Changeset 0e3848e3 for postlfs/security/iptables.xml

Timestamp:

03/13/2005 07:24:56 AM (19 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

ed1b95e

Parents:

f8962fe

Message:

Update firewalling section

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@3539 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/iptables.xml (modified) (1 diff)

postlfs/security/iptables.xml

@@ -33 +33 @@
 a firewall.</para>
 
-<sect2>
+<sect2 id='iptables-kernel'>
 <title>Introduction to <application>iptables</application></title>
 
-<para>To use a firewall, as well as installing
-<application>iptables</application>, you will need
-to configure the relevant options into your kernel.  This is discussed
-in the next part of this chapter &ndash; 
-<xref linkend="fw-kernel"/>.</para>
+<para>A firewall in Linux is accomplished through a portion of the kernel
+called netfilter.  The interface to netfilter is <application>iptables</application>.
+To use it, the appropriate kernel configuration parameters are found in 
+Device Drivers -&gt; Networking Support -&gt; Networking Options -&gt; 
+Network Packet Filtering -&gt; IP: Netfilter Configuration.
 
-<para>If you intend to use <acronym>IP</acronym>v6 you might consider extending
-the kernel by running <command>make patch-o-matic</command> in the top-level
-source tree directory of <application>iptables</application>.  If you are 
-going to do this, on a freshly untarred kernel, you need to run 
-<command>yes "" | make config &amp;&amp; make dep</command> first because 
-otherwise the patch-o-matic command is likely to fail while setting up
-some dependencies.</para>
+<indexterm zone="iptables iptables-kernel"> 
+  <primary sortas="d-iptables">Iptables</primary>
+</indexterm>
 
-<para>If you are going to patch the kernel, you need to do it before you
-compile <application>iptables</application>, because during the compilation, 
-the kernel source tree is checked (if it is available at <filename
-class="directory">/usr/src/linux-<replaceable>[version]</replaceable>
-</filename>) to see which features are available.  Support will only be compiled
-into <application>iptables</application> for the features recognized at 
-compile-time.  Applying a kernel patch may result in errors, often because the 
-hooks for the patches have changed or because the <command>runme</command> 
-script doesn't recognize that a patch has already been incorporated.</para>
-
-<para>Note that for most people, patching the kernel is unnecessary.
-With the later 2.4.x kernels, most functionality is already available
-and those who need to patch it are generally those who need a specific
-feature; if you don't know why you need to patch the kernel, you're 
-unlikely to need to!</para>
+</para>
 
 <sect3>