Context Navigation

iptables.xml@ 5cd0959d

Visit:

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts krejzi/svn lazarus lxqt nosym perl-modules plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition systemd-11177 systemd-13485 trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal

Last change on this file since 5cd0959d was 5cd0959d, checked in by Archaic <archaic@…>, 20 years ago

Resetting keywords

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@2592 af4574ff-66df-0310-9fd7-8a98e5e911e0

Property mode set to 100644

File size: 6.0 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2">
8	<!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2">
9	<!ENTITY iptables-size "157 KB">
10	<!ENTITY iptables-buildsize "4.4 MB">
11	<!ENTITY iptables-time "0.13 SBU">
12	]>
13
14	<sect1 id="postlfs-security-iptables">
15	<sect1info>
16	<othername>$LastChangedBy$</othername>
17	<date>$Date$</date>
18	</sect1info>
19	<?dbhtml filename="iptables.html"?>
20	<title>iptables-&iptables-version;</title>
21
22	<para>The next part of this chapter deals with firewalls. The principle
23	firewall tool for Linux, as of the 2.4 kernel series, is
24	<application>iptables</application>. It replaces
25	<application>ipchains</application> from the 2.2 series and
26	<application>ipfwadm</application> from the 2.0 series. You will need to
27	install <application>iptables</application> if you intend on using any form of
28	a firewall.</para>
29
30	<sect2>
31	<title>Introduction to <application>iptables</application></title>
32
33	<para>To use a firewall, as well as installing
34	<application>iptables</application>, you will need
35	to configure the relevant options into your kernel. This is discussed
36	in the next part of this chapter –
37	<xref linkend="postlfs-security-fw-kernel"/>.</para>
38
39	<para>If you intend to use <acronym>IP</acronym>v6 you might consider extending
40	the kernel by running <command>make patch-o-matic</command> in the top-level
41	source tree directory of <application>iptables</application>. If you are
42	going to do this, on a freshly untarred kernel, you need to run
43	<command>yes "" \| make config && make dep</command> first because
44	otherwise the patch-o-matic command is likely to fail while setting up
45	some dependencies.</para>
46
47	<para>If you are going to patch the kernel, you need to do it before you
48	compile <application>iptables</application>, because during the compilation,
49	the kernel source tree is checked (if it is available at <filename
50	class="directory">/usr/src/linux-<replaceable>[version]</replaceable>
51	</filename>) to see which features are available. Support will only be compiled
52	into <application>iptables</application> for the features recognized at
53	compile-time. Applying a kernel patch may result in errors, often because the
54	hooks for the patches have changed or because the <command>runme</command>
55	script doesn't recognize that a patch has already been incorporated.</para>
56
57	<para>Note that for most people, patching the kernel is unnecessary.
58	With the later 2.4.x kernels, most functionality is already available
59	and those who need to patch it are generally those who need a specific
60	feature; if you don't know why you need to patch the kernel, you're
61	unlikely to need to!</para>
62
63	<sect3><title>Package information</title>
64	<itemizedlist spacing='compact'>
65	<listitem><para>Download (HTTP): <ulink
66	url="&iptables-download-http;"/></para></listitem>
67	<listitem><para>Download (FTP): <ulink
68	url="&iptables-download-ftp;"/></para></listitem>
69	<listitem><para>Download size: &iptables-size;</para></listitem>
70	<listitem><para>Estimated Disk space required:
71	&iptables-buildsize;</para></listitem>
72	<listitem><para>Estimated build time:
73	&iptables-time;</para></listitem></itemizedlist>
74	</sect3>
75
76	<sect3><title>Additional downloads</title>
77	<itemizedlist spacing='compact'>
78	<listitem><para>Required Patch (fixes a build issue with
79	<application>linux</application>-2.6.7): <ulink
80	url="&patch-root;/iptables-&iptables-version;-build_fix-1.patch"/></para>
81	</listitem>
82	</itemizedlist></sect3>
83
84	</sect2>
85
86	<sect2>
87	<title>Installation of <application>iptables</application></title>
88
89	<para>Install <application>iptables</application> by running the following
90	commands:</para>
91
92	<screen><userinput><command>patch -Np1 -i ../iptables-&iptables-version;-build_fix-1.patch &&
93	make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin &&
94	make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install</command></userinput></screen>
95
96	</sect2>
97
98	<sect2>
99	<title>Command explanations</title>
100
101	<para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles
102	and installs <application>iptables</application> libraries into
103	<filename class="directory">/lib</filename>, binaries into
104	<filename class="directory">/sbin</filename> and the remainder into the
105	<filename class="directory">/usr</filename> hierarchy instead of
106	<filename class="directory">/usr/local</filename>. Firewalls are
107	generally activated during the boot process and
108	<filename class="directory">/usr</filename> may not be mounted at that
109	time.</para>
110
111	</sect2>
112
113	<sect2>
114	<title>Contents</title>
115
116	<para>The <application>iptables</application> package contains
117	<command>iptables</command>, <command>iptables-restore</command>,
118	<command>iptables-save</command>, <command>ip6tables</command>
119	and the <filename class='libraryfile'>libip*.so</filename> library
120	modules.</para>
121
122	</sect2>
123
124	<sect2><title>Description</title>
125
126	<sect3><title>iptables</title>
127	<para><command>iptables</command> is used to set up, maintain, and inspect the
128	tables of <acronym>IP</acronym> packet filter rules in the Linux kernel.</para>
129	</sect3>
130
131	<sect3><title>iptables-restore, iptables-save</title>
132	<para>These are used to save and to restore your elaborated set of chains and
133	rules. Until <application>iptables</application>-1.2.5, they were declared
134	experimental.</para>
135	</sect3>
136
137	<sect3 id="ip6tables" xreflabel="ip6tables"><title>ip6tables</title>
138	<para>This is the same as <command>iptables</command> but for use with
139	<acronym>IP</acronym>v6. As of v1.2.5, it is not as complete as the standard
140	<acronym>IP</acronym>v4 version, especially with regard to some of the
141	modules.</para>
142	</sect3>
143
144	<sect3><title>libip*.so library modules</title>
145	<para>These are various modules (implemented as dynamic libraries) which
146	extend the core functionality of <command>iptables</command>.</para>
147	</sect3>
148
149	</sect2>
150
151	</sect1>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: postlfs/security/iptables.xml@ 5cd0959d

Download in other formats: