- Timestamp:
- 03/06/2010 11:42:24 PM (14 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 0e5a229a
- Parents:
- d20c871
- Location:
- postlfs
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/config/devices.xml
rd20c871 rbf157fc2 79 79 If a package maintainer forgot to write a rule for your device, 80 80 report a bug to both BLFS (if the package is there) and upstream, and 81 y pu will need ot write your own rule.</para>81 you will need ot write your own rule.</para> 82 82 83 83 <para>There is one situation when such fine-grained access control with -
postlfs/security/iptables.xml
rd20c871 rbf157fc2 7 7 <!ENTITY iptables-download-http "http://www.netfilter.org/projects/iptables/files/iptables-&iptables-version;.tar.bz2"> 8 8 <!ENTITY iptables-download-ftp "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2"> 9 <!ENTITY iptables-md5sum " 0a9209f928002e5eee9cdff8fef4d4b3">10 <!ENTITY iptables-size " 169KB">11 <!ENTITY iptables-buildsize " 4.0MB">12 <!ENTITY iptables-time "0. 1SBU">9 <!ENTITY iptables-md5sum "645941dd1f9e0ec1f74c61918d70d52f"> 10 <!ENTITY iptables-size "456 KB"> 11 <!ENTITY iptables-buildsize "10.5 MB"> 12 <!ENTITY iptables-time "0.2 SBU"> 13 13 ]> 14 14 … … 31 31 32 32 <para>The next part of this chapter deals with firewalls. The principal 33 firewall tool for Linux, as of the 2.4 kernel series, is 34 <application>iptables</application>. It replaces 35 <application>ipchains</application> from the 2.2 series and 36 <application>ipfwadm</application> from the 2.0 series. You will need to 37 install <application>iptables</application> if you intend on using any 38 form of a firewall.</para> 33 firewall tool for Linux is <application>iptables</application>. You will 34 need to install <application>iptables</application> if you intend on using 35 any form of a firewall.</para> 39 36 40 37 <bridgehead renderas="sect3">Package Information</bridgehead> … … 71 68 kernel called netfilter. The interface to netfilter is 72 69 <application>iptables</application>. To use it, the appropriate 73 kernel configuration parameters are found in Networking ⇒ 74 Networking Options ⇒ Network Packet Filtering ⇒ 75 Core Netfilter Configuration (and) IP: Netfilter Configuration.</para> 70 kernel configuration parameters are found in Networking Support ⇒ 71 Networking Options ⇒ Network Packet Filtering Framework.</para> 76 72 77 73 <indexterm zone="iptables iptables-kernel"> … … 113 109 commands:</para> 114 110 115 <screen><userinput> sed -i 's/name="$node/name="node/' iptables.xslt&&116 make LIBDIR=/lib KERNEL_DIR=/usr</userinput></screen>111 <screen><userinput>./configure --prefix=/usr && 112 make</userinput></screen> 117 113 118 114 <para>This package does not come with a test suite.</para> … … 120 116 <para>Now, as the <systemitem class="username">root</systemitem> user:</para> 121 117 122 <screen role="root"><userinput>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin \ 123 MANDIR=/usr/share/man install && 124 install -v -m644 iptables.xslt /lib/iptables</userinput></screen> 125 126 </sect2> 127 118 <screen role="root"><userinput>make install</userinput></screen> 119 120 </sect2> 121 <!-- 128 122 <sect2 role="commands"> 129 123 <title>Command Explanations</title> … … 149 143 150 144 </sect2> 151 145 --> 152 146 <sect2 role="configuration"> 153 147 <title>Configuring Iptables</title> … … 179 173 <segtitle>Installed Programs</segtitle> 180 174 <segtitle>Installed Libraries</segtitle> 181 <segtitle>Installed Director y</segtitle>175 <segtitle>Installed Directories</segtitle> 182 176 183 177 <seglistitem> 184 <seg>iptables, iptables-restore, iptables-save, iptables-xml and 185 ip6tables</seg> 186 <seg>libip6t_*.so and libipt_*.so</seg> 187 <seg>/lib/iptables</seg> 178 <seg>iptables, iptables-restore, iptables-save, iptables-xml, 179 iptables-multi, ip6tables, ip6tables-restore, ip6tables-save, 180 and ip6tables-multii</seg> 181 <seg>libip4tc.so, libip6tc.so, libiptc.so, libxtables.so, 182 and numerous modules in /usr/libexec/xtables/</seg> 183 <seg>/usr/libexec/xtables and /usr/include/libiptc</seg> 188 184 </seglistitem> 189 185 </segmentedlist> … … 198 194 <listitem> 199 195 <para>is used to set up, maintain, and inspect the tables of 200 IP packet filter rules in the Linux kernel.</para> 196 IP packet filter rules in the Linux kernel. It is a 197 symbolic link to iptables-multi.</para> 201 198 <indexterm zone="iptables iptables-prog"> 202 199 <primary sortas="b-iptables">iptables</primary> … … 210 207 <para>is used to restore IP Tables from data 211 208 specified on STDIN. Use I/O redirection provided by your 212 shell to read from a file.</para> 209 shell to read from a file. It is a symbolic link to 210 iptables-multi.</para> 213 211 <indexterm zone="iptables iptables-restore"> 214 212 <primary sortas="b-iptables-restore">iptables-restore</primary> … … 222 220 <para>is used to dump the contents of an IP Table 223 221 in easily parseable format to STDOUT. Use I/O-redirection 224 provided by your shell to write to a file.</para> 222 provided by your shell to write to a file. It is a symbolic link to 223 iptables-multi.</para> 225 224 <indexterm zone="iptables iptables-save"> 226 225 <primary sortas="b-iptables-save">iptables-save</primary> … … 235 234 <command>iptables-save</command> to an XML format. Using the 236 235 <filename>iptables.xslt</filename> stylesheet converts the XML 237 back to the format of <command>iptables-restore</command>.</para> 236 back to the format of <command>iptables-restore</command>. 237 It is a symbolic link to iptables-multi.</para> 238 238 <indexterm zone="iptables iptables-xml"> 239 239 <primary sortas="b-iptables-xml">iptables-xml</primary> … … 243 243 244 244 <varlistentry id="ip6tables"> 245 <term><command>ip6tables</command></term> 246 <listitem> 247 <para>is used to set up, maintain, and inspect the tables of 248 IPv6 packet filter rules in the Linux kernel. Several different 249 tables may be defined. Each table contains a number of built-in 250 chains and may also contain user-defined chains.</para> 245 <term><command>ip6tables*</command></term> 246 <listitem> 247 <para>are a set of commands for IPV6 that parallel the iptables 248 commands above. All of these commands are symbolic 249 links to ip6tables-multi.</para> 251 250 <indexterm zone="iptables ip6tables"> 252 251 <primary sortas="b-ip6tables">ip6tables</primary> … … 255 254 </varlistentry> 256 255 257 <varlistentry id="libip-iptables">258 <term><filename class='libraryfile'>libip*.so</filename></term>259 <listitem>260 <para>library modules are various modules (implemented as dynamic261 libraries) which extend the core functionality of262 <command>iptables</command>.</para>263 <indexterm zone="iptables libip-iptables">264 <primary sortas="c-libip-iptables">libip*.so</primary>265 </indexterm>266 </listitem>267 </varlistentry>268 269 256 </variablelist> 270 257
Note:
See TracChangeset
for help on using the changeset viewer.