FOLLOW THESE STEPS:
0) There may be some outstanding bugfixes or tweaks which are not yet
in the official kernel. To look through these, do:
% make pending-patches KERNEL_DIR=<<where-your-kernel-is>>
Please note that you have to recompile your kernel and your kernel modules
after this step of kernel patching.
1) Next, make the package.
% make KERNEL_DIR=<<where-your-kernel-is>>
2) Finally, you need to to install the shared libraries, and the binary:
# make install KERNEL_DIR=<<where-your-kernel-is>>
If you are a developer, you can install the header files, like:
# make install-devel
1) The netfilter core team is maintaining a set of extensions / new
features which are not yet committed to the mainstream kernel tree.
They are a collection of maybe-broken maybe-cool third-party extensions.
Please note that you cannot apply any combination of any of those patches.
Some of them are incompatible...
This is why we provide two ways of applying them:
If you want to try some extensions, and be sure that they don't break each
other, you can do the following:
% make most-of-pom KERNEL_DIR=<<where-your-kernel-is>>
It will modify you kernel source (so back it up first!). You will have
to recompile / rebuild your kernel and modules.
Alternatively, if you really know what your are doing, you can use the
following command in order to offer you the full list of choices. Be aware
that we don't prevent you from shooting yourself in the foot.
% make patch-o-matic KERNEL_DIR=<<where-your-kernel-is>>
PROBLEMS YOU MAY ENCOUNTER:
1) This package requires a 2.4.4 kernel, or above.
2) If you get the kernel directory wrong, you may see a message like:
Please try `make KERNEL_DIR=path-to-correct-kernel'
3) If you want to specify alternate directories for installation
(instead of /usr/local/ bin lib man), do this:
% make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man
# make BINDIR=/usr/bin LIBDIR=/usr/lib MANDIR=/usr/man install
4) If you want to build a statically linked version of the iptables binary,
without the need for loading the plugins at runtime (e.g. for an embedded
device or router-on-a-disk), please use
% make NO_SHARED_LIBS=1
NOTE: make sure you build with at least the correct LIBDIR=
specification, otherwise iptables(8) won't know where to find the