[f45b1953] | 1 | <sect2>
|
---|
| 2 | <title>Introduction to iptables</title>
|
---|
| 3 |
|
---|
| 4 | <screen>Download location: &iptables-download;
|
---|
| 5 | Version used: &iptables-version;
|
---|
| 6 | Package size: &iptables-size;
|
---|
| 7 | Estimated Disk space required: &iptables-buildsize;</screen>
|
---|
| 8 |
|
---|
| 9 | <para>To use firewalling, as well as installing iptables, you will need
|
---|
| 10 | to configure the relevant options into your kernel. This is discussed
|
---|
| 11 | in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para>
|
---|
| 12 |
|
---|
| 13 | <para>If you intend to use IPv6 you might consider extending the kernel
|
---|
| 14 | by running <userinput>make patch-o-matic</userinput> in the top-level
|
---|
| 15 | directory of the sources of iptables. If you are going to do this, on a
|
---|
| 16 | freshly untarred kernel, you need to run <userinput>yes "" | make config
|
---|
| 17 | && make dep</userinput> first because otherwise the
|
---|
| 18 | patch-o-matic command is likely to fail while setting up
|
---|
| 19 | some dependencies.</para>
|
---|
| 20 |
|
---|
| 21 | <para>If you are going to patch the kernel, you need to do it before you
|
---|
| 22 | compile iptables, because during the compilation, the kernel source tree
|
---|
| 23 | is checked (if it is available at <filename>/usr/src/linux</filename> to
|
---|
| 24 | see which features are available. Support will only be compiled into
|
---|
| 25 | iptables for the features recognised at compile-time. Applying a kernel
|
---|
| 26 | patch may result in errors, often because the hooks for the patches
|
---|
| 27 | have changed or because the runme script doesn't recognize that a patch
|
---|
| 28 | has already been incorporated.</para>
|
---|
| 29 |
|
---|
| 30 | <para>Note that for most people, patching the kernel is unnecessary.
|
---|
| 31 | With the later 2.4.x kernels, most functionality is already available
|
---|
| 32 | and those who need to patch it are generally those who need a specific
|
---|
| 33 | feature; if you don't know why you need to patch the kernel, you're
|
---|
| 34 | unlikely to need to!</para>
|
---|
| 35 |
|
---|
| 36 | </sect2>
|
---|