لطفا منتظر باشید ...
7.6. Setting Up Linux for Firewalling
The Linux kernel must be configured to
support IP firewalling. There isn't much more to it
than selecting the appropriate options when performing:
# make menuconfigof your kernel.[2] In 2.4 kernels you should select the
following options:[2] Firewall packet logging is a special
feature that writes a line of information about each datagram that
matches a particular firewall rule out to a special device so you can
see them.
Networking options --->
[*] Network packet filtering (replaces ipchains)
IP: Netfilter Configuration --->
.
<M> Userspace queueing via NETLINK (EXPERIMENTAL)
<M> IP tables support (required for filtering/masq/NAT)
<M> limit match support
<M> MAC address match support
<M> netfilter MARK match support
<M> Multiple port match support
<M> TOS match support
<M> Connection state match support
<M> Unclean match support (EXPERIMENTAL)
<M> Owner match support (EXPERIMENTAL)
<M> Packet filtering
<M> REJECT target support
<M> MIRROR target support (EXPERIMENTAL)
.
<M> Packet mangling
<M> TOS target support
<M> MARK target support
<M> LOG target support
<M> ipchains (2.2-style) support
<M> ipfwadm (2.0-style) support
7.6.1. Loading the Kernel Module
Before you can use the iptables command, you must load the
netfilter kernel module that provides support
for it. The easiest way to do this is to use the
modprobe command as follows:
# modprobe ip_tables
7.6.2. Backward Compatibility with ipfwadm and ipchains
The remarkable flexibility of Linux
netfilter is illustrated by its ability to
emulate the ipfwadm and
ipchains interfaces. Emulation makes the initial
transition to the new generation of firewall software much easier
(although you'd want to rewrite your rules as
iptables eventually).
The two
netfilter kernel modules called
ipfwadm.o and ipchains.o
provide backward compatibility for ipfwadm and
ipchains. You may load only one of these modules
at a time, and use one only if the ip_tables.o
module is not loaded. When the appropriate module is loaded,
netfilter works exactly like the former firewall
implementation.netfilter mimics the
ipchains interface with the following commands:
# rmmod ip_tables
# modprobe ipchains
# ipchains options
7.6. Setting Up Linux for Firewalling
The Linux kernel must be configured to
support IP firewalling. There isn't much more to it
than selecting the appropriate options when performing:
# make menuconfigof your kernel.[2] In 2.4 kernels you should select the
following options:[2] Firewall packet logging is a special
feature that writes a line of information about each datagram that
matches a particular firewall rule out to a special device so you can
see them.
Networking options --->
[*] Network packet filtering (replaces ipchains)
IP: Netfilter Configuration --->
.
<M> Userspace queueing via NETLINK (EXPERIMENTAL)
<M> IP tables support (required for filtering/masq/NAT)
<M> limit match support
<M> MAC address match support
<M> netfilter MARK match support
<M> Multiple port match support
<M> TOS match support
<M> Connection state match support
<M> Unclean match support (EXPERIMENTAL)
<M> Owner match support (EXPERIMENTAL)
<M> Packet filtering
<M> REJECT target support
<M> MIRROR target support (EXPERIMENTAL)
.
<M> Packet mangling
<M> TOS target support
<M> MARK target support
<M> LOG target support
<M> ipchains (2.2-style) support
<M> ipfwadm (2.0-style) support
7.6.1. Loading the Kernel Module
Before you can use the iptables command, you must load the
netfilter kernel module that provides support
for it. The easiest way to do this is to use the
modprobe command as follows:
# modprobe ip_tables
7.6.2. Backward Compatibility with ipfwadm and ipchains
The remarkable flexibility of Linux
netfilter is illustrated by its ability to
emulate the ipfwadm and
ipchains interfaces. Emulation makes the initial
transition to the new generation of firewall software much easier
(although you'd want to rewrite your rules as
iptables eventually).
The two
netfilter kernel modules called
ipfwadm.o and ipchains.o
provide backward compatibility for ipfwadm and
ipchains. You may load only one of these modules
at a time, and use one only if the ip_tables.o
module is not loaded. When the appropriate module is loaded,
netfilter works exactly like the former firewall
implementation.netfilter mimics the
ipchains interface with the following commands:
# rmmod ip_tables
# modprobe ipchains
# ipchains options
