Changeset 71072bbe

Timestamp:

05/14/2005 11:01:30 AM (19 years ago)

Author:

Manuel Canales Esparcia <manuel@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

c7eb655

Parents:

3493b1f

Message:

Tagged iptables.xml

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@4201 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• postlfs/security/iptables.xml (modified) (1 diff)

postlfs/security/iptables.xml

@@ -14 +14 @@
 
 <sect1 id="iptables" xreflabel="iptables-&iptables-version;">
-<sect1info>
-<othername>$LastChangedBy$</othername>
-<date>$Date$</date>
-</sect1info>
-<?dbhtml filename="iptables.html"?>
-<title>iptables-&iptables-version;</title>
-
-<indexterm zone="iptables">
-  <primary sortas="a-Iptables">Iptables</primary>
-</indexterm>
-
-<para>The next part of this chapter deals with firewalls.  The principal
-firewall tool for Linux, as of the 2.4 kernel series, is
-<application>iptables</application>.  It replaces
-<application>ipchains</application> from the 2.2 series and
-<application>ipfwadm</application> from the 2.0 series. You will need to
-install <application>iptables</application> if you intend on using any form of
-a firewall.</para>
-
-<sect2 id='iptables-kernel'>
-<title>Introduction to <application>iptables</application></title>
-
-<para>A firewall in Linux is accomplished through a portion of the kernel
-called netfilter.  The interface to netfilter is <application>iptables</application>.
-To use it, the appropriate kernel configuration parameters are found in 
-Device Drivers -&gt; Networking Support -&gt; Networking Options -&gt; 
-Network Packet Filtering -&gt; IP: Netfilter Configuration.
-
-<indexterm zone="iptables iptables-kernel"> 
-  <primary sortas="d-iptables">Iptables</primary>
-</indexterm>
-
-</para>
-
-<sect3>
-<title>Package information</title>
-<itemizedlist spacing='compact'>
-  <listitem><para>Download (HTTP): <ulink url="&iptables-download-http;"/></para></listitem>
-  <listitem><para>Download (FTP): <ulink url="&iptables-download-ftp;"/></para></listitem>
-  <listitem><para>Download MD5 sum: &iptables-md5sum;</para></listitem>
-  <listitem><para>Download size: &iptables-size;</para></listitem>
-  <listitem><para>Estimated disk space required: &iptables-buildsize;</para></listitem>
-  <listitem><para>Estimated build time: &iptables-time;</para></listitem>
-</itemizedlist>
-</sect3>
+  <?dbhtml filename="iptables.html"?>
+
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+
+  <title>Iptables-&iptables-version;</title>
+
+  <indexterm zone="iptables">
+    <primary sortas="a-Iptables">Iptables</primary>
+  </indexterm>
+
+  <sect2 role="package">
+    <title>Introduction to Iptables</title>
+
+  <para>The next part of this chapter deals with firewalls.  The principal
+  firewall tool for Linux, as of the 2.4 kernel series, is
+  <application>iptables</application>.  It replaces
+  <application>ipchains</application> from the 2.2 series and
+  <application>ipfwadm</application> from the 2.0 series. You will need to
+  install <application>iptables</application> if you intend on using any
+  form of a firewall.</para>
+
+    <bridgehead renderas="sect3">Package Information</bridgehead>
+    <itemizedlist spacing="compact">
+      <listitem>
+        <para>Download (HTTP): <ulink url="&iptables-download-http;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download (FTP): <ulink url="&iptables-download-ftp;"/></para>
+      </listitem>
+      <listitem>
+        <para>Download MD5 sum: &iptables-md5sum;</para>
+      </listitem>
+      <listitem>
+        <para>Download size: &iptables-size;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated disk space required: &iptables-buildsize;</para>
+      </listitem>
+      <listitem>
+        <para>Estimated build time: &iptables-time;</para>
+      </listitem>
+    </itemizedlist>
 
 </sect2>
 
-<sect2>
-<title>Installation of <application>iptables</application></title>
-
-<note>
-  <para>Installation of <application>iptables</application> will fail if raw
-  kernel headers are found in <filename class='directory'>/usr/src/linux</filename> 
-  either as actual files or a symlink.  As of the Linux 2.6 kernel series, 
-  this directory should no longer exist because appropriate headers were installed 
-  in the linux-libc-headers package during the base <acronym>LFS</acronym> installation.  
-  </para>
-
-  <para>For some non-x86 architectures, the raw kernel headers may be required.
-  In that case, add the environment variable KERNEL_DIR=/usr/src/linux to the
-  make commands below.</para>
-</note>
-
-<para>Install <application>iptables</application> by running the following 
-commands:</para>
-
-<screen><userinput><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</command></userinput></screen>
-
-<para>Now, as the root user:</para>
-
-<screen><userinput role='root'><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install</command></userinput></screen>
-
-</sect2>
-
-<sect2>
-<title>Command explanations</title>
-
-<para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles 
-and installs <application>iptables</application> libraries into 
-<filename class="directory">/lib</filename>, binaries into 
-<filename class="directory">/sbin</filename> and the remainder into the 
-<filename class="directory">/usr</filename> hierarchy instead of 
-<filename class="directory">/usr/local</filename>. Firewalls are
-generally activated during the boot process and 
-<filename class="directory">/usr</filename> may not be mounted at that 
-time.</para>
-
-</sect2>
-
-<sect2>
-<title>Installing the iptables bootscript</title>
-
-<para id="iptables-init">To set up the iptables firewall at boot, install the
-<filename>/etc/rc.d/init.d/iptables</filename> init script included in the
-<xref linkend="intro-important-bootscripts"/> package.</para>
-
-<indexterm zone="iptables iptables-init">
-  <primary sortas="f-iptables">iptables</primary>
-</indexterm>
- 
-<screen><userinput role='root'><command>make install-iptables</command></userinput></screen>
-  
-<para>Introductory instructions for configuring your firewall are presented
-in the next section: <xref linkend='fw-firewall'/> </para> 
-
-</sect2>
-
-
-<sect2>
-<title>Contents</title>
-
-<segmentedlist>
-<segtitle>Installed Programs</segtitle>
-<segtitle>Installed Libraries</segtitle>
-<segtitle>Installed Directory</segtitle>
-
-<seglistitem>
-<seg>iptables, iptables-restore, iptables-save and ip6tables</seg>
-<seg>libip6t_*.so and libipt_*.so</seg>
-<seg>/lib/iptables</seg>
-</seglistitem>
-</segmentedlist>
-
-<variablelist>
-<bridgehead renderas="sect3">Short Descriptions</bridgehead>
-<?dbfo list-presentation="list"?>
-
-<varlistentry id="iptables-prog">
-  <term><command>iptables</command></term>
-  <listitem><para>is used to set up, maintain, and inspect the tables of 
-    <acronym>IP</acronym> packet filter rules in the Linux kernel.</para>
-    <indexterm zone="iptables iptables-prog">
-      <primary sortas="b-iptables">iptables</primary>
+  <sect2 role="kernel" id='iptables-kernel'>
+    <title>Kernel Configuration</title>
+
+    <para>A firewall in Linux is accomplished through a portion of the
+    kernel called netfilter. The interface to netfilter is
+    <application>iptables</application>. To use it, the appropriate
+    kernel configuration parameters are found in Device Drivers -&gt;
+    Networking Support -&gt; Networking Options -&gt;
+    Network Packet Filtering -&gt; IP: Netfilter Configuration.</para>
+
+    <indexterm zone="iptables iptables-kernel">
+      <primary sortas="d-iptables">Iptables</primary>
     </indexterm>
-  </listitem>
-</varlistentry>
-
-<varlistentry id="iptables-restore">
-  <term><command>iptables-restore</command></term>
-  <listitem><para>is used to restore <acronym>IP</acronym> Tables from data 
-    specified on <acronym>STDIN</acronym>. Use I/O redirection provided by your 
-    shell to read from a file.</para>
-    <indexterm zone="iptables iptables-restore">
-      <primary sortas="b-iptables-restore">iptables-restore</primary>
-    </indexterm>
-  </listitem>
-</varlistentry>
-
-<varlistentry id="iptables-save">
-  <term><command>iptables-save</command></term>
-  <listitem><para>is used to dump the contents of an <acronym>IP</acronym> Table 
-    in easily parseable format to <acronym>STDOUT</acronym>. Use I/O-redirection 
-    provided by your shell to write to a file.</para>
-    <indexterm zone="iptables iptables-save">
-      <primary sortas="b-iptables-save">iptables-save</primary>
-    </indexterm>
-  </listitem>
-</varlistentry>
-
-<varlistentry id="ip6tables">
-  <term><command>ip6tables</command></term>
-  <listitem><para>is used to set up, maintain, and inspect the tables of 
-    <acronym>IP</acronym>v6 packet filter rules in the Linux kernel. Several 
-    different tables may be defined. Each table contains a number of built-in 
-    chains and may also contain user-defined chains.</para>
-    <indexterm zone="iptables ip6tables">
-      <primary sortas="b-ip6tables">ip6tables</primary>
-    </indexterm>
-  </listitem>
-</varlistentry>
-
-<varlistentry id="libip-iptables">
-  <term><filename class='libraryfile'>libip*.so</filename></term>
-  <listitem><para>library modules are various modules (implemented as dynamic 
-    libraries) which extend the core functionality of 
-    <command>iptables</command>.</para>
-    <indexterm zone="iptables libip-iptables">
-      <primary sortas="c-libip-iptables">libip*.so</primary>
-    </indexterm>
-  </listitem>
-</varlistentry>
-
-</variablelist>
-</sect2>
+
+  </sect2>
+
+    <sect2 role="installation">
+      <title>Installation of Iptables</title>
+
+    <note>
+      <para>Installation of <application>iptables</application> will fail
+      if raw kernel headers are found in <filename
+      class='directory'>/usr/src/linux</filename> either as actual files
+      or a symlink.  As of the Linux 2.6 kernel series, this directory
+      should no longer exist because appropriate headers were installed
+      in the linux-libc-headers package during the base LFS installation.</para>
+
+      <para>For some non-x86 architectures, the raw kernel headers may be
+      required. In that case, add the environment variable
+      <envar>KERNEL_DIR=/usr/src/linux</envar> to the make commands below.</para>
+    </note>
+
+    <para>Install <application>iptables</application> by running the following
+    commands:</para>
+
+<screen><userinput>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</userinput></screen>
+
+    <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install</userinput></screen>
+
+  </sect2>
+
+  <sect2 role="commands">
+    <title>Command Explanations</title>
+
+    <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>:
+    Compiles and installs <application>iptables</application> libraries
+    into <filename class="directory">/lib</filename>, binaries into
+    <filename class="directory">/sbin</filename> and the remainder into
+    the <filename class="directory">/usr</filename> hierarchy instead of
+    <filename class="directory">/usr/local</filename>. Firewalls are
+    generally activated during the boot process and
+    <filename class="directory">/usr</filename> may not be mounted at
+    that time.</para>
+
+  </sect2>
+
+  <sect2 role="configuration">
+    <title>Configuring Iptables</title>
+
+    <para>Introductory instructions for configuring your firewall are
+    presented in the next section: <xref linkend='fw-firewall'/></para>
+
+    <sect3  id="iptables-init">
+      <title>Boot Script</title>
+
+      <para>To set up the iptables firewall at boot, install the
+      <filename>/etc/rc.d/init.d/iptables</filename> init script included
+      in the <xref linkend="intro-important-bootscripts"/> package.</para>
+
+      <indexterm zone="iptables iptables-init">
+        <primary sortas="f-iptables">iptables</primary>
+      </indexterm>
+
+<screen role="root"><userinput>make install-iptables</userinput></screen>
+
+    </sect3>
+
+  </sect2>
+
+  <sect2 role="content">
+    <title>Contents</title>
+
+    <segmentedlist>
+      <segtitle>Installed Programs</segtitle>
+      <segtitle>Installed Libraries</segtitle>
+      <segtitle>Installed Directory</segtitle>
+
+      <seglistitem>
+        <seg>iptables, iptables-restore, iptables-save and ip6tables</seg>
+        <seg>libip6t_*.so and libipt_*.so</seg>
+        <seg>/lib/iptables</seg>
+      </seglistitem>
+    </segmentedlist>
+
+    <variablelist>
+      <bridgehead renderas="sect3">Short Descriptions</bridgehead>
+      <?dbfo list-presentation="list"?>
+      <?dbhtml list-presentation="table"?>
+
+      <varlistentry id="iptables-prog">
+        <term><command>iptables</command></term>
+        <listitem>
+          <para>is used to set up, maintain, and inspect the tables of
+          IP packet filter rules in the Linux kernel.</para>
+          <indexterm zone="iptables iptables-prog">
+            <primary sortas="b-iptables">iptables</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="iptables-restore">
+        <term><command>iptables-restore</command></term>
+        <listitem>
+          <para>is used to restore IP Tables from data
+          specified on STDIN. Use I/O redirection provided by your
+          shell to read from a file.</para>
+          <indexterm zone="iptables iptables-restore">
+            <primary sortas="b-iptables-restore">iptables-restore</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="iptables-save">
+        <term><command>iptables-save</command></term>
+        <listitem>
+          <para>is used to dump the contents of an IP Table
+          in easily parseable format to STDOUT. Use I/O-redirection
+          provided by your shell to write to a file.</para>
+          <indexterm zone="iptables iptables-save">
+            <primary sortas="b-iptables-save">iptables-save</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="ip6tables">
+        <term><command>ip6tables</command></term>
+        <listitem>
+          <para>is used to set up, maintain, and inspect the tables of
+          IPv6 packet filter rules in the Linux kernel. Several different
+          tables may be defined. Each table contains a number of built-in
+          chains and may also contain user-defined chains.</para>
+          <indexterm zone="iptables ip6tables">
+            <primary sortas="b-ip6tables">ip6tables</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry id="libip-iptables">
+        <term><filename class='libraryfile'>libip*.so</filename></term>
+        <listitem>
+          <para>library modules are various modules (implemented as dynamic
+          libraries) which extend the core functionality of
+          <command>iptables</command>.</para>
+          <indexterm zone="iptables libip-iptables">
+            <primary sortas="c-libip-iptables">libip*.so</primary>
+          </indexterm>
+        </listitem>
+      </varlistentry>
+
+    </variablelist>
+
+  </sect2>
+
 </sect1>