linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-01 21:12:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
0482b012c6
glfs/postlfs/security/iptables/iptables-intro.xml
Larry Lawrence e760c5cf07 update to iptables-1.2.8 
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@906 af4574ff-66df-0310-9fd7-8a98e5e911e0
2003-05-05 18:09:38 +00:00

48 lines
2.2 KiB
XML
Raw Blame History

<sect2>
<title>Introduction to <application>iptables</application></title>
<para>To use firewalling, as well as installing
<application>iptables</application>, you will need
to configure the relevant options into your kernel. This is discussed
in the next part of this chapter - <xref linkend="postlfs-security-fw-kernel"/>.</para>
<para>If you intend to use <acronym>IP</acronym>v6 you might consider extending
the kernel by running <command>make patch-o-matic</command> in the top-level
directory of the sources of <application>iptables</application>. If you are
going to do this, on a freshly untarred kernel, you need to run
<command>yes "" | make config &amp;&amp; make dep</command> first because
otherwise the patch-o-matic command is likely to fail while setting up
some dependencies.</para>
<para>If you are going to patch the kernel, you need to do it before you
compile <application>iptables</application>, because during the compilation,
the kernel source tree is checked (if it is available at <filename
class="directory">/usr/src/linux-<replaceable>[version]</replaceable>
</filename> to see which features are available. Support will only be compiled
into <application>iptables</application> for the features recognized at
compile-time. Applying a kernel patch may result in errors, often because the
hooks for the patches have changed or because the runme script doesn't
recognize that a patch has already been incorporated.</para>
<para>Note that for most people, patching the kernel is unnecessary.
With the later 2.4.x kernels, most functionality is already available
and those who need to patch it are generally those who need a specific
feature; if you don't know why you need to patch the kernel, you're
unlikely to need to!</para>
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP): <ulink
url="&iptables-download-http;"/></para></listitem>
<listitem><para>Download (FTP): <ulink
url="&iptables-download-ftp;"/></para></listitem>
<listitem><para>Download size: &iptables-size;</para></listitem>
<listitem><para>Estimated Disk space required:
&iptables-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&iptables-time;</para></listitem></itemizedlist>
</sect3>
</sect2>
Reference in New Issue View Git Blame Copy Permalink