Changeset b4b71892 for postlfs/security/iptables.xml
- Timestamp:
- 06/10/2004 05:47:11 AM (20 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- cf43c83
- Parents:
- f8d632a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/iptables.xml
rf8d632a rb4b71892 1 <?xml version="1.0" encoding="ISO-8859-1"?> 2 <!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" 3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [ 4 <!ENTITY % general-entities SYSTEM "../../general.ent"> 5 %general-entities; 6 7 <!ENTITY iptables-download-http "http://www.iptables.org/files/iptables-&iptables-version;.tar.bz2"> 8 <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2"> 9 <!ENTITY iptables-size "183 KB"> 10 <!ENTITY iptables-buildsize "3.4 MB"> 11 <!ENTITY iptables-time "0.13 SBU"> 12 ]> 13 1 14 <sect1 id="postlfs-security-iptables"> 2 15 <?dbhtml filename="iptables.html"?> 3 16 <title>iptables-&iptables-version;</title> 4 17 5 <para>The next part of this chapter deals with firewalls. The 6 principlefirewall tool for Linux, as of the 2.4 kernel series, is18 <para>The next part of this chapter deals with firewalls. The principle 19 firewall tool for Linux, as of the 2.4 kernel series, is 7 20 <application>iptables</application>. It replaces 8 21 <application>ipchains</application> from the 2.2 series and 9 <application>ipfwadm</application> from the 10 2.0 series. You will need to install <application>iptables</application> if 11 you intend on using any form ofa firewall.</para>22 <application>ipfwadm</application> from the 2.0 series. You will need to 23 install <application>iptables</application> if you intend on using any form of 24 a firewall.</para> 12 25 13 &iptables-intro; 14 &iptables-inst; 15 &iptables-exp; 16 &iptables-desc; 26 <sect2> 27 <title>Introduction to <application>iptables</application></title> 28 29 <para>To use a firewall, as well as installing 30 <application>iptables</application>, you will need 31 to configure the relevant options into your kernel. This is discussed 32 in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para> 33 34 <para>If you intend to use <acronym>IP</acronym>v6 you might consider extending 35 the kernel by running <command>make patch-o-matic</command> in the top-level 36 directory of the sources of <application>iptables</application>. If you are 37 going to do this, on a freshly untarred kernel, you need to run 38 <command>yes "" | make config && make dep</command> first because 39 otherwise the patch-o-matic command is likely to fail while setting up 40 some dependencies.</para> 41 42 <para>If you are going to patch the kernel, you need to do it before you 43 compile <application>iptables</application>, because during the compilation, 44 the kernel source tree is checked (if it is available at <filename 45 class="directory">/usr/src/linux-<replaceable>[version]</replaceable> 46 </filename>) to see which features are available. Support will only be compiled 47 into <application>iptables</application> for the features recognized at 48 compile-time. Applying a kernel patch may result in errors, often because the 49 hooks for the patches have changed or because the runme script doesn't 50 recognize that a patch has already been incorporated.</para> 51 52 <para>Note that for most people, patching the kernel is unnecessary. 53 With the later 2.4.x kernels, most functionality is already available 54 and those who need to patch it are generally those who need a specific 55 feature; if you don't know why you need to patch the kernel, you're 56 unlikely to need to!</para> 57 58 <sect3><title>Package information</title> 59 <itemizedlist spacing='compact'> 60 <listitem><para>Download (HTTP): <ulink 61 url="&iptables-download-http;"/></para></listitem> 62 <listitem><para>Download (FTP): <ulink 63 url="&iptables-download-ftp;"/></para></listitem> 64 <listitem><para>Download size: &iptables-size;</para></listitem> 65 <listitem><para>Estimated Disk space required: 66 &iptables-buildsize;</para></listitem> 67 <listitem><para>Estimated build time: 68 &iptables-time;</para></listitem></itemizedlist> 69 </sect3> 70 71 </sect2> 72 73 74 <sect2> 75 <title>Installation of <application>iptables</application></title> 76 77 <para>Install <application>iptables</application> by running the following commands:</para> 78 79 <screen><userinput><command>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin && 80 make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install</command></userinput></screen> 81 82 </sect2> 83 84 85 <sect2> 86 <title>Command explanations</title> 87 88 <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>: Compiles and installs 89 <application>iptables</application> libraries into <filename 90 class="directory">/lib</filename>, binaries into <filename 91 class="directory">/sbin</filename> and the remainder into the 92 <filename class="directory">/usr</filename> hierarchy instead of 93 <filename class="directory">/usr/local</filename>. Firewalls are 94 generally set during the boot process and <filename 95 class="directory">/usr</filename> may not be mounted at that time.</para> 96 97 </sect2> 98 99 <sect2> 100 <title>Contents</title> 101 102 <para>The <application>iptables</application> package contains <command>iptables</command>, 103 <command>iptables-restore</command>, <command>iptables-save</command>, 104 <command>ip6tables</command> and some libraries.</para> 105 106 </sect2> 107 108 <sect2><title>Description</title> 109 110 <sect3><title>iptables</title> 111 <para><command>iptables</command> is used to set up, maintain, and inspect the 112 tables of <acronym>IP</acronym> packet filter rules in the Linux kernel.</para> 113 </sect3> 114 115 <sect3><title>iptables-restore, iptables-save</title> 116 <para>These are used to save and to restore your elaborated set of chains and 117 rules. Until <application>iptables</application>-1.2.5, they were declared 118 experimental.</para> 119 </sect3> 120 121 <sect3 id="ip6tables" xreflabel="ip6tables"><title>ip6tables</title> 122 <para>This is the same as <command>iptables</command> but for use with 123 <acronym>IP</acronym>v6. As of v1.2.5, it is not as complete as the standard 124 <acronym>IP</acronym>v4 version, especially with regard to some of the modules.</para> 125 </sect3> 126 127 <sect3><title>libip*.so</title> 128 <para>These are various modules (implemented as dynamic libraries) which 129 extend the core functionality of <command>iptables</command>.</para> 130 </sect3> 131 132 </sect2> 17 133 18 134 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.