strongswan: do not force to use iptable-legacy

The default firewall is the fw4, which uses nft. In order to not
install the legacy implementation when installing strongswan, the build
system should decide which firewall backend to use.

While we are at it, I have also added the dependency packages for IPV6.

Signed-off-by: Florian Eckert <redacted>

diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index d80e2b1b70911c1bb0dd1e51a0b306ae09546d1b..3cb1c94a675f4a2cf01ff0960b1f528651ed561d 100644 (file)
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -732,7 +732,7 @@ $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-charon +strongswan-ipsec))
 $(eval $(call BuildPlugin,test-vectors,crypto test vectors,))
 $(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci))
 $(eval $(call BuildPlugin,unity,Cisco Unity extension,))
-$(eval $(call BuildPlugin,updown,updown firewall,+iptables-legacy +iptables-mod-ipsec +kmod-ipt-ipsec))
+$(eval $(call BuildPlugin,updown,updown firewall,+iptables +IPV6:ip6tables +iptables-mod-ipsec +kmod-ipt-ipsec))
 $(eval $(call BuildPlugin,vici,Versatile IKE Configuration Interface,))
 $(eval $(call BuildPlugin,whitelist,peer identity whitelisting,))
 $(eval $(call BuildPlugin,x509,x509 certificate,))