Download iptables-1.2.6.tar.bz2 from
http://netfilter.samba.org/.
Copy the iptables tar file into
/usr/local/src:
bash# cp iptables-1.2.6.tar.bz2 /usr/local/src |
Unpack:
bash# tar xjvf iptables-1.2.6.tar.bz2 |
Go into the iptables directory:
Check to see if your kernel needs some aditional patches with:
bash# make pending-patches KERNEL_DIR=/usr/src/linux |
If your kernel source is located somewhere other than in
/usr/src/linux, replace the kernel source directory in
the command line above with your source directory.
Be careful with this option. This command invokes
patch-o-matic, a new patch verification utility by
Rusty Russell. The utility will show you a list of new patches (some
proposed, some submitted, some accepted) available for your kernel source.
As Rusty himself says, "Some of these new patches have bugs",
and you do not have to apply all of them.
Read the information showed for each patch carefully and answer with
y (apply the patch) or N (skip this patch).
In some cases answering y will try to apply the patch, but
if the patch finds some differences between your sources, it will be
skipped and the next new one presented.
I did not apply any of the proposed patches and kept my kernel in its
original state before continuing to the next step.
Make the iptables package with:
bash# make KERNEL_DIR=/usr/src/linux |
Again, if your kernel source is not at /usr/src/linux,
replace the kernel source directory in the command above.
If all goes right the compiler will finish without errors.
Before the next step, check to see if you have installed iptables package by
typing:
If the iptables rpm is installed, you will see the name and version of the
package, similar to:
iptables-1.1.2-13
In this case un-install with:
Install the new created package:
bash# make install KERNEL_DIR=/usr/src/linux |
Again, check your kernel source directory.
This command will install the binaries (iptables, iptables-save,
iptables-restore) in /usr/local/sbin, the manuals
in /usr/local/man/man8 and the modules in
/usr/local/lib/iptables.
Finally install the headers, development libraries and associated
development man pages, with:
This command will install the libiptc library
in /usr/local/lib.
I think something must be wrong with this command. It does not install all
headers files properly, so you must install them yourself using:
bash# cd /usr/local/src/iptables-1.2.6
bash# cp include/iptables.h /usr/local/include
bash# cp include/iptables_common.h /usr/local/include
bash# mkdir /usr/local/include/libiptc
bash# cp include/libiptc/libiptc.h /usr/local/include/libiptc
bash# cp include/libiptc/ipt_kernel_headers.h /usr/local/include/libiptc
bash# cp iptables.o /usr/local/lib |
iptables.o is needed above to compile programs to get
rule information from netfilter.
Now you are ready to create programs that can communicate directly with libiptc.