iptables-1.3.1

The next part of this chapter deals with firewalls. The principal firewall tool for Linux, as of the 2.4 kernel series, is iptables. It replaces ipchains from the 2.2 series and ipfwadm from the 2.0 series. You will need to install iptables if you intend on using any form of a firewall.

Introduction to iptables

A firewall in Linux is accomplished through a portion of the kernel called netfilter. The interface to netfilter is iptables. To use it, the appropriate kernel configuration parameters are found in Device Drivers -> Networking Support -> Networking Options -> Network Packet Filtering -> IP: Netfilter Configuration.

Package information

Installation of iptables

[Note]

Note

Installation of iptables will fail if raw kernel headers are found in /usr/src/linux either as actual files or a symlink. As of the Linux 2.6 kernel series, this directory should no longer exist because appropriate headers were installed in the linux-libc-headers package during the base LFS installation.

For some non-x86 architectures, the raw kernel headers may be required. In that case, add the environment variable KERNEL_DIR=/usr/src/linux to the make commands below.

Install iptables by running the following commands:

make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin

Now, as the root user:

make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin install

Command explanations

PREFIX=/usr LIBDIR=/lib BINDIR=/sbin: Compiles and installs iptables libraries into /lib, binaries into /sbin and the remainder into the /usr hierarchy instead of /usr/local. Firewalls are generally activated during the boot process and /usr may not be mounted at that time.

Contents

Installed Programs: iptables, iptables-restore, iptables-save and ip6tables
Installed Libraries: libip6t_*.so and libipt_*.so
Installed Directory: /lib/iptables

Short Descriptions

iptables

is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel.

iptables-restore

is used to restore IP Tables from data specified on STDIN. Use I/O redirection provided by your shell to read from a file.

iptables-save

is used to dump the contents of an IP Table in easily parseable format to STDOUT. Use I/O-redirection provided by your shell to write to a file.

ip6tables

is used to set up, maintain, and inspect the tables of IPv6 packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains.

libip*.so

library modules are various modules (implemented as dynamic libraries) which extend the core functionality of iptables.

Last updated on 2005-03-13 00:24:56 -0700