FOLLOW THESE STEPS: 0) There may be some outstanding bugfixes or tweaks which are not yet in the official kernel. To look through these, do: % make pending-patches KERNEL_DIR=<> 1) Next, make the package. % make KERNEL_DIR=<> 2) Finally, you need to to install the shared libraries, and the binary: # make install KERNEL_DIR=<> If you are a developer, you can install the libipq headers, like: # make install-devel That's it! ================================================================ FEELING BRAVE? 1) The netfilter core team is maintaining a set of extensions / new features which are not yet committed to the mainstream kernel tree. If you want to try some extensions, you can do the following: % make patch-o-matic KERNEL_DIR=<> This offers you a collection of maybe-broken maybe-cool third-party extensions. It will modify you kernel source (so back it up first!). Most of them will require you to recompile / rebuild your kernel and modules. ================================================================ PROBLEMS YOU MAY ENCOUNTER: 1) This package requires a 2.4.4 kernel, or above. 2) If you get the kernel directory wrong, you may see a message like: Please try `make KERNEL_DIR=path-to-correct-kernel' 3) If you want to specify alternate directories for installation (instead of /usr/local/ bin lib man), do this: % make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man # make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man install 4) If you want to build a statically linked version of the iptables binary, without the need for loading the plugins at runtime (e.g. for an embedded device or router-on-a-disk), please use % make NO_SHARED_LIBS=1 NOTE: make sure you build with at least the correct LIBDIR= specification, otherwise iptables(8) won't know where to find the dynamic objects.