Книга: Linux Network Administrator Guide, Second Edition
Kernel Configured with IP Firewall
Kernel Configured with IP Firewall
The Linux kernel must be configured to support IP firewalling. There isn't much more to it than selecting the appropriate options when performing a make menuconfig of your kernel.[60] We described how to do this is in Chapter 3, Configuring the Networking Hardware". In 2.2 kernels you should select the following options:
Networking options --->
[*] Network firewalls
[*] TCP/IP networking
[*] IP: firewalling
[*] IP: firewall packet logging
In kernels 2.4.0 and later you should select this option instead:
Networking options --->
[*] Network packet filtering (replaces ipchains)
IP: Netfilter Configuration --->
.
<M> Userspace queueing via NETLINK (EXPERIMENTAL)
<M> IP tables support (required for filtering/masq/NAT)
<M> limit match support
<M> MAC address match support
<M> netfilter MARK match support
<M> Multiple port match support
<M> TOS match support
<M> Connection state match support
<M> Unclean match support (EXPERIMENTAL)
<M> Owner match support (EXPERIMENTAL)
<M> Packet filtering
<M> REJECT target support
<M> MIRROR target support (EXPERIMENTAL)
.
<M> Packet mangling
<M> TOS target support
<M> MARK target support
<M> LOG target support
<M> ipchains (2.2-style) support
<M> ipfwadm (2.0-style) support
- Chapter 13. rc.firewall file
- Using Double Quotes to Resolve Variables in Strings with Embedded Spaces
- Kernel setup
- Drawbacks with restore
- example rc.firewall
- explanation of rc.firewall
- rc.firewall.txt script structure
- rc.firewall.txt
- rc.DMZ.firewall.txt
- rc.DHCP.firewall.txt
- rc.UTIN.firewall.txt
- Turtle Firewall Project