Dhcpcd and iptables problems (BLFS 6.1)

steve crosby steve.crosby at gmail.com
Wed Feb 7 17:32:50 PST 2007


On 2/8/07, Darcy Roberts <darcy_ro at msn.com> wrote:

<snip>

> I've turned on the appropriate modules in the kernel and all appears correct now. One issue is that the style of the options - everyone shows "CONFIG_IP_NF_IPTABLES=y" but this isn't the same text as when using menuconfig. I ended up manually editting .config (bad idea, since ugly dependencies for options now show up).
>

Defintely can create issues with dependencies, use the menu based
config where you can.
If you select the help option for each kernel config item (i.e. ?
instead of Y\N\M for make menuconfig) the help will usually tell you
the config item name.

What you need to have is dependant on how complex your iptables rules
are going to be. For example, if your going to be using NAT, you will
need some or all of the NAT options - if your never going to adjust
the TCPMSS value using iptables, you don't need those option in the
kernel.

That said, it adds very little additional overhead to the kernel to
just select every single option (m for modular, y for static [always
built into kernel]) - if your iptables ruleset doesn't need a function
it won't be loaded if you selected modules.

Note that the latest kernel release (2.6.20) has just significantly
re-arranged the netfilter options menu again, obseleting a number of
items, and adding new ones.

> BTW, how do I limit the size of the kern and sys logs?

grab logrotate from the debian ftp mirrors. you run logrotate every so
often (usually daily) in cron (you'll need to install the cron daemon
too!) and the logrotate configuration files indicate after how long,
what size etc to chop the logs smaller, keep x number of backup
copies, compress the backups, etc.

-- 
-- -
Steve Crosby



More information about the lfs-support mailing list