r8298 - in trunk/BOOK: . introduction/welcome postlfs/config postlfs/security

bdubbs at linuxfromscratch.org bdubbs at linuxfromscratch.org
Sat Mar 6 15:42:24 PST 2010


Author: bdubbs
Date: 2010-03-06 16:42:24 -0700 (Sat, 06 Mar 2010)
New Revision: 8298

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/config/devices.xml
   trunk/BOOK/postlfs/security/iptables.xml
Log:
Update to iptables-1.4.7

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2010-03-06 22:33:48 UTC (rev 8297)
+++ trunk/BOOK/general.ent	2010-03-06 23:42:24 UTC (rev 8298)
@@ -79,7 +79,7 @@
 <!ENTITY cracklib-version             "2.8.15">
 <!ENTITY linux-pam-version            "1.1.1">
 <!ENTITY shadow-version               "4.1.4.2">
-<!ENTITY iptables-version             "1.3.8">
+<!ENTITY iptables-version             "1.4.7">
 <!ENTITY gnupg-version                "1.4.9">
 <!ENTITY gnupg2-version               "2.0.12">
 <!ENTITY tripwire-version             "2.4.1.2">

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2010-03-06 22:33:48 UTC (rev 8297)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2010-03-06 23:42:24 UTC (rev 8298)
@@ -45,6 +45,9 @@
       <para>March 7th, 2010</para>
       <itemizedlist>
         <listitem>
+          <para>[bdubbs] - Update to iptables-1.4.7.</para>
+        </listitem>
+        <listitem>
           <para>[bdubbs] - Added additional information about
           configuring USB devices.</para>
         </listitem>

Modified: trunk/BOOK/postlfs/config/devices.xml
===================================================================
--- trunk/BOOK/postlfs/config/devices.xml	2010-03-06 22:33:48 UTC (rev 8297)
+++ trunk/BOOK/postlfs/config/devices.xml	2010-03-06 23:42:24 UTC (rev 8298)
@@ -78,7 +78,7 @@
     installed by SANE change permissions for known scanners, but not printers.  
     If a package maintainer forgot to write a rule for your device,
     report a bug to both BLFS (if the package is there) and upstream, and 
-    ypu will need ot write your own rule.</para>
+    you will need ot write your own rule.</para>
 
     <para>There is one situation when such fine-grained access control with
     pre-generated udev rules doesn't work. Namely, PC emulators such as KVM,

Modified: trunk/BOOK/postlfs/security/iptables.xml
===================================================================
--- trunk/BOOK/postlfs/security/iptables.xml	2010-03-06 22:33:48 UTC (rev 8297)
+++ trunk/BOOK/postlfs/security/iptables.xml	2010-03-06 23:42:24 UTC (rev 8298)
@@ -6,10 +6,10 @@
 
   <!ENTITY iptables-download-http "http://www.netfilter.org/projects/iptables/files/iptables-&iptables-version;.tar.bz2">
   <!ENTITY iptables-download-ftp  "ftp://ftp.netfilter.org/pub/iptables/iptables-&iptables-version;.tar.bz2">
-  <!ENTITY iptables-md5sum        "0a9209f928002e5eee9cdff8fef4d4b3">
-  <!ENTITY iptables-size          "169 KB">
-  <!ENTITY iptables-buildsize     "4.0 MB">
-  <!ENTITY iptables-time          "0.1 SBU">
+  <!ENTITY iptables-md5sum        "645941dd1f9e0ec1f74c61918d70d52f">
+  <!ENTITY iptables-size          "456 KB">
+  <!ENTITY iptables-buildsize     "10.5 MB">
+  <!ENTITY iptables-time          "0.2 SBU">
 ]>
 
 <sect1 id="iptables" xreflabel="iptables-&iptables-version;">
@@ -30,12 +30,9 @@
     <title>Introduction to Iptables</title>
 
   <para>The next part of this chapter deals with firewalls.  The principal
-  firewall tool for Linux, as of the 2.4 kernel series, is
-  <application>iptables</application>.  It replaces
-  <application>ipchains</application> from the 2.2 series and
-  <application>ipfwadm</application> from the 2.0 series. You will need to
-  install <application>iptables</application> if you intend on using any
-  form of a firewall.</para>
+  firewall tool for Linux is <application>iptables</application>.  You will
+  need to install <application>iptables</application> if you intend on using
+  any form of a firewall.</para>
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
     <itemizedlist spacing="compact">
@@ -70,9 +67,8 @@
     <para>A firewall in Linux is accomplished through a portion of the
     kernel called netfilter. The interface to netfilter is
     <application>iptables</application>. To use it, the appropriate
-    kernel configuration parameters are found in Networking ⇒
-    Networking Options ⇒ Network Packet Filtering ⇒
-    Core Netfilter Configuration (and) IP: Netfilter Configuration.</para>
+    kernel configuration parameters are found in Networking Support ⇒
+    Networking Options ⇒ Network Packet Filtering Framework.</para>
 
     <indexterm zone="iptables iptables-kernel">
       <primary sortas="d-iptables">Iptables</primary>
@@ -112,19 +108,17 @@
     <para>Install <application>iptables</application> by running the following
     commands:</para>
 
-<screen><userinput>sed -i 's/name="$node/name="node/' iptables.xslt &&
-make LIBDIR=/lib KERNEL_DIR=/usr</userinput></screen>
+<screen><userinput>./configure --prefix=/usr &&
+make</userinput></screen>
 
     <para>This package does not come with a test suite.</para>
 
     <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
 
-<screen role="root"><userinput>make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin \
-    MANDIR=/usr/share/man install &&
-install -v -m644 iptables.xslt /lib/iptables</userinput></screen>
+<screen role="root"><userinput>make install</userinput></screen>
 
   </sect2>
-
+<!--
   <sect2 role="commands">
     <title>Command Explanations</title>
 
@@ -148,7 +142,7 @@
     headers in <filename class='directory'>/usr/src/linux</filename>.</para>
 
   </sect2>
-
+-->
   <sect2 role="configuration">
     <title>Configuring Iptables</title>
 
@@ -178,13 +172,15 @@
     <segmentedlist>
       <segtitle>Installed Programs</segtitle>
       <segtitle>Installed Libraries</segtitle>
-      <segtitle>Installed Directory</segtitle>
+      <segtitle>Installed Directories</segtitle>
 
       <seglistitem>
-        <seg>iptables, iptables-restore, iptables-save, iptables-xml and
-        ip6tables</seg>
-        <seg>libip6t_*.so and libipt_*.so</seg>
-        <seg>/lib/iptables</seg>
+        <seg>iptables, iptables-restore, iptables-save, iptables-xml, 
+        iptables-multi, ip6tables, ip6tables-restore, ip6tables-save, 
+        and ip6tables-multii</seg>
+        <seg>libip4tc.so, libip6tc.so, libiptc.so, libxtables.so,
+        and numerous modules in /usr/libexec/xtables/</seg>
+        <seg>/usr/libexec/xtables and /usr/include/libiptc</seg>
       </seglistitem>
     </segmentedlist>
 
@@ -197,7 +193,8 @@
         <term><command>iptables</command></term>
         <listitem>
           <para>is used to set up, maintain, and inspect the tables of
-          IP packet filter rules in the Linux kernel.</para>
+          IP packet filter rules in the Linux kernel.  It is a 
+          symbolic link to iptables-multi.</para>
           <indexterm zone="iptables iptables-prog">
             <primary sortas="b-iptables">iptables</primary>
           </indexterm>
@@ -209,7 +206,8 @@
         <listitem>
           <para>is used to restore IP Tables from data
           specified on STDIN. Use I/O redirection provided by your
-          shell to read from a file.</para>
+          shell to read from a file. It is a symbolic link to 
+          iptables-multi.</para>
           <indexterm zone="iptables iptables-restore">
             <primary sortas="b-iptables-restore">iptables-restore</primary>
           </indexterm>
@@ -221,7 +219,8 @@
         <listitem>
           <para>is used to dump the contents of an IP Table
           in easily parseable format to STDOUT. Use I/O-redirection
-          provided by your shell to write to a file.</para>
+          provided by your shell to write to a file. It is a symbolic link to
+          iptables-multi.</para>
           <indexterm zone="iptables iptables-save">
             <primary sortas="b-iptables-save">iptables-save</primary>
           </indexterm>
@@ -234,7 +233,8 @@
           <para>is used to convert the output of
           <command>iptables-save</command> to an XML format. Using the
           <filename>iptables.xslt</filename> stylesheet converts the XML
-          back to the format of <command>iptables-restore</command>.</para>
+          back to the format of <command>iptables-restore</command>.
+          It is a symbolic link to iptables-multi.</para>
           <indexterm zone="iptables iptables-xml">
             <primary sortas="b-iptables-xml">iptables-xml</primary>
           </indexterm>
@@ -242,30 +242,17 @@
       </varlistentry>
 
       <varlistentry id="ip6tables">
-        <term><command>ip6tables</command></term>
+        <term><command>ip6tables*</command></term>
         <listitem>
-          <para>is used to set up, maintain, and inspect the tables of
-          IPv6 packet filter rules in the Linux kernel. Several different
-          tables may be defined. Each table contains a number of built-in
-          chains and may also contain user-defined chains.</para>
+          <para>are a set of commands for IPV6 that parallel the iptables
+          commands above.  All of these commands are symbolic 
+          links to ip6tables-multi.</para>
           <indexterm zone="iptables ip6tables">
             <primary sortas="b-ip6tables">ip6tables</primary>
           </indexterm>
         </listitem>
       </varlistentry>
 
-      <varlistentry id="libip-iptables">
-        <term><filename class='libraryfile'>libip*.so</filename></term>
-        <listitem>
-          <para>library modules are various modules (implemented as dynamic
-          libraries) which extend the core functionality of
-          <command>iptables</command>.</para>
-          <indexterm zone="iptables libip-iptables">
-            <primary sortas="c-libip-iptables">libip*.so</primary>
-          </indexterm>
-        </listitem>
-      </varlistentry>
-
     </variablelist>
 
   </sect2>




More information about the blfs-book mailing list