Changeset 2197589 for postlfs/security/iptables.xml
- Timestamp:
- 06/30/2004 09:20:29 PM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- e40cb61
- Parents:
- f3e295d5
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/iptables.xml
rf3e295d5 r2197589 7 7 <!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2"> 8 8 <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2"> 9 <!ENTITY iptables-size "1 83KB">10 <!ENTITY iptables-buildsize " 3.4 MB">9 <!ENTITY iptables-size "157 KB"> 10 <!ENTITY iptables-buildsize "4.4 MB"> 11 11 <!ENTITY iptables-time "0.13 SBU"> 12 12 ]> … … 30 30 <application>iptables</application>, you will need 31 31 to configure the relevant options into your kernel. This is discussed 32 in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para> 32 in the next part of this chapter – 33 <xref linkend="postlfs-security-fw-kernel"/>.</para> 33 34 34 35 <para>If you intend to use <acronym>IP</acronym>v6 you might consider extending 35 36 the kernel by running <command>make patch-o-matic</command> in the top-level 36 directory of the sourcesof <application>iptables</application>. If you are37 source tree directory of <application>iptables</application>. If you are 37 38 going to do this, on a freshly untarred kernel, you need to run 38 39 <command>yes "" | make config && make dep</command> first because … … 47 48 into <application>iptables</application> for the features recognized at 48 49 compile-time. Applying a kernel patch may result in errors, often because the 49 hooks for the patches have changed or because the runme script doesn't50 recognize that a patch has already been incorporated.</para>50 hooks for the patches have changed or because the <command>runme</command> 51 script doesn't recognize that a patch has already been incorporated.</para> 51 52 52 53 <para>Note that for most people, patching the kernel is unnecessary. … … 71 72 </sect2> 72 73 73 74 74 <sect2> 75 75 <title>Installation of <application>iptables</application></title> 76 76 77 <para>Install <application>iptables</application> by running the following commands:</para> 77 <para>Install <application>iptables</application> by running the following 78 commands:</para> 78 79 79 80 <screen><userinput><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin && … … 82 83 </sect2> 83 84 84 85 85 <sect2> 86 86 <title>Command explanations</title> 87 87 88 <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles and installs89 <application>iptables</application> libraries into <filename 90 class="directory">/lib</filename>, binaries into <filename 91 class="directory">/sbin</filename> and the remainder into the88 <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles 89 and installs <application>iptables</application> libraries into 90 <filename class="directory">/lib</filename>, binaries into 91 <filename class="directory">/sbin</filename> and the remainder into the 92 92 <filename class="directory">/usr</filename> hierarchy instead of 93 93 <filename class="directory">/usr/local</filename>. Firewalls are 94 generally set during the boot process and <filename 95 class="directory">/usr</filename> may not be mounted at that time.</para> 94 generally activated during the boot process and 95 <filename class="directory">/usr</filename> may not be mounted at that 96 time.</para> 96 97 97 98 </sect2> … … 100 101 <title>Contents</title> 101 102 102 <para>The <application>iptables</application> package contains <command>iptables</command>, 103 <command>iptables-restore</command>, <command>iptables-save</command>, 104 <command>ip6tables</command> and some libraries.</para> 103 <para>The <application>iptables</application> package contains 104 <command>iptables</command>, <command>iptables-restore</command>, 105 <command>iptables-save</command>, <command>ip6tables</command> 106 and the <filename class='libraryfile'>libip*.so</filename> library 107 modules.</para> 105 108 106 109 </sect2> … … 122 125 <para>This is the same as <command>iptables</command> but for use with 123 126 <acronym>IP</acronym>v6. As of v1.2.5, it is not as complete as the standard 124 <acronym>IP</acronym>v4 version, especially with regard to some of the modules.</para> 127 <acronym>IP</acronym>v4 version, especially with regard to some of the 128 modules.</para> 125 129 </sect3> 126 130 127 <sect3><title>libip*.so </title>131 <sect3><title>libip*.so library modules</title> 128 132 <para>These are various modules (implemented as dynamic libraries) which 129 133 extend the core functionality of <command>iptables</command>.</para>
Note:
See TracChangeset
for help on using the changeset viewer.