source: postlfs/security/iptables/iptables-intro.xml@ e760c5c

10.0 10.1 11.0 11.1 6.0 6.1 6.2 6.2.0 6.2.0-rc1 6.2.0-rc2 6.3 6.3-rc1 6.3-rc2 6.3-rc3 7.10 7.4 7.5 7.6 7.6-blfs 7.6-systemd 7.7 7.8 7.9 8.0 8.1 8.2 8.3 8.4 9.0 9.1 basic bdubbs/svn elogind gnome kde5-13430 kde5-14269 kde5-14686 krejzi/svn lazarus nosym perl-modules qt5new systemd-11177 systemd-13485 trunk upgradedb v5_0 v5_0-pre1 v5_1 v5_1-pre1 xry111/intltool xry111/test-20220226
Last change on this file since e760c5c was e760c5c, checked in by Larry Lawrence <larry@…>, 19 years ago

update to iptables-1.2.8

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@906 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 2.2 KB
Line 
1<sect2>
2<title>Introduction to <application>iptables</application></title>
3
4<para>To use firewalling, as well as installing
5<application>iptables</application>, you will need
6to configure the relevant options into your kernel. This is discussed
7in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para>
8
9<para>If you intend to use <acronym>IP</acronym>v6 you might consider extending
10the kernel by running <command>make patch-o-matic</command> in the top-level
11directory of the sources of <application>iptables</application>. If you are
12going to do this, on a freshly untarred kernel, you need to run
13<command>yes "" | make config &amp;&amp; make dep</command> first because
14otherwise the patch-o-matic command is likely to fail while setting up
15some dependencies.</para>
16
17<para>If you are going to patch the kernel, you need to do it before you
18compile <application>iptables</application>, because during the compilation,
19the kernel source tree is checked (if it is available at <filename
20class="directory">/usr/src/linux-<replaceable>[version]</replaceable>
21</filename> to see which features are available. Support will only be compiled
22into <application>iptables</application> for the features recognized at
23compile-time. Applying a kernel patch may result in errors, often because the
24hooks for the patches have changed or because the runme script doesn't
25recognize that a patch has already been incorporated.</para>
26
27<para>Note that for most people, patching the kernel is unnecessary.
28With the later 2.4.x kernels, most functionality is already available
29and those who need to patch it are generally those who need a specific
30feature; if you don't know why you need to patch the kernel, you're
31unlikely to need to!</para>
32
33<sect3><title>Package information</title>
34<itemizedlist spacing='compact'>
35<listitem><para>Download (HTTP): <ulink
36url="&iptables-download-http;"/></para></listitem>
37<listitem><para>Download (FTP): <ulink
38url="&iptables-download-ftp;"/></para></listitem>
39<listitem><para>Download size: &iptables-size;</para></listitem>
40<listitem><para>Estimated Disk space required:
41&iptables-buildsize;</para></listitem>
42<listitem><para>Estimated build time:
43&iptables-time;</para></listitem></itemizedlist>
44</sect3>
45
46
47</sect2>
Note: See TracBrowser for help on using the repository browser.