496 lines
7.3 KiB
HTML
496 lines
7.3 KiB
HTML
|
<HTML
|
||
|
><HEAD
|
||
|
><TITLE
|
||
|
>Installing iptables + libiptc</TITLE
|
||
|
><META
|
||
|
NAME="GENERATOR"
|
||
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
|
||
|
"><LINK
|
||
|
REL="HOME"
|
||
|
TITLE="Querying libiptc HOWTO"
|
||
|
HREF="index.html"><LINK
|
||
|
REL="PREVIOUS"
|
||
|
TITLE="Previous knowledge and system requirements"
|
||
|
HREF="previous.html"><LINK
|
||
|
REL="NEXT"
|
||
|
TITLE="How to create your program(s)"
|
||
|
HREF="howtoprg.html"></HEAD
|
||
|
><BODY
|
||
|
CLASS="SECT1"
|
||
|
BGCOLOR="#FFFFFF"
|
||
|
TEXT="#000000"
|
||
|
LINK="#0000FF"
|
||
|
VLINK="#840084"
|
||
|
ALINK="#0000FF"
|
||
|
><DIV
|
||
|
CLASS="NAVHEADER"
|
||
|
><TABLE
|
||
|
SUMMARY="Header navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TH
|
||
|
COLSPAN="3"
|
||
|
ALIGN="center"
|
||
|
>Querying libiptc HOWTO</TH
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="previous.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="80%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="bottom"
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="howtoprg.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"></DIV
|
||
|
><DIV
|
||
|
CLASS="SECT1"
|
||
|
><H1
|
||
|
CLASS="SECT1"
|
||
|
><A
|
||
|
NAME="INSTALL">9. Installing iptables + libiptc</H1
|
||
|
><P
|
||
|
>To install <EM
|
||
|
>libiptc</EM
|
||
|
> follow these steps:</P
|
||
|
><P
|
||
|
></P
|
||
|
><OL
|
||
|
TYPE="1"
|
||
|
><LI
|
||
|
><P
|
||
|
>Download <EM
|
||
|
>iptables-1.2.6.tar.bz2</EM
|
||
|
> from
|
||
|
<A
|
||
|
HREF="http://netfilter.samba.org/"
|
||
|
TARGET="_top"
|
||
|
>http://netfilter.samba.org/</A
|
||
|
>.</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>Copy the <EM
|
||
|
>iptables</EM
|
||
|
> tar file into
|
||
|
<TT
|
||
|
CLASS="FILENAME"
|
||
|
>/usr/local/src</TT
|
||
|
>:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>cp iptables-1.2.6.tar.bz2 /usr/local/src</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Unpack:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>tar xjvf iptables-1.2.6.tar.bz2</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Go into the iptables directory:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>cd iptables-1.2.6</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>Check to see if your kernel needs some aditional patches with:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>make pending-patches</B
|
||
|
> <EM
|
||
|
>KERNEL_DIR=/usr/src/linux</EM
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
>If your kernel source is located somewhere other than in
|
||
|
<TT
|
||
|
CLASS="FILENAME"
|
||
|
>/usr/src/linux</TT
|
||
|
>, replace the kernel source directory in
|
||
|
the command line above with your source directory.</P
|
||
|
><P
|
||
|
>Be careful with this option. This command invokes
|
||
|
<EM
|
||
|
>patch-o-matic</EM
|
||
|
>, a new patch verification utility by
|
||
|
Rusty Russell. The utility will show you a list of new patches (some
|
||
|
proposed, some submitted, some accepted) available for your kernel source.
|
||
|
As Rusty himself says, <SPAN
|
||
|
CLASS="QUOTE"
|
||
|
>"Some of these new patches have bugs"</SPAN
|
||
|
>,
|
||
|
and you do not have to apply all of them.</P
|
||
|
><P
|
||
|
>Read the information showed for each patch carefully and answer with
|
||
|
<B
|
||
|
CLASS="KEYCAP"
|
||
|
>y</B
|
||
|
> (apply the patch) or <B
|
||
|
CLASS="KEYCAP"
|
||
|
>N</B
|
||
|
> (skip this patch).
|
||
|
In some cases answering <B
|
||
|
CLASS="KEYCAP"
|
||
|
>y</B
|
||
|
> will try to apply the patch, but
|
||
|
if the patch finds some differences between your sources, it will be
|
||
|
skipped and the next new one presented.</P
|
||
|
><P
|
||
|
>I did not apply any of the proposed patches and kept my kernel in its
|
||
|
original state before continuing to the next step.</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>Make the iptables package with:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>make</B
|
||
|
> <EM
|
||
|
>KERNEL_DIR=/usr/src/linux</EM
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
>Again, if your kernel source is not at <TT
|
||
|
CLASS="FILENAME"
|
||
|
>/usr/src/linux</TT
|
||
|
>,
|
||
|
replace the kernel source directory in the command above.</P
|
||
|
><P
|
||
|
>If all goes right the compiler will finish without errors.</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>Before the next step, check to see if you have installed iptables package by
|
||
|
typing:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>rpm -q iptables</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
>If the iptables rpm is installed, you will see the name and version of the
|
||
|
package, similar to:</P
|
||
|
><P
|
||
|
><EM
|
||
|
>iptables-1.1.2-13</EM
|
||
|
></P
|
||
|
><P
|
||
|
>In this case un-install with:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>rpm -e iptables</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>Install the new created package:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>make install</B
|
||
|
> <EM
|
||
|
>KERNEL_DIR=/usr/src/linux</EM
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
>Again, check your kernel source directory.</P
|
||
|
><P
|
||
|
>This command will install the binaries (<EM
|
||
|
>iptables, iptables-save,
|
||
|
iptables-restore</EM
|
||
|
>) in <TT
|
||
|
CLASS="FILENAME"
|
||
|
>/usr/local/sbin</TT
|
||
|
>, the manuals
|
||
|
in <TT
|
||
|
CLASS="FILENAME"
|
||
|
>/usr/local/man/man8</TT
|
||
|
> and the modules in
|
||
|
<TT
|
||
|
CLASS="FILENAME"
|
||
|
>/usr/local/lib/iptables</TT
|
||
|
>.</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>Finally install the headers, development libraries and associated
|
||
|
development man pages, with:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>make install-devel</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
>This command will install the <EM
|
||
|
>libiptc</EM
|
||
|
> library
|
||
|
in <TT
|
||
|
CLASS="FILENAME"
|
||
|
>/usr/local/lib</TT
|
||
|
>.</P
|
||
|
><P
|
||
|
>I think something must be wrong with this command. It does not install all
|
||
|
headers files properly, so you must install them yourself using:</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
>bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>cd /usr/local/src/iptables-1.2.6</B
|
||
|
>
|
||
|
bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>cp include/iptables.h /usr/local/include</B
|
||
|
>
|
||
|
bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>cp include/iptables_common.h /usr/local/include</B
|
||
|
>
|
||
|
bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>mkdir /usr/local/include/libiptc</B
|
||
|
>
|
||
|
bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>cp include/libiptc/libiptc.h /usr/local/include/libiptc</B
|
||
|
>
|
||
|
bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>cp include/libiptc/ipt_kernel_headers.h /usr/local/include/libiptc</B
|
||
|
>
|
||
|
bash# <B
|
||
|
CLASS="COMMAND"
|
||
|
>cp iptables.o /usr/local/lib</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
><TT
|
||
|
CLASS="FILENAME"
|
||
|
>iptables.o</TT
|
||
|
> is needed above to compile programs to get
|
||
|
rule information from netfilter. </P
|
||
|
><P
|
||
|
>Now you are ready to create programs that can communicate directly with libiptc.</P
|
||
|
></LI
|
||
|
></OL
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="NAVFOOTER"
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"><TABLE
|
||
|
SUMMARY="Footer navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="previous.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="index.html"
|
||
|
ACCESSKEY="H"
|
||
|
>Home</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="howtoprg.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
>Previous knowledge and system requirements</TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
> </TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
>How to create your program(s)</TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></DIV
|
||
|
></BODY
|
||
|
></HTML
|
||
|
>
|