BACK

Installing iptables

This page covers how to enable support for packet filtering using the new 2.4 kernel's packet filtering feature iptables.  The latest source at the time of this page's creation was iptables-1.2.2.tar.bz2, which recommends at least a 2.4.4 kernel (I'm using 2.4.5).

The configuration of the Firewall is found here.

Enabling iptables support in the kernel

Enter kernel configuration mode (make menuconfig in kernel source directory) and under Networking Options--> choose the following options.

Networking Options-->

  [*] Network packet filtering (replaces ipchains)
  [*]   Network packet filtering debugging
 

Then under Networking Options--> IP: Netfilter Configuration ---> choose whichever options you want, I start with most of them enabled until I find out which options I need.

Networking Options-->

 IP: Netfilter Configuration  --->
 
   <*> Connection tracking (required for masq/NAT)
   <*>   FTP protocol support
   <*> IP tables support (required for filtering/masq/NAT)
   <*>   limit match support
   <*>   MAC address match support
   <*>   netfilter MARK match support
   <*>   Multiple port match support
   <*>   TOS match support
   < >   tcpmss match support
   <*>   Connection state match support
   <*>   Packet filtering
   <*>     REJECT target support 
   <*>   Full NAT
   <*>     MASQUERADE target support 
   <*>     REDIRECT target support
   <*>   Packet mangling
   <*>     TOS target support
   <*>     MARK target support 
   <*>   LOG target support  
   < >   TCPMSS target support 

If the [*] Network packet filtering option isn't already enabled or if you add any to the IP: Netfilter Configuration ---> menu, you will have to recompile your kernel to add support.

Installing iptables from source

  1. You can obtain the source from the Netfilter project at netfilter.samba.org/, netfilter.gnumonks.org or netfilter.filewatcher.org.
  2. Save it to a convenient directory (I used /root/iptables in this case).
       suse:~ # cd iptables
       suse:~/iptables # ls
       .  ..  iptables-1.2.2.tar.bz2  
    
  3. Decompress and untar the source. This creates the directory iptables-1.2.2 in the source directory (/root/iptables)
       suse:~/iptables # bunzip2 iptables-1.2.2.tar.bz2
       suse:~/iptables # tar -xvf iptables-1.2.2.tar
       suse:~/iptables # cd iptables-1.2.2
       suse:~/iptables/iptables-1.2.2 # 
    
  4. According to the INSTALL file.
    First, from the iptables-1.2.2 source directory, to add patches to the kernel you can run:
     # make pending-patches KERNEL_DIR=<<where-your-kernel-is>>
    
    Next make the package with:
     # make KERNEL_DIR=<<where-your-kernel-is>>
    
    and finally, install the package with:
    # make install KERNEL_DIR=<<where-your-kernel-is>>
    
    If all goes well your binaries will be installed to /usr/local/sbin/ by default and your man pages will be installed so at any time you can view the man pages with :
       suse:~ # man iptables
    
The configuration of the Firewall is found here.
BACK