summaryrefslogtreecommitdiffstats
path: root/INSTALL
blob: 4a44989e0375aa3651a715828683e7c84a72f169 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
Installation instructions for iptables
======================================

iptables uses the well-known configure(autotools) infrastructure.

	$ ./configure
	$ make
	# make install


Prerequisites
=============

	* no kernel-source required

	* but obviously a compiler, glibc-devel and linux-kernel-headers
	  (/usr/include/linux)


Configuring and compiling
=========================

./configure [options]

--prefix=

	The prefix to put all installed files under. It defaults to
	/usr/local, so the binaries will go into /usr/local/bin, sbin,
	manpages into /usr/local/share/man, etc.

--with-xtlibdir=

	The path to where Xtables extensions should be installed to. It
	defaults to ${prefix}/libexec/xtables.

--enable-devel (or --disable-devel)

	This option causes development files to be installed to
	${includedir}, which is needed for building additional packages,
	such as Xtables-addons or other 3rd-party extensions.

	It is enabled by default.

--enable-libipq

	This option causes libipq to be installed into ${libdir} and
	${includedir}.

--enable-static

	Enable building single standalone multipurpose binaries,
	(iptables-static and ip6tables-static), which contain every
	extension compiled-in (and does not support additional
	extensions).

--with-ksource=

	Xtables does not depend on kernel headers anymore, but you can
	optionally specify a search path to include anyway. This is
	probably only useful for development.

If you want to enable debugging, use

	./configure CFLAGS="-ggdb3 -O0"

(-O0 is used to turn off instruction reordering, which makes debugging
much easier.)


Other notes
===========

The make process will automatically build multipurpose binaries.
These have the core (iptables), -save, -restore and -xml code
compiled into one binary, but extensions remain as modules.

If you want to build a statically linked version of the iptables binary,
without the need for loading the plugins at runtime (e.g. for an
embedded device or router-on-a-disk), you can use the --enable-static
configure flag.