source: postlfs/security/iptables.xml@ 0d4fcfa

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 12.2 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gimp3 gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/for-12.3 xry111/intltool xry111/llvm18 xry111/soup3 xry111/spidermonkey128 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since 0d4fcfa was 0d4fcfa, checked in by Bruce Dubbs <bdubbs@…>, 20 years ago

Added iptables bootscript installation

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3626 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 7.4 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2">
8 <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2">
9 <!ENTITY iptables-md5sum "c3358a3bd0d7755df0b64a5063db296b">
10 <!ENTITY iptables-size "177 KB">
11 <!ENTITY iptables-buildsize "3.8 MB">
12 <!ENTITY iptables-time "0.14 SBU">
13]>
14
15<sect1 id="iptables" xreflabel="iptables-&iptables-version;">
16<sect1info>
17<othername>$LastChangedBy$</othername>
18<date>$Date$</date>
19</sect1info>
20<?dbhtml filename="iptables.html"?>
21<title>iptables-&iptables-version;</title>
22
23<indexterm zone="iptables">
24 <primary sortas="a-Iptables">Iptables</primary>
25</indexterm>
26
27<para>The next part of this chapter deals with firewalls. The principal
28firewall tool for Linux, as of the 2.4 kernel series, is
29<application>iptables</application>. It replaces
30<application>ipchains</application> from the 2.2 series and
31<application>ipfwadm</application> from the 2.0 series. You will need to
32install <application>iptables</application> if you intend on using any form of
33a firewall.</para>
34
35<sect2 id='iptables-kernel'>
36<title>Introduction to <application>iptables</application></title>
37
38<para>A firewall in Linux is accomplished through a portion of the kernel
39called netfilter. The interface to netfilter is <application>iptables</application>.
40To use it, the appropriate kernel configuration parameters are found in
41Device Drivers -&gt; Networking Support -&gt; Networking Options -&gt;
42Network Packet Filtering -&gt; IP: Netfilter Configuration.
43
44<indexterm zone="iptables iptables-kernel">
45 <primary sortas="d-iptables">Iptables</primary>
46</indexterm>
47
48</para>
49
50<sect3>
51<title>Package information</title>
52<itemizedlist spacing='compact'>
53 <listitem><para>Download (HTTP): <ulink url="&iptables-download-http;"/></para></listitem>
54 <listitem><para>Download (FTP): <ulink url="&iptables-download-ftp;"/></para></listitem>
55 <listitem><para>Download MD5 sum: &iptables-md5sum;</para></listitem>
56 <listitem><para>Download size: &iptables-size;</para></listitem>
57 <listitem><para>Estimated disk space required: &iptables-buildsize;</para></listitem>
58 <listitem><para>Estimated build time: &iptables-time;</para></listitem>
59</itemizedlist>
60</sect3>
61
62</sect2>
63
64<sect2>
65<title>Installation of <application>iptables</application></title>
66
67<note>
68 <para>Installation of <application>iptables</application> will fail if raw
69 kernel headers are found in <filename class='directory'>/usr/src/linux</filename>
70 either as actual files or a symlink. As of the Linux 2.6 kernel series,
71 this directory should no longer exist because appropriate headers were installed
72 in the linux-libc-headers package during the base <acronym>LFS</acronym> installation.
73 </para>
74
75 <para>For some non-x86 architectures, the raw kernel headers may be required.
76 In that case, add the environment variable KERNEL_DIR=/usr/src/linux to the
77 make commands below.</para>
78</note>
79
80<para>Install <application>iptables</application> by running the following
81commands:</para>
82
83<screen><userinput><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</command></userinput></screen>
84
85<para>Now, as the root user:</para>
86
87<screen><userinput role='root'><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install</command></userinput></screen>
88
89</sect2>
90
91<sect2>
92<title>Command explanations</title>
93
94<para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles
95and installs <application>iptables</application> libraries into
96<filename class="directory">/lib</filename>, binaries into
97<filename class="directory">/sbin</filename> and the remainder into the
98<filename class="directory">/usr</filename> hierarchy instead of
99<filename class="directory">/usr/local</filename>. Firewalls are
100generally activated during the boot process and
101<filename class="directory">/usr</filename> may not be mounted at that
102time.</para>
103
104</sect2>
105
106<sect2>
107<title>Installing the iptables bootscript</title>
108
109<para id="iptables-init">To set up the iptables firewall at boot, install the
110<filename>/etc/rc.d/init.d/iptables</filename> init script included in the
111<xref linkend="intro-important-bootscripts"/> package.</para>
112
113<indexterm zone="iptables iptables-init">
114 <primary sortas="f-iptables">iptables</primary>
115</indexterm>
116
117<screen><userinput role='root'><command>make install-iptables</command></userinput></screen>
118
119<para>Introductory instructions for configuring your firewall are presented
120in the next section: <xref linkend='fw-firewall'/> </para>
121
122</sect2>
123
124
125<sect2>
126<title>Contents</title>
127
128<segmentedlist>
129<segtitle>Installed Programs</segtitle>
130<segtitle>Installed Libraries</segtitle>
131<segtitle>Installed Directory</segtitle>
132
133<seglistitem>
134<seg>iptables, iptables-restore, iptables-save and ip6tables</seg>
135<seg>libip6t_*.so and libipt_*.so</seg>
136<seg>/lib/iptables</seg>
137</seglistitem>
138</segmentedlist>
139
140<variablelist>
141<bridgehead renderas="sect3">Short Descriptions</bridgehead>
142<?dbfo list-presentation="list"?>
143
144<varlistentry id="iptables-prog">
145 <term><command>iptables</command></term>
146 <listitem><para>is used to set up, maintain, and inspect the tables of
147 <acronym>IP</acronym> packet filter rules in the Linux kernel.</para>
148 <indexterm zone="iptables iptables-prog">
149 <primary sortas="b-iptables">iptables</primary>
150 </indexterm>
151 </listitem>
152</varlistentry>
153
154<varlistentry id="iptables-restore">
155 <term><command>iptables-restore</command></term>
156 <listitem><para>is used to restore <acronym>IP</acronym> Tables from data
157 specified on <acronym>STDIN</acronym>. Use I/O redirection provided by your
158 shell to read from a file.</para>
159 <indexterm zone="iptables iptables-restore">
160 <primary sortas="b-iptables-restore">iptables-restore</primary>
161 </indexterm>
162 </listitem>
163</varlistentry>
164
165<varlistentry id="iptables-save">
166 <term><command>iptables-save</command></term>
167 <listitem><para>is used to dump the contents of an <acronym>IP</acronym> Table
168 in easily parseable format to <acronym>STDOUT</acronym>. Use I/O-redirection
169 provided by your shell to write to a file.</para>
170 <indexterm zone="iptables iptables-save">
171 <primary sortas="b-iptables-save">iptables-save</primary>
172 </indexterm>
173 </listitem>
174</varlistentry>
175
176<varlistentry id="ip6tables">
177 <term><command>ip6tables</command></term>
178 <listitem><para>is used to set up, maintain, and inspect the tables of
179 <acronym>IP</acronym>v6 packet filter rules in the Linux kernel. Several
180 different tables may be defined. Each table contains a number of built-in
181 chains and may also contain user-defined chains.</para>
182 <indexterm zone="iptables ip6tables">
183 <primary sortas="b-ip6tables">ip6tables</primary>
184 </indexterm>
185 </listitem>
186</varlistentry>
187
188<varlistentry id="libip-iptables">
189 <term><filename class='libraryfile'>libip*.so</filename></term>
190 <listitem><para>library modules are various modules (implemented as dynamic
191 libraries) which extend the core functionality of
192 <command>iptables</command>.</para>
193 <indexterm zone="iptables libip-iptables">
194 <primary sortas="c-libip-iptables">libip*.so</primary>
195 </indexterm>
196 </listitem>
197</varlistentry>
198
199</variablelist>
200</sect2>
201</sect1>
Note: See TracBrowser for help on using the repository browser.