1 | <sect2>
|
---|
2 | <title>Introduction to <application>iptables</application></title>
|
---|
3 |
|
---|
4 | <para>To use a firewall, as well as installing
|
---|
5 | <application>iptables</application>, you will need
|
---|
6 | to configure the relevant options into your kernel. This is discussed
|
---|
7 | in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para>
|
---|
8 |
|
---|
9 | <para>If you intend to use <acronym>IP</acronym>v6 you might consider extending
|
---|
10 | the kernel by running <command>make patch-o-matic</command> in the top-level
|
---|
11 | directory of the sources of <application>iptables</application>. If you are
|
---|
12 | going to do this, on a freshly untarred kernel, you need to run
|
---|
13 | <command>yes "" | make config && make dep</command> first because
|
---|
14 | otherwise the patch-o-matic command is likely to fail while setting up
|
---|
15 | some dependencies.</para>
|
---|
16 |
|
---|
17 | <para>If you are going to patch the kernel, you need to do it before you
|
---|
18 | compile <application>iptables</application>, because during the compilation,
|
---|
19 | the kernel source tree is checked (if it is available at <filename
|
---|
20 | class="directory">/usr/src/linux-<replaceable>[version]</replaceable>
|
---|
21 | </filename>) to see which features are available. Support will only be compiled
|
---|
22 | into <application>iptables</application> for the features recognized at
|
---|
23 | compile-time. Applying a kernel patch may result in errors, often because the
|
---|
24 | hooks for the patches have changed or because the runme script doesn't
|
---|
25 | recognize that a patch has already been incorporated.</para>
|
---|
26 |
|
---|
27 | <para>Note that for most people, patching the kernel is unnecessary.
|
---|
28 | With the later 2.4.x kernels, most functionality is already available
|
---|
29 | and those who need to patch it are generally those who need a specific
|
---|
30 | feature; if you don't know why you need to patch the kernel, you're
|
---|
31 | unlikely to need to!</para>
|
---|
32 |
|
---|
33 | <sect3><title>Package information</title>
|
---|
34 | <itemizedlist spacing='compact'>
|
---|
35 | <listitem><para>Download (HTTP): <ulink
|
---|
36 | url="&iptables-download-http;"/></para></listitem>
|
---|
37 | <listitem><para>Download (FTP): <ulink
|
---|
38 | url="&iptables-download-ftp;"/></para></listitem>
|
---|
39 | <listitem><para>Download size: &iptables-size;</para></listitem>
|
---|
40 | <listitem><para>Estimated Disk space required:
|
---|
41 | &iptables-buildsize;</para></listitem>
|
---|
42 | <listitem><para>Estimated build time:
|
---|
43 | &iptables-time;</para></listitem></itemizedlist>
|
---|
44 | </sect3>
|
---|
45 |
|
---|
46 |
|
---|
47 | </sect2>
|
---|