%general-entities; ]> $LastChangedBy$ $Date$ Iptables The next part of this chapter deals with firewalls. The principal firewall tool for Linux, as of the 2.4 kernel series, is iptables. It replaces ipchains from the 2.2 series and ipfwadm from the 2.0 series. You will need to install iptables if you intend on using any form of a firewall. A firewall in Linux is accomplished through a portion of the kernel called netfilter. The interface to netfilter is iptables. To use it, the appropriate kernel configuration parameters are found in Device Drivers -> Networking Support -> Networking Options -> Network Packet Filtering -> IP: Netfilter Configuration. Iptables Download (HTTP): Download (FTP): Download MD5 sum: &iptables-md5sum; Download size: &iptables-size; Estimated disk space required: &iptables-buildsize; Estimated build time: &iptables-time; Installation of iptables will fail if raw kernel headers are found in /usr/src/linux either as actual files or a symlink. As of the Linux 2.6 kernel series, this directory should no longer exist because appropriate headers were installed in the linux-libc-headers package during the base LFS installation. For some non-x86 architectures, the raw kernel headers may be required. In that case, add the environment variable KERNEL_DIR=/usr/src/linux to the make commands below. Install iptables by running the following commands: make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin Now, as the root user: make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install PREFIX=/usr LIBDIR=/lib BINDIR=/sbin: Compiles and installs iptables libraries into /lib, binaries into /sbin and the remainder into the /usr hierarchy instead of /usr/local. Firewalls are generally activated during the boot process and /usr may not be mounted at that time. To set up the iptables firewall at boot, install the /etc/rc.d/init.d/iptables init script included in the package. iptables make install-iptables Introductory instructions for configuring your firewall are presented in the next section: Installed Programs Installed Libraries Installed Directory iptables, iptables-restore, iptables-save and ip6tables libip6t_*.so and libipt_*.so /lib/iptables Short Descriptions iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. iptables iptables-restore is used to restore IP Tables from data specified on STDIN. Use I/O redirection provided by your shell to read from a file. iptables-restore iptables-save is used to dump the contents of an IP Table in easily parseable format to STDOUT. Use I/O-redirection provided by your shell to write to a file. iptables-save ip6tables is used to set up, maintain, and inspect the tables of IPv6 packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains. ip6tables libip*.so library modules are various modules (implemented as dynamic libraries) which extend the core functionality of iptables. libip*.so