179 lines
2.9 KiB
HTML
179 lines
2.9 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Build a kernel with IPCHAINS Firewall support</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
|
|
REL="HOME"
|
|
TITLE="Securing and Optimizing Linux"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Networking -Firewall"
|
|
HREF="soft-netfirew.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="The topology"
|
|
HREF="chap10sec98.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Rules used in the Firewall script files"
|
|
HREF="chap10sec100.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap10sec98.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 10. Networking -Firewall</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="chap10sec100.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="AEN6439"
|
|
>10.3. Build a kernel with <TT
|
|
CLASS="literal"
|
|
>IPCHAINS</TT
|
|
> Firewall support</A
|
|
></H1
|
|
><P
|
|
> The first thing you need to do is ensure that your kernel has been built with Network Firewall support enabled and Firewalling. Remember, all servers should be configured to block unused ports, even if
|
|
there are no firewall server. In the 2.2.14 kernel version you need to be sure that you have answered <TT
|
|
CLASS="userinput"
|
|
><B
|
|
>Y</B
|
|
></TT
|
|
> to the following questions:
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="programlisting"
|
|
> <TT
|
|
CLASS="userinput"
|
|
><B
|
|
>Networking options:</B
|
|
></TT
|
|
>
|
|
|
|
|
|
Network firewalls (CONFIG_FIREFALL) [N] Y
|
|
IP:Firewalling (CONFIG_IP_FIREWALL) [N] Y
|
|
IP:TCP syncookie support (CONFIG_SYN_COOKIES) [N] Y
|
|
|
|
</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
>
|
|
If you have followed the Linux Kernel section and have recompiled your kernel, the options Network firewalls, <SPAN
|
|
CLASS="acronym"
|
|
>IP</SPAN
|
|
>:Firewalling, and <SPAN
|
|
CLASS="acronym"
|
|
>IP:TCP</SPAN
|
|
> syncookie support shown above are already set.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap10sec98.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="chap10sec100.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>The topology</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="soft-netfirew.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Rules used in the Firewall script files</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |