Changeset 0e3848e3 for postlfs/security/iptables.xml
- Timestamp:
- 03/13/2005 07:24:56 AM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- ed1b95e
- Parents:
- f8962fe
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/iptables.xml
rf8962fe r0e3848e3 33 33 a firewall.</para> 34 34 35 <sect2 >35 <sect2 id='iptables-kernel'> 36 36 <title>Introduction to <application>iptables</application></title> 37 37 38 <para> To use a firewall, as well as installing39 <application>iptables</application>, you will need 40 to configure the relevant options into your kernel. This is discussed 41 in the next part of this chapter –42 <xref linkend="fw-kernel"/>.</para> 38 <para>A firewall in Linux is accomplished through a portion of the kernel 39 called netfilter. The interface to netfilter is <application>iptables</application>. 40 To use it, the appropriate kernel configuration parameters are found in 41 Device Drivers -> Networking Support -> Networking Options -> 42 Network Packet Filtering -> IP: Netfilter Configuration. 43 43 44 <para>If you intend to use <acronym>IP</acronym>v6 you might consider extending 45 the kernel by running <command>make patch-o-matic</command> in the top-level 46 source tree directory of <application>iptables</application>. If you are 47 going to do this, on a freshly untarred kernel, you need to run 48 <command>yes "" | make config && make dep</command> first because 49 otherwise the patch-o-matic command is likely to fail while setting up 50 some dependencies.</para> 44 <indexterm zone="iptables iptables-kernel"> 45 <primary sortas="d-iptables">Iptables</primary> 46 </indexterm> 51 47 52 <para>If you are going to patch the kernel, you need to do it before you 53 compile <application>iptables</application>, because during the compilation, 54 the kernel source tree is checked (if it is available at <filename 55 class="directory">/usr/src/linux-<replaceable>[version]</replaceable> 56 </filename>) to see which features are available. Support will only be compiled 57 into <application>iptables</application> for the features recognized at 58 compile-time. Applying a kernel patch may result in errors, often because the 59 hooks for the patches have changed or because the <command>runme</command> 60 script doesn't recognize that a patch has already been incorporated.</para> 61 62 <para>Note that for most people, patching the kernel is unnecessary. 63 With the later 2.4.x kernels, most functionality is already available 64 and those who need to patch it are generally those who need a specific 65 feature; if you don't know why you need to patch the kernel, you're 66 unlikely to need to!</para> 48 </para> 67 49 68 50 <sect3>
Note:
See TracChangeset
for help on using the changeset viewer.