and you are facing so much problems in your life so no need to worry i will tell you the best dua for husband and wife

  31. Thanks for a nice share you have given to us with such an large collection of information.
    Great work you have done by sharing them to all. for more info
    simply superb.PGDCA class in bhopal
    autocad in bhopal
    3ds max classes in bhopal
    CPCT Coaching in Bhopal
    java coaching in bhopal
    Autocad classes in bhopal
    Catia coaching in bhopal

  32. Get the best nursing services baby care services medical equipment services and allso get the physiotherapist at home in Delhi NCR For more information visit our site

    nursing attendant services in Delhi NCR
    medical equipment services in Delhi NCR
    nursing services in Delhi NCR
    physiotherapist at home in Delhi NCR
    baby care services in Delhi NCR

  33. Vanskeligheter( van bi ) vil passere. På samme måte som( van điện từ ) regnet utenfor( van giảm áp ) vinduet, hvor nostalgisk( van xả khí ) er det som til slutt( van cửa ) vil fjerne( van công nghiệp ) himmelen.

  34. Hey, would you mind if I share your blog with my twitter group? There’s a lot of folks that I think would enjoy your content. Please let me know. Thank you.
    blue prism training in chennai | blue prism course in chennai | best blue prism training institute in chennai | blue prism course in chennai | blue prism automation in chennai | blue prism certification in chennai

  35. Thanks for Sharing this useful information. Get sharepoint apps development from veelead solutions

  36. thanks for sharing
    The deadly Nipah virus has resurfaced in the south Indian state of Kerala, nearly a year after it claimed 17 lives.

    A 23-year-old student in Ernakulam district was tested positive for the highly contagious virus on June 4. The state government has put 311 people, whom he had been in contact with, under observation.
    viral post

  37. YouthHub is the Best Blog & Website which provides online news related to Best songs, comedy films, Celebrities, gadgets,
    fitness and many more.
    Bollywood Comedy
    Home Salon

  38. Thanks For sharing a nice post about AWS Training Course.It is very helpful and AWS useful for training in bangalore

  39. Thank you for excellent article.You made an article that is interesting.
    Best AWS certification training courses. Build your AWS cloud skills with expert instructor- led classes. Live projects, Hands-on training,24/7 support.

  40. Your articles really impressed for me,because of all information so tm training in bangalore

  41. Linking is very useful have really helped lots of people who visit blog and provide them use full simple logistics training in bangalore

  42. Being new to the blogging world I feel like there is still so much to learn. Your tips helped to clarify a few things for me as well as wm training in bangalore

  43. Really it was an awesome article,very interesting to read.You have provided an nice article,Thanks for ewm training in bangalore

  44. This is really an awesome post, thanks for it. Keep adding more information to mm training in bangalore

  45. thank you so much for this nice information Article, Digital marketing is tha good skill in grouth tha career For website creation, promotion and development contact here. For your digital marketing needs just have a look at Click net training in bangalore

  46. Aran’s traditional milk is pure A2 milk, Nattu Kozhi Muttai Chennai, Organic Milk Chennai, A2 Milk Chennai, Cow Milk Chennai, Naatu Maatu Paal Chennai Chennai hand-milked in a traditional way from healthy native Indian breeds and reaches your doorstep.

    Milking Process
    The milking is done from indigenous cows by using hands. No machines are used in order to ensure no harm is done to the cows

    Packing Methods
    As soon as milking is done, the milk is filtered and packed in the FSSAI certified place with hairnets and gloves on this packing is done into the 50 microns wrappers which are not reactive to the food items. Again, no machines are used for packing to contribute to the environment, as they consume more water and power.

    Milk Delivery
    As soon as packing and quality check are done, the milk packets are collected and brought for delivery.

  47. I think this is one of the most significant information for me. And i’m glad reading your article. Thanks for sharing!

    Upgrade your career Learn AWS Training from industry experts get Complete hands-on Training, Interview preparation, and Job Assistance at Bangalore Training Academy Located in BTM Layout.

  48. Very interesting, good job and thanks for sharing such a good blog. your article is so convincing that I never stop myself to say something about it. You’re doing a great job. Keep it up…

    Upgrade your career Learn SharePoint Developer Training in Bangalore from industry experts get Complete hands-on Training, Interview preparation, and Job Assistance at Softgen Infotech.

  49. Thanks for sharing this fantastic blog, really very informative. Your writing skill is very good, you must keep writing this type of blogs

    Home Salon Dubai
    wedding car hire gurgaon
    wedding car hire banglore wedding car hire delhi
    wedding car hire dehradun
    wedding car hire noida