FOLLOW THESE STEPS: 0) There may be some outstanding bugfixes or tweaks which are not yet in the official kernel. Those are now (as of iptables-1.2.7) kept in a seperate package, called patch-o-matic. It is available from ftp://ftp.netfilter.org/pub/patch-o-matic/ 1) Next, make the package. If you use a standard distribution kernel, just run ./configure. If you want to build against an own kernel tree: $ ./configure --with-kernel=/home/jengelh/mykernel or whereever you put it. If you are using a dedicated kernel build directory, you use: $ ./configure --with-kbuild=<> --with-ksource=<> 2) Finally, you need to install the binaries and shared libraries: # make install That's it! ================================================================ PROBLEMS YOU MAY ENCOUNTER: 1) This package requires a 2.4.4 kernel, or above. 2) If you get the kernel directory wrong, you may get compile failures. 3) If you want to specify alternate directories for installation (instead of /usr/local/ bin lib man), do this: $ ./configure --prefix=/usr $ make # make install 4) The make process will automatically build a multipurpose binary under the names iptables-multi and ip6tables-multi. 5) If you want to build a statically linked version of the iptables binary, without the need for loading the plugins at runtime (e.g. for an embedded device or router-on-a-disk), please use $ ./configure --enable-static which will build both a semi-static multi binary (iptables-mtss, uses libc but not plugins) and a fully static multi binary (iptables-static). 6) If you want to install libipq (old interface), add --enable-devel to ./configure.