Changeset 1aacd4b5


Ignore:
Timestamp:
09/11/2003 07:44:39 PM (18 years ago)
Author:
Larry Lawrence <larry@…>
Branches:
10.0, 10.1, 11.0, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, ken/refactor-virt, krejzi/svn, lazarus, nosym, perl-modules, qt5new, systemd-11177, systemd-13485, trunk, v5_0, v5_0-pre1, v5_1, v5_1-pre1, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
acfc391
Parents:
945f944
Message:

add imlib2 and openquicktime, edited firewalling chapter

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@1047 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
11 added
24 edited

Legend:

Unmodified
Added
Removed
  • appendices/old/old.xml

    r945f944 r1aacd4b5  
    1 <appendix id="appendices-old">
     1<appendix role="dsssl" id="appendices-old">
    22<?dbhtml filename="old.html" dir="appendices"?>
    33<title>Packages which are no longer in the main BLFS Book</title>
  • appendices/symlinks/symlinks.xml

    r945f944 r1aacd4b5  
    1 <appendix id="appendices-symlinks">
     1<appendix role="dsssl" id="appendices-symlinks">
    22<?dbhtml filename="symlinks.html" dir="appendices"?>
    33<title>List of rc?.d symlinks used in LFS/BLFS</title>
  • basicnet/textweb/w3m/w3m-intro.xml

    r945f944 r1aacd4b5  
    1717<sect4><title>Optional</title>
    1818<para><xref linkend="gpm"/>, <xref linkend="openssl"/>, <xref
    19 linkend="imlib"/>, <xref linkend="gdk"/> and <xref
     19linkend="imlib"/>, <xref linkend="imlib2"/>, <xref linkend="gdk"/> and <xref
    2020linkend="compface"/></para></sect4>
    2121</sect3>
  • book/book.ent

    r945f944 r1aacd4b5  
    2323<!ENTITY hints-root "http://hints.linuxfromscratch.org">
    2424<!ENTITY nbsp " ">
     25<!ENTITY publisher "Unknown">
  • general/general.ent

    r945f944 r1aacd4b5  
    5454<!ENTITY % svgalib SYSTEM "graphlib/svgalib/svgalib.ent">
    5555<!ENTITY % directfb SYSTEM "graphlib/directfb/directfb.ent">
     56<!ENTITY % imlib2 SYSTEM "graphlib/imlib2/imlib2.ent">
    5657%lcms;
    5758%libjpeg;
     
    6465%svgalib;
    6566%directfb;
     67%imlib2;
    6668
    6769<!-- General Utilities -->
  • general/graphlib/directfb/directfb-inst.xml

    r945f944 r1aacd4b5  
    22<title>Installation of <application>DirectFB</application></title>
    33
    4 <note><para>
    5 DirectFB needs a Linux kernel with frame buffer support. Check
     4<note><para>DirectFB needs a Linux kernel with frame buffer support. Check
    65the documentation in the kernel tree
    76(<filename class="directory">/usr/src/linux/Documentation/fb/</filename>)
     
    1615make install</command></userinput></screen>
    1716
     17<para>If you decided to add optional image and video providers then you
     18have to install DirectFB-extra package too:</para>
     19
     20<screen><userinput><command>./configure --prefix=/usr &amp;&amp;
     21make &amp;&amp;
     22make install</command></userinput></screen>
     23
    1824</sect2>
  • general/graphlib/directfb/directfb-intro.xml

    r945f944 r1aacd4b5  
    1515</sect3>
    1616
     17<sect3><title>Additional downloads</title>
     18<itemizedlist spacing='compact'>
     19<listitem><para>Optional image and video providers: <ulink
     20url="http://www.directfb.org/download/DirectFB-extra/DirectFB-extra-0.9.16.tar.gz"/>
     21</para></listitem>
     22</itemizedlist></sect3>
     23
    1724<sect3><title><application>DirectFB</application> dependencies</title>
    1825<sect4><title>Required</title>
     
    2128</para></sect4>
    2229<sect4><title>Optional</title>
    23 <para><xref linkend="SDL"/>, <xref linkend="libmpeg3"/> and
    24 <xref linkend="pkgconfig"/></para></sect4>
     30<para><xref linkend="SDL"/>, <xref linkend="libmpeg3"/>
     31<xref linkend="pkgconfig"/>, <xref linkend="imlib2"/>, <xref
     32linkend="openquicktime"/> and <xref linkend="avifile"/>
     33</para></sect4>
    2534</sect3>
    2635
  • general/graphlib/graphlib.xml

    r945f944 r1aacd4b5  
    1818&SVGAlib;
    1919&DirectFB;
     20&imlib2;
    2021
    2122</chapter>
  • index.xml

    r945f944 r1aacd4b5  
    33                        "/usr/share/docbook/docbookx.dtd" [
    44
    5 <!ENTITY version "20030909">
    6 <!ENTITY releasedate "September 9th, 2003">
     5<!ENTITY version "20030911">
     6<!ENTITY releasedate "September 11th, 2003">
    77
    88<!ENTITY % book SYSTEM "book/book.ent">
  • introduction/welcome/changelog.xml

    r945f944 r1aacd4b5  
    1010
    1111<itemizedlist>
     12
     13<listitem><para>September 11th, 2003 [lary]: added imlib2 and
     14openquicktime submitted by Igor.</para></listitem>
     15
     16<listitem><para>September 11th, 2003 [larry]: edited firewalling to
     17conform to the rest of book.  Used 'screen' for kernel settings instead
     18of 'table'. Changed from 'orderlist' to 'itemizedlist'. Converted
     19footnotes to inline notation, except kernel which was inconsistent with
     20the rest of the book.</para></listitem>
    1221
    1322<listitem><para>September 9th, 2003 [larry]: update to esp
  • multimedia/libdriv/libdriv.xml

    r945f944 r1aacd4b5  
    2020&libmpeg3;
    2121&libmad;
     22&openquicktime;
    2223
    2324</chapter>
  • multimedia/multimedia.ent

    r945f944 r1aacd4b5  
    1414<!ENTITY % libmpeg3 SYSTEM "libdriv/libmpeg3/libmpeg3.ent">
    1515<!ENTITY % libmad SYSTEM "libdriv/libmad/libmad.ent">
     16<!ENTITY % openquicktime SYSTEM "libdriv/openquicktime/openquicktime.ent">
    1617%alsa;
    1718<!-- %arts; -->
     
    2425%libmpeg3;
    2526%libmad;
     27%openquicktime;
    2628
    2729<!-- Audio utilities -->
  • postlfs/security/firewalling/busybox.xml

    r945f944 r1aacd4b5  
    2222into the script.
    2323
    24 <screen>iptables -A INPUT       -i ! ppp+                               -j ACCEPT
    25 iptables -A OUTPUT      -o ! ppp+                               -j ACCEPT</screen></para>
     24<screen>iptables -A INPUT  -i ! ppp+  -j ACCEPT
     25iptables -A OUTPUT -o ! ppp+  -j ACCEPT</screen></para>
    2626
    2727<para>If your daemons have to access the web themselves, like squid would need
    2828to, you could open OUTPUT generally and restrict INPUT.
    2929
    30 <screen>iptables -A INPUT       -m state --state ESTABLISHED,RELATED    -j ACCEPT
    31 iptables -A OUTPUT                                              -j ACCEPT</screen></para>
     30<screen>iptables -A INPUT -m state --state ESTABLISHED,RELATED  -j ACCEPT
     31iptables -A OUTPUT                                      -j ACCEPT</screen></para>
    3232
    3333<para>However, it is generally not advisable to leave OUTPUT unrestricted: you lose
     
    4040Which ports you have to open depends on your needs: mostly you will find them
    4141by looking for failed accesses in your log-files.</para>
    42 
    43 <orderedlist numeration="arabic" spacing="compact">
     42<itemizedlist spacing="compact">
     43<!-- <orderedlist numeration="arabic" spacing="compact"> -->
    4444<title>Have a look at the following examples:</title>
    4545
    46 <listitem><para>Squid is caching the web:</para>
    47 <para><screen>iptables -A OUTPUT        -p tcp --dport 80                       -j ACCEPT
    48 iptables -A INPUT       -p tcp --sport 80       -m state --state ESTABLISHED \
    49 &nbsp;&nbsp;&nbsp;-j ACCEPT</screen></para></listitem>
     46<listitem><para>Squid is caching the web:
     47<screen>iptables -A OUTPUT -p tcp --dport 80                              -j ACCEPT
     48iptables -A INPUT  -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT</screen></para></listitem>
    5049
    5150<listitem><para>Your caching name server (e.g., dnscache) does its
    52 lookups via udp:</para>
    53 <para><screen>iptables -A OUTPUT        -p udp --dport 53                       -j ACCEPT
    54 iptables -A INPUT       -p udp --sport 53       -m state --state ESTABLISHED \
    55 &nbsp;&nbsp;&nbsp;-j ACCEPT</screen></para></listitem>
     51lookups via udp:
     52<screen>iptables -A OUTPUT -p udp --dport 53                              -j ACCEPT
     53iptables -A INPUT  -p udp --sport 53 -m state --state ESTABLISHED -j ACCEPT</screen></para></listitem>
    5654
    5755<listitem><para>Alternatively, if you want to be able to ping your box to ensure
    58 it's still alive:</para>
    59 <para><screen>iptables -A INPUT -p icmp -m icmp --icmp-type echo-request        \
    60 &nbsp;&nbsp;&nbsp;-j ACCEPT
    61 iptables -A OUTPUT      -p icmp -m icmp --icmp-type echo-reply  -j ACCEPT</screen></para></listitem>
     56it's still alive:
     57<screen>iptables -A INPUT  -p icmp -m icmp --icmp-type echo-request -j ACCEPT
     58iptables -A OUTPUT -p icmp -m icmp --icmp-type echo-reply   -j ACCEPT</screen></para></listitem>
    6259
    6360<listitem><para><anchor id='postlfs-security-fw-BB-4' xreflabel="example no. 4"/>If you are
     
    6966
    7067<para>To avoid these delays you could reject the requests
    71 with a 'tcp-reset':</para>
     68with a 'tcp-reset':
    7269
    73 <para><screen>iptables -A INPUT -p tcp --dport 113                      -j REJECT \
    74 &nbsp;&nbsp;&nbsp;--reject-with tcp-reset
    75 iptables -A OUTPUT      -p tcp --sport 113      -m state --state RELATED \
    76 &nbsp;&nbsp;&nbsp;-j ACCEPT</screen></para></listitem>
     70<screen>iptables -A INPUT  -p tcp --dport 113 -j REJECT --reject-with tcp-reset
     71iptables -A OUTPUT -p tcp --sport 113 -m state --state RELATED -j ACCEPT</screen></para></listitem>
    7772
    7873<listitem><para>To log and drop invalid packets, mostly harmless packets
    79 that came in after netfilter's timeout, sometimes scans:</para>
     74that came in after netfilter's timeout, sometimes scans:
    8075
    81 <para><screen>iptables -I INPUT 1       -p tcp  -m state --state INVALID        -j LOG \
    82 &nbsp;&nbsp;&nbsp;--log-prefix "FIREWALL:INVALID"
    83 iptables -I INPUT 2     -p tcp  -m state --state INVALID        -j DROP</screen></para></listitem>
     76<screen>iptables -I INPUT 1 -p tcp -m state --state INVALID -j LOG --log-prefix \
     77"FIREWALL:INVALID"
     78iptables -I INPUT 2 -p tcp -m state --state INVALID -j DROP</screen></para></listitem>
    8479
    8580<listitem><para>Anything coming from the outside should not have a
    86 private address, this is a common attack called IP-spoofing:</para>
     81private address, this is a common attack called IP-spoofing:
    8782
    88 <para><screen>iptables -t nat -A PREROUTING     -i ppp+ -s 10.0.0.0/8           -j DROP
    89 iptables -t nat -A PREROUTING   -i ppp+ -s 172.16.0.0/12        -j DROP
    90 iptables -t nat -A PREROUTING   -i ppp+ -s 192.168.0.0/16       -j DROP</screen></para></listitem>
     83<screen>iptables -t nat -A PREROUTING -i ppp+ -s 10.0.0.0/8     -j DROP
     84iptables -t nat -A PREROUTING -i ppp+ -s 172.16.0.0/12  -j DROP
     85iptables -t nat -A PREROUTING -i ppp+ -s 192.168.0.0/16 -j
     86DROP</screen></para></listitem>
    9187
    9288<listitem><para>To simplify debugging and be fair to anyone who'd like to
     
    9591
    9692<para>Obviously this must be done directly after logging as the very
    97 last lines before the packets are dropped by policy:</para>
     93last lines before the packets are dropped by policy:
    9894
    99 <para><screen>iptables -A INPUT                                         -j REJECT
    100 iptables -A OUTPUT              -p icmp --icmp-type 3           -j ACCEPT</screen></para></listitem>
    101 
    102 </orderedlist>
     95<screen>iptables -A INPUT                        -j REJECT
     96iptables -A OUTPUT -p icmp --icmp-type 3 -j ACCEPT</screen></para></listitem>
     97</itemizedlist>
     98<!--</orderedlist>-->
    10399
    104100<para>These are only examples to show you some of the capabilities of the new
     
    106102iptables.
    107103There you will find more of them. The port-numbers you'll need for this
    108 can be found in /etc/services, in case you didn't find them via "try'n'error"
    109 in your logfile.</para>
     104can be found in <filename>/etc/services</filename>, in case you didn't
     105find them by trial and error in your logfile.</para>
    110106
    111107<para>If you add any of your offered or accessed services such as the above,
  • postlfs/security/firewalling/disclaimer.xml

    r945f944 r1aacd4b5  
    22<title>Disclaimer</title>
    33
    4 <para><emphasis>NEITHER THE AUTHOR NOR ANY OF THE LINUXFROMSCRATCH TEAM
     4<!-- <para><emphasis>NEITHER THE AUTHOR NOR ANY OF THE LINUXFROMSCRATCH TEAM
    55ARE RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THIS
    6 DOCUMENT.</emphasis></para>
     6DOCUMENT.</emphasis></para> -->
    77
    88<para>This document is meant as an introduction to how to setup a
  • postlfs/security/firewalling/finale.xml

    r945f944 r1aacd4b5  
    11<sect2 id="postlfs-security-fw-finale" xreflabel="Conclusion">
    2 <title>Editor's Note</title>
     2<title>Conclusion</title>
    33
    44<para>Finally, I'd like to remind you of one fact we must not forget:
     
    99need of this hint!</para>
    1010
    11 <para><literallayout>Be cautious!
     11<!-- <para><literallayout>Be cautious!
    1212
    1313    Henning Rohde
     
    1919
    2020<para>PPS: If any of these scripts fail, please tell me. I will try to trace
    21 any faults.</para>
     21any faults.</para> -->
    2222
    2323</sect2>
  • postlfs/security/firewalling/intro.xml

    r945f944 r1aacd4b5  
    5050should generally have only one role, that of protecting the intranet.
    5151Although not completely riskless, the tasks of doing the routing
    52 and eventually IP masquerading<footnote><para>rewriting IP-headers
     52and eventually IP masquerading (rewriting IP-headers
    5353of the packets it routes from clients with private IP-addresses onto
    5454the internet so that they seem to come from the firewall
    55 itself</para></footnote> are commonly considered harmless.</para></sect3>
     55itself) are commonly considered harmless.</para></sect3>
    5656
    5757<sect3><title><xref linkend="postlfs-security-fw-busybox"/></title>
  • postlfs/security/firewalling/kernel.xml

    r945f944 r1aacd4b5  
    44<para>If you want your Linux-Box to do firewalling you must first ensure
    55that your kernel has been compiled with the relevant options turned on
    6 <footnote><para>If you needed assistance howto configure, compile and install
     6<!-- <footnote><para>If you needed assistance howto configure, compile and install
    77a new kernel, refer back to chapter VIII of the LinuxFromScratch book,
    88<ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/kernel.html">Installing a kernel</ulink>
     
    1010<ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/lilo.html">Making the LFS system bootable</ulink>
    1111; note, that you'll need to reboot
    12 to actually run your new kernel.</para></footnote>.</para>
     12to actually run your new kernel.</para></footnote>-->.</para>
    1313
    1414<para>How to configure your kernel, with enabling the options to be
     
    1717that the modules need to be loaded at first.</para>
    1818
     19<screen>Network options menu
     20  Network paket filtering:                          Y
     21  Unix domain sockets:                         Y or M
     22  TCP/IP networking:                                Y
     23  IP: advanced router:                              Y
     24  IP: verbose route monitoring:                     Y
     25  IP: TCP Explicit Congestion Notification support: Y
     26  IP: TCP syncookie support:                        Y
     27  IP: Netfilter Configuration menu
     28    Every option except:
     29      ipchains (2.2-style) support
     30      ipfwadm (2.0-style) support              Y or M
     31  Fast switching:                                   N</screen>
     32
     33<!--
    1934<table frame='none'>
    2035<title>Essential config-options for a firewalling-enabled Kernel</title>
     
    116131</tgroup>
    117132
    118 </table>
     133</table> -->
    119134
    120135</sect2>
  • postlfs/security/firewalling/library.xml

    r945f944 r1aacd4b5  
    66<ulink url="http://www.netfilter.org/documentation/FAQ/netfilter-faq.html">FAQ</ulink>
    77<ulink url="http://www.netfilter.org/documentation/index.html#HOWTO">List of Netfilter-related HOWTO's</ulink>
    8 <ulink url="http://www.linuxdoc.org/LDP/nag2/x-087-2-firewall.html"></ulink>
     8<ulink url="http://www.linuxdoc.org/LDP/nag2/x-087-2-firewall.html"/>
    99<ulink url="http://www.linuxdoc.org/HOWTO/Security-HOWTO.html"></ulink>
    1010<ulink url="http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html"></ulink>
  • postlfs/security/firewalling/masqrouter.xml

    r945f944 r1aacd4b5  
    77make sure that there are no servers running on it, especially not X11 et
    88al.  And, as a general principle, the box itself should not access any untrusted
    9 service<footnote><para>Think of a name server giving answers that make your
     9service (Think of a name server giving answers that make your
    1010bind crash, or, even worse, that implement a worm via a
    11 buffer-overflow.</para></footnote>.</para>
     11buffer-overflow).</para>
    1212
    13 <para><screen><userinput>cat &gt; /etc/rc.d/init.d/firewall &lt;&lt; "EOF"</userinput>
     13<screen><userinput><command>cat &gt; /etc/rc.d/init.d/firewall &lt;&lt; "EOF"</command>
    1414#!/bin/sh
    1515
     
    7878# activate IP-Forwarding
    7979echo 1 &gt; /proc/sys/net/ipv4/ip_forward
    80 <userinput>EOF</userinput></screen></para>
     80<command>EOF</command></userinput></screen>
    8181
    8282<para>With this script your intranet should be sufficiently
  • postlfs/security/firewalling/persfw.xml

    r945f944 r1aacd4b5  
    10102.4 Packet Filtering HOWTO</ulink>:</para>
    1111
    12 <para><screen><userinput>cat &gt; /etc/rc.d/init.d/firewall &lt;&lt; "EOF"</userinput>
     12<screen><userinput><command>cat &gt; /etc/rc.d/init.d/firewall &lt;&lt; "EOF"</command>
    1313#!/bin/sh
    1414
     
    4747
    4848# End $rc_base/init.d/firewall
    49 <userinput>EOF</userinput></screen></para>
     49<command>EOF</command></userinput></screen>
    5050
    5151<para>His script is quite simple, it drops all traffic coming in into your
  • postlfs/security/firewalling/status.xml

    r945f944 r1aacd4b5  
    55the order in which the rules take effect:</para>
    66
    7 <para><screen><userinput>cat &gt; /etc/rc.d/init.d/firewall.status &lt;&lt; "EOF"</userinput>
     7<screen><userinput><command>cat &gt; /etc/rc.d/init.d/firewall.status &lt;&lt; "EOF"</command>
    88#!/bin/sh
    99
     
    2020echo "iptables.filter:"
    2121iptables            -v -L -n --line-numbers
    22 <userinput>EOF</userinput></screen></para>
     22<command>EOF</command></userinput></screen>
    2323</sect3>
  • postlfs/security/firewalling/stop.xml

    r945f944 r1aacd4b5  
    44<para>If you need to turn firewalling off, this script will do it:</para>
    55
    6 <para><screen><userinput>cat &gt; /etc/rc.d/init.d/firewall.stop &lt;&lt; "EOF"</userinput>
     6<screen><userinput><command>cat &gt; /etc/rc.d/init.d/firewall.stop &lt;&lt; "EOF"</command>
    77#!/bin/sh
    88
     
    2323iptables -P FORWARD     ACCEPT
    2424iptables -P OUTPUT      ACCEPT
    25 <userinput>EOF</userinput></screen></para>
     25<command>EOF</command></userinput></screen>
    2626
    2727</sect3>
  • pst/printing/espgs.xml

    r945f944 r1aacd4b5  
    1 <sect1 id="espgs" xreflabel="GhostScript-&espgs-version;">
     1<sect1 id="espgs" xreflabel="ESP GhostScript-&espgs-version;">
    22<?dbhtml filename="espgs.html" dir="pst"?>
    33<title>ESP Ghostscript-&espgs-version;</title>
  • pst/printing/gs.xml

    r945f944 r1aacd4b5  
    1 <sect1 id="gs" xreflabel="GhostScript-&gs-version;">
     1<sect1 id="gs" xreflabel="AFPL GhostScript-&gs-version;">
    22<?dbhtml filename="gs.html" dir="pst"?>
    33<title>AFPL Ghostscript-&gs-version;</title>
Note: See TracChangeset for help on using the changeset viewer.