FOLLOW THESE STEPS: 0) There may be some outstanding bugfixes or tweaks which are not yet in the official kernel. To look through these, do: % make pending-patches KERNEL_DIR=<> Please note that you have to recompile your kernel and your kernel modules after this step of kernel patching. 1) Next, make the package. % make KERNEL_DIR=<> 2) Finally, you need to to install the shared libraries, and the binary: # make install KERNEL_DIR=<> If you are a developer, you can install the headers, development libraries and associated development man pages, with: # make install-devel That's it! ================================================================ FEELING BRAVE? 1) The netfilter core team is maintaining a set of extensions / new features which are not yet committed to the mainstream kernel tree. They are a collection of maybe-broken maybe-cool third-party extensions. Please note that you cannot apply any combination of any of those patches. Some of them are incompatible... This is why we provide two ways of applying them: If you want to try some extensions, and be sure that they don't break each other, you can do the following: % make most-of-pom KERNEL_DIR=<> It will modify you kernel source (so back it up first!). You will have to recompile / rebuild your kernel and modules. Alternatively, if you really know what your are doing, you can use the following command in order to offer you the full list of choices. Be aware that we don't prevent you from shooting yourself in the foot. % make patch-o-matic KERNEL_DIR=<> ================================================================ PROBLEMS YOU MAY ENCOUNTER: 1) This package requires a 2.4.4 kernel, or above. 2) If you get the kernel directory wrong, you may see a message like: Please try `make KERNEL_DIR=path-to-correct-kernel' 3) If you want to specify alternate directories for installation (instead of /usr/local/ bin lib man), do this: % make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man # make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man install 4) If you want to build a statically linked version of the iptables binary, without the need for loading the plugins at runtime (e.g. for an embedded device or router-on-a-disk), please use % make NO_SHARED_LIBS=1 NOTE: make sure you build with at least the correct LIBDIR= specification, otherwise iptables(8) won't know where to find the dynamic objects.