102 lines
2.4 KiB
Plaintext
102 lines
2.4 KiB
Plaintext
Installation instructions for iptables
|
|
======================================
|
|
|
|
iptables uses the well-known configure(autotools) infrastructure.
|
|
|
|
$ ./configure
|
|
$ make
|
|
# make install
|
|
|
|
|
|
Prerequisites
|
|
=============
|
|
|
|
* no kernel-source required
|
|
|
|
* but obviously a compiler, glibc-devel and linux-kernel-headers
|
|
(/usr/include/linux)
|
|
|
|
|
|
Configuring and compiling
|
|
=========================
|
|
|
|
./configure [options]
|
|
|
|
--prefix=
|
|
|
|
The prefix to put all installed files under. It defaults to
|
|
/usr/local, so the binaries will go into /usr/local/bin, sbin,
|
|
manpages into /usr/local/share/man, etc.
|
|
|
|
--with-xtlibdir=
|
|
|
|
The path to where Xtables extensions should be installed to. It
|
|
defaults to ${libdir}/xtables.
|
|
|
|
--enable-devel (or --disable-devel)
|
|
|
|
This option causes development files to be installed to
|
|
${includedir}, which is needed for building additional packages,
|
|
such as Xtables-addons or other 3rd-party extensions.
|
|
|
|
It is enabled by default.
|
|
|
|
--enable-static
|
|
|
|
Produce additional binaries, iptables-static/ip6tables-static,
|
|
which have all shipped extensions compiled in.
|
|
|
|
--disable-shared
|
|
|
|
Produce binaries that have dynamic loading of extensions disabled.
|
|
This implies --enable-static.
|
|
(See some details below.)
|
|
|
|
--enable-libipq
|
|
|
|
This option causes libipq to be installed into ${libdir} and
|
|
${includedir}.
|
|
|
|
--with-ksource=
|
|
|
|
Xtables does not depend on kernel headers anymore, but you can
|
|
optionally specify a search path to include anyway. This is
|
|
probably only useful for development.
|
|
|
|
If you want to enable debugging, use
|
|
|
|
./configure CFLAGS="-ggdb3 -O0"
|
|
|
|
(-O0 is used to turn off instruction reordering, which makes debugging
|
|
much easier.)
|
|
|
|
To show debug traces you can add -DDEBUG to CFLAGS option
|
|
|
|
|
|
Other notes
|
|
===========
|
|
|
|
The make process will automatically build multipurpose binaries.
|
|
These have the core (iptables), -save, -restore and -xml code
|
|
compiled into one binary, but extensions remain as modules.
|
|
|
|
|
|
Static and shared
|
|
=================
|
|
|
|
Basically there are three configuration modes defined:
|
|
|
|
--disable-static --enable-shared (this is the default)
|
|
|
|
Build a binary that relies upon dynamic loading of extensions.
|
|
|
|
--enable-static --enable-shared
|
|
|
|
Build a binary that has the shipped extensions built-in, but
|
|
is still capable of loading additional extensions.
|
|
|
|
--enable-static --disable-shared
|
|
|
|
Shipped extensions are built-in, and dynamic loading is
|
|
deactivated.
|