Iptables-1.3.8
Introduction to Iptables
The next part of this chapter deals with firewalls. The principal
firewall tool for Linux, as of the 2.4 kernel series, is
iptables. It replaces ipchains from the 2.2 series and ipfwadm from the 2.0 series. You will need to
install iptables if you intend on
using any form of a firewall.
Package Information
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/iptables
Kernel
Configuration
A firewall in Linux is accomplished through a portion of the kernel
called netfilter. The interface to netfilter is iptables. To use it, the appropriate kernel
configuration parameters are found in Networking ⇒ Networking
Options ⇒ Network Packet Filtering ⇒ Core Netfilter
Configuration (and) IP: Netfilter Configuration.
Installation of Iptables
Note
The installation below does not include building some specialized
extension libraries which require the raw headers in the
Linux source code. If you wish
to build the additional extensions (if you aren't sure, then you
probably don't), you can look at the INSTALL
file to see an example of how to change
the KERNEL_DIR=
parameter
to point at the Linux source
code. Note that if you upgrade the kernel version, you may also
need to recompile iptables and
that the BLFS team has not tested using the raw kernel headers.
For some non-x86 architectures, the raw kernel headers may be
required. In that case, modify the KERNEL_DIR=
parameter to point at
the Linux source code.
Install iptables by running the
following commands:
sed -i 's/name="$node/name="node/' iptables.xslt &&
make LIBDIR=/lib KERNEL_DIR=/usr
This package does not come with a test suite.
Now, as the root
user:
make PREFIX=/usr LIBDIR=/lib BINDIR=/sbin \
MANDIR=/usr/share/man install &&
install -v -m644 iptables.xslt /lib/iptables
Command Explanations
sed -i 's/name="$node/name="node/'
iptables.xslt: This corrects a syntax error in the
XSLT stylesheet for use with iptables-xml.
PREFIX=/usr LIBDIR=/lib
BINDIR=/sbin
: Compiles and installs iptables modules into /lib
, binaries into /sbin
and the remainder into the /usr
hierarchy instead of /usr/local
. Firewalls are generally activated
during the boot process and /usr
may
not be mounted at that time.
KERNEL_DIR=/usr
: This
parameter is used to point at the sanitized kernel headers in
/usr
and not use the raw kernel
headers in /usr/src/linux
.
Configuring Iptables
Introductory instructions for configuring your firewall are
presented in the next section: Firewalling
Boot Script
To set up the iptables firewall at boot, install the /etc/rc.d/init.d/iptables
init script included
in the blfs-bootscripts-20080816 package.
make install-iptables
Contents
Installed Programs:
iptables, iptables-restore,
iptables-save, iptables-xml and ip6tables
Installed Libraries:
libip6t_*.so and libipt_*.so
Installed Directory:
/lib/iptables
Short Descriptions
iptables
|
is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel.
|
iptables-restore
|
is used to restore IP Tables from data specified on
STDIN. Use I/O redirection provided by your shell to read
from a file.
|
iptables-save
|
is used to dump the contents of an IP Table in easily
parseable format to STDOUT. Use I/O-redirection provided
by your shell to write to a file.
|
iptables-xml
|
is used to convert the output of iptables-save to an XML
format. Using the iptables.xslt stylesheet converts the
XML back to the format of iptables-restore.
|
ip6tables
|
is used to set up, maintain, and inspect the tables of
IPv6 packet filter rules in the Linux kernel. Several
different tables may be defined. Each table contains a
number of built-in chains and may also contain
user-defined chains.
|
libip*.so
|
library modules are various modules (implemented as
dynamic libraries) which extend the core functionality of
iptables.
|
Last updated on 2008-05-09 07:42:27 -0500