6. Kernel configuration

6.1. If using iptables

Iptables is actually a user interface tool and depends on the kernel implementation called netfilter. Netfilter includes support only for IPv4 and IPv6, and does not filter any other protocols. Hence if your system should run something like IPX, remember that the protocols other than IPv4 and IPv5 are not going to be filtered according to the iptables rules. User kerne 2.4.18 or above, if possible to have all the new features of netfilter.

Install the iptables software on your system (apt-get install iptables). Once you know that your kernel is configured with netfilter support, you need not worry about it at all. Just remember that iptables need the kernel support from netfilter.

Check if your kernel is configured for supporting iptables. Though most distributions include this support by default, do this quick test as root.

bash# modprobe ip_tables
bash# lsmod | grep ip_tables

If any of the above commands give an error or ip_tables doesn't show up in module listing, you must enable these options in the kernel configuration using make menuconfig or make xmenuconfig

select all these options as modules.

6.2. If using ipchains

Install the desired package on your system (apt-get install ipchains). Have these modules loaded using "insmod" in the startup script for iptables ip_tables, ip_nat_ftp and ip_conntrack_ftp. To check your system startup configuration for iptables or ipchains, cross check with rcconf on debian or chkconfig on RedHat. Select the appropriate module to load on startup. Be sure to select only one of the two.

For 2.4 kernels, follow the instructions as listed for iptables in the above section.

For 2.2 kernels,