[f45b1953] | 1 | <sect2>
|
---|
[e760c5c] | 2 | <title>Introduction to <application>iptables</application></title>
|
---|
[f45b1953] | 3 |
|
---|
[e760c5c] | 4 | <para>To use firewalling, as well as installing
|
---|
| 5 | <application>iptables</application>, you will need
|
---|
[f45b1953] | 6 | to configure the relevant options into your kernel. This is discussed
|
---|
| 7 | in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para>
|
---|
| 8 |
|
---|
[e760c5c] | 9 | <para>If you intend to use <acronym>IP</acronym>v6 you might consider extending
|
---|
| 10 | the kernel by running <command>make patch-o-matic</command> in the top-level
|
---|
| 11 | directory of the sources of <application>iptables</application>. If you are
|
---|
| 12 | going to do this, on a freshly untarred kernel, you need to run
|
---|
| 13 | <command>yes "" | make config && make dep</command> first because
|
---|
| 14 | otherwise the patch-o-matic command is likely to fail while setting up
|
---|
[f45b1953] | 15 | some dependencies.</para>
|
---|
| 16 |
|
---|
| 17 | <para>If you are going to patch the kernel, you need to do it before you
|
---|
[e760c5c] | 18 | compile <application>iptables</application>, because during the compilation,
|
---|
| 19 | the kernel source tree is checked (if it is available at <filename
|
---|
| 20 | class="directory">/usr/src/linux-<replaceable>[version]</replaceable>
|
---|
| 21 | </filename> to see which features are available. Support will only be compiled
|
---|
| 22 | into <application>iptables</application> for the features recognized at
|
---|
| 23 | compile-time. Applying a kernel patch may result in errors, often because the
|
---|
| 24 | hooks for the patches have changed or because the runme script doesn't
|
---|
| 25 | recognize that a patch has already been incorporated.</para>
|
---|
[f45b1953] | 26 |
|
---|
| 27 | <para>Note that for most people, patching the kernel is unnecessary.
|
---|
| 28 | With the later 2.4.x kernels, most functionality is already available
|
---|
| 29 | and those who need to patch it are generally those who need a specific
|
---|
| 30 | feature; if you don't know why you need to patch the kernel, you're
|
---|
| 31 | unlikely to need to!</para>
|
---|
| 32 |
|
---|
[e760c5c] | 33 | <sect3><title>Package information</title>
|
---|
| 34 | <itemizedlist spacing='compact'>
|
---|
| 35 | <listitem><para>Download (HTTP): <ulink
|
---|
| 36 | url="&iptables-download-http;"/></para></listitem>
|
---|
| 37 | <listitem><para>Download (FTP): <ulink
|
---|
| 38 | url="&iptables-download-ftp;"/></para></listitem>
|
---|
| 39 | <listitem><para>Download size: &iptables-size;</para></listitem>
|
---|
| 40 | <listitem><para>Estimated Disk space required:
|
---|
| 41 | &iptables-buildsize;</para></listitem>
|
---|
| 42 | <listitem><para>Estimated build time:
|
---|
| 43 | &iptables-time;</para></listitem></itemizedlist>
|
---|
| 44 | </sect3>
|
---|
| 45 |
|
---|
| 46 |
|
---|
[f45b1953] | 47 | </sect2>
|
---|