Iptables-1.4.20
Introduction to Iptables
The next part of this chapter deals with firewalls. The principal
firewall tool for Linux is Iptables. You will need to install
Iptables if you intend on using
any form of a firewall.
This package is known to build and work properly using an LFS-7.4
platform.
Package Information
User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/iptables
Kernel
Configuration
A firewall in Linux is accomplished through a portion of the kernel
called netfilter. The interface to netfilter is Iptables. To use it, the appropriate kernel
configuration parameters are found in Networking Support ⇒
Networking Options ⇒ Network Packet Filtering Framework.
Installation of Iptables
Note
The installation below does not include building some specialized
extension libraries which require the raw headers in the
Linux source code. If you wish
to build the additional extensions (if you aren't sure, then you
probably don't), you can look at the INSTALL
file to see an example of how to change
the KERNEL_DIR=
parameter
to point at the Linux source
code. Note that if you upgrade the kernel version, you may also
need to recompile Iptables and
that the BLFS team has not tested using the raw kernel headers.
For some non-x86 architectures, the raw kernel headers may be
required. In that case, modify the KERNEL_DIR=
parameter to point at
the Linux source code.
Install Iptables by running the
following commands:
./configure --prefix=/usr \
--exec-prefix= \
--bindir=/usr/bin \
--with-xtlibdir=/lib/xtables \
--with-pkgconfigdir=/usr/lib/pkgconfig \
--enable-libipq \
--enable-devel &&
make
This package does not come with a test suite.
Now, as the root
user:
make install &&
ln -sfv ../../sbin/xtables-multi /usr/bin/iptables-xml &&
for file in libip4tc libip6tc libipq libiptc libxtables
do
ln -sfv ../../lib/`readlink /lib/${file}.so` /usr/lib/${file}.so &&
rm -v /lib/${file}.so &&
mv -v /lib/${file}.la /usr/lib &&
sed -i "s@libdir='@&/usr@g" /usr/lib/${file}.la
done
Command Explanations
--exec-prefix=
: Ensure all
binaries and libraries end up in /
directory tree.
--with-xtlibdir=/lib/xtables
: Ensure
all Iptables modules are installed
in the /lib/xtables
directory.
--with-pkgconfigdir=/usr/lib/pkgconfig
:
Ensure all the pkgconfig files are in the standard location.
--enable-libipq
: This switch enables
building of libipq.so
which can be
used by some packages outside of BLFS.
--enable-devel
: This switch enables
installation of Iptables
development headers that can be used by some packages outside of
BLFS.
ln -sfv ../../sbin/xtables-multi
/usr/bin/iptables-xml: Ensure the symbolic link for
iptables-xml is
relative.
Configuring Iptables
Introductory instructions for configuring your firewall are
presented in the next section: Firewalling
Boot Script
To set up the iptables firewall at boot, install the /etc/rc.d/init.d/iptables
init script included
in the blfs-bootscripts-20130908 package.
make install-iptables
Contents
Installed Programs:
ip6tables, ip6tables-restore,
ip6tables-save, iptables, iptables-restore, iptables-save,
iptables-xml, and xtables-multi
Installed Libraries:
libip4tc.so, libip6tc.so, libipq.so,
libiptc.so, and libxtables.so
Installed Directories:
/lib/xtables and
/usr/include/libiptc
Short Descriptions
iptables
|
is used to set up, maintain, and inspect the tables of IP
packet filter rules in the Linux kernel.
|
iptables-restore
|
is used to restore IP Tables from data specified on
STDIN. Use I/O redirection provided by your shell to read
from a file.
|
iptables-save
|
is used to dump the contents of an IP Table in easily
parseable format to STDOUT. Use I/O-redirection provided
by your shell to write to a file.
|
iptables-xml
|
is used to convert the output of iptables-save to an XML
format. Using the iptables.xslt stylesheet converts the
XML back to the format of iptables-restore.
|
ip6tables*
|
are a set of commands for IPV6 that parallel the iptables
commands above.
|
Last updated on 2013-08-20 13:22:42 -0700