1 | <sect2>
|
---|
2 | <title>Introduction to iptables</title>
|
---|
3 |
|
---|
4 | <screen>Download location (HTTP): <ulink url="&iptables-download-http;"/>
|
---|
5 | Download location (FTP): <ulink url="&iptables-download-ftp;"/>
|
---|
6 | Version used: &iptables-version;
|
---|
7 | Package size: &iptables-size;
|
---|
8 | Estimated Disk space required: &iptables-buildsize;</screen>
|
---|
9 |
|
---|
10 | <para>To use firewalling, as well as installing iptables, you will need
|
---|
11 | to configure the relevant options into your kernel. This is discussed
|
---|
12 | in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para>
|
---|
13 |
|
---|
14 | <para>If you intend to use IPv6 you might consider extending the kernel
|
---|
15 | by running <userinput>make patch-o-matic</userinput> in the top-level
|
---|
16 | directory of the sources of iptables. If you are going to do this, on a
|
---|
17 | freshly untarred kernel, you need to run <userinput>yes "" | make config
|
---|
18 | && make dep</userinput> first because otherwise the
|
---|
19 | patch-o-matic command is likely to fail while setting up
|
---|
20 | some dependencies.</para>
|
---|
21 |
|
---|
22 | <para>If you are going to patch the kernel, you need to do it before you
|
---|
23 | compile iptables, because during the compilation, the kernel source tree
|
---|
24 | is checked (if it is available at <filename>/usr/src/linux</filename> to
|
---|
25 | see which features are available. Support will only be compiled into
|
---|
26 | iptables for the features recognised at compile-time. Applying a kernel
|
---|
27 | patch may result in errors, often because the hooks for the patches
|
---|
28 | have changed or because the runme script doesn't recognize that a patch
|
---|
29 | has already been incorporated.</para>
|
---|
30 |
|
---|
31 | <para>Note that for most people, patching the kernel is unnecessary.
|
---|
32 | With the later 2.4.x kernels, most functionality is already available
|
---|
33 | and those who need to patch it are generally those who need a specific
|
---|
34 | feature; if you don't know why you need to patch the kernel, you're
|
---|
35 | unlikely to need to!</para>
|
---|
36 |
|
---|
37 | </sect2>
|
---|