source: postlfs/security/firewalling/kernel.xml@ 30f1425

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb v5_0 v5_0-pre1 v5_1 v5_1-pre1 xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 30f1425 was 30f1425, checked in by Larry Lawrence <larry@…>, 21 years ago

edits of firewalling and shadow

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1057 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 4.0 KB
Line 
1<sect2 id="postlfs-security-fw-kernel" xreflabel="getting a firewalling-enabled Kernel">
2<title>Getting a firewalling-enabled Kernel</title>
3
4<para>If you want your Linux-Box to do firewalling you must first ensure
5that your kernel has been compiled with the relevant options turned on
6<!-- <footnote><para>If you needed assistance howto configure, compile and install
7a new kernel, refer back to chapter VIII of the LinuxFromScratch book,
8<ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/kernel.html">Installing a kernel</ulink>
9 and eventually
10<ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/lilo.html">Making the LFS system bootable</ulink>
11; note, that you'll need to reboot
12to actually run your new kernel.</para></footnote>-->.</para>
13
14<para>How to configure your kernel, with enabling the options to be
15either compiled into the kernel or as modules, depends on your personal
16preferences and experience. Note, that for the quoted scripts it is assumed
17that the modules need to be loaded at first.</para>
18
19<screen>Network options menu
20 Network paket filtering: Y
21 Unix domain sockets: Y or M
22 TCP/IP networking: Y
23 IP: advanced router: Y
24 IP: verbose route monitoring: Y
25 IP: TCP Explicit Congestion Notification support: Y
26 IP: TCP syncookie support: Y
27 IP: Netfilter Configuration menu
28 Every option except: Y or M
29 ipchains (2.2-style) support N
30 ipfwadm (2.0-style) support N
31 Fast switching: N</screen>
32
33<!--
34<table frame='none'>
35<title>Essential config-options for a firewalling-enabled Kernel</title>
36
37<tgroup cols='5'>
38<colspec colnum='1' colwidth='8*' align='center'/>
39<colspec colnum='2' colwidth='19*' align='left'/>
40<colspec colnum='3' colwidth='11*' align='center'/>
41<colspec colnum='4' colwidth='1*' align='center'/>
42<colspec colnum='5' colwidth='14*' align='left'/>
43
44<tbody>
45
46<row>
47<entry><emphasis><userinput>Networking options:</userinput></emphasis></entry>
48<entry><userinput>Network packet filtering</userinput></entry>
49<entry></entry>
50<entry>=</entry>
51<entry>CONFIG_NETFILTER</entry>
52</row>
53
54<row>
55<entry></entry>
56<entry><userinput>Unix domain sockets</userinput></entry>
57<entry></entry>
58<entry>=</entry>
59<entry>CONFIG_UNIX</entry>
60</row>
61
62<row>
63<entry></entry>
64<entry><userinput>IP: TCP/IP networking</userinput></entry>
65<entry></entry>
66<entry>=</entry>
67<entry>CONFIG_INET</entry>
68</row>
69
70<row>
71<entry></entry>
72<entry><userinput>IP: advanced router</userinput></entry>
73<entry></entry>
74<entry>=</entry>
75<entry>CONFIG_IP_ADVANCED_ROUTER</entry>
76</row>
77
78<row>
79<entry></entry>
80<entry><userinput>IP: verbose route monitoring</userinput></entry>
81<entry></entry>
82<entry>=</entry>
83<entry>CONFIG_IP_ROUTE_VERBOSE</entry>
84</row>
85
86<row>
87<entry></entry>
88<entry><userinput>IP: TCP Explicit Congestion Notification support</userinput></entry>
89<entry></entry>
90<entry>=</entry>
91<entry>CONFIG_INET_ECN</entry>
92</row>
93
94<row>
95<entry></entry>
96<entry><userinput>IP: TCP syncookie support</userinput></entry>
97<entry></entry>
98<entry>=</entry>
99<entry>CONFIG_SYN_COOKIES</entry>
100</row>
101
102<row>
103<entry></entry>
104<entry align='center'>
105<emphasis><userinput>IP: Netfilter Configuration:</userinput></emphasis></entry>
106<entry align='left'><userinput>every option</userinput></entry>
107<entry>=</entry>
108<entry>CONFIG_IP_NF_*</entry>
109</row>
110
111<row>
112<entry></entry>
113<entry align='right'><emphasis>WITHOUT:</emphasis></entry>
114<entry align='left'><literallayout><userinput>ipchains (2.2-style) support
115ipfw-adm (2.0-style) support</userinput></literallayout></entry>
116<entry>w\</entry>
117<entry>CONFIG_IP_NF_COMPAT_*</entry>
118</row>
119
120<row>
121<entry></entry>
122<entry><userinput>Fast switching</userinput></entry>
123<entry>Make sure to disable it because it would setup a bypass around
124your firewalling-rules.</entry>
125<entry>w\</entry>
126<entry>CONFIG_NET_FASTROUTE</entry>
127</row>
128
129</tbody>
130
131</tgroup>
132
133</table> -->
134
135</sect2>
Note: See TracBrowser for help on using the repository browser.