1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
Installation instructions for iptables
======================================
iptables uses the well-known configure(autotools) infrastructure.
$ ./configure
$ make
# make install
Prerequisites
=============
* no kernel-source required
* but obviously a compiler, glibc-devel and linux-kernel-headers
(/usr/include/linux)
Configuring and compiling
=========================
./configure [options]
--prefix=
The prefix to put all installed files under. It defaults to
/usr/local, so the binaries will go into /usr/local/bin, sbin,
manpages into /usr/local/share/man, etc.
--with-xtlibdir=
The path to where Xtables extensions should be installed to. It
defaults to ${prefix}/libexec/xtables.
--enable-devel (or --disable-devel)
This option causes development files to be installed to
${includedir}, which is needed for building additional packages,
such as Xtables-addons or other 3rd-party extensions.
It is enabled by default.
--enable-libipq
This option causes libipq to be installed into ${libdir} and
${includedir}.
--enable-static
Enable building single standalone multipurpose binaries,
(iptables-static and ip6tables-static), which contain every
extension compiled-in (and does not support additional
extensions).
--with-ksource=
Xtables does not depend on kernel headers anymore, but you can
optionally specify a search path to include anyway. This is
probably only useful for development.
If you want to enable debugging, use
./configure CFLAGS="-ggdb3 -O0"
(-O0 is used to turn off instruction reordering, which makes debugging
much easier.)
Other notes
===========
The make process will automatically build multipurpose binaries.
These have the core (iptables), -save, -restore and -xml code
compiled into one binary, but extensions remain as modules.
If you want to build a statically linked version of the iptables binary,
without the need for loading the plugins at runtime (e.g. for an
embedded device or router-on-a-disk), you can use the --enable-static
configure flag.
|