The next part of this chapter deals with firewalls. The principal firewall tool for Linux, as of the 2.4 kernel series, is iptables. It replaces ipchains from the 2.2 series and ipfwadm from the 2.0 series. You will need to install iptables if you intend on using any form of a firewall.
A firewall in Linux is accomplished through a portion of the kernel called netfilter. The interface to netfilter is iptables. To use it, the appropriate kernel configuration parameters are found in Device Drivers -> Networking Support -> Networking Options -> Network Packet Filtering -> IP: Netfilter Configuration.
Download (HTTP): http://www.iptables.org/files/iptables-1.3.1.tar.bz2
Download (FTP): ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.1.tar.bz2
Download MD5 sum: c3358a3bd0d7755df0b64a5063db296b
Download size: 177 KB
Estimated disk space required: 3.8 MB
Estimated build time: 0.14 SBU
Installation of iptables will fail if raw kernel headers are found in /usr/src/linux either as actual files or a symlink. As of the Linux 2.6 kernel series, this directory should no longer exist because appropriate headers were installed in the linux-libc-headers package during the base LFS installation.
For some non-x86 architectures, the raw kernel headers may be required. In that case, add the environment variable KERNEL_DIR=/usr/src/linux to the make commands below.
Install iptables by running the following commands:
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin
Now, as the root user:
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install
PREFIX=/usr LIBDIR=/lib BINDIR=/sbin: Compiles and installs iptables libraries into /lib, binaries into /sbin and the remainder into the /usr hierarchy instead of /usr/local. Firewalls are generally activated during the boot process and /usr may not be mounted at that time.
is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.
is used to restore IP Tables from data specified on STDIN. Use I/O redirection provided by your shell to read from a file.
is used to dump the contents of an IP Table in easily parseable format to STDOUT. Use I/O-redirection provided by your shell to write to a file.
is used to set up, maintain, and inspect the tables of IPv6 packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains.
library modules are various modules (implemented as dynamic libraries) which extend the core functionality of iptables.
Last updated on 2005-03-13 00:24:56 -0700