Blob Blame History Raw
Installation instructions for iptables

iptables uses the well-known configure(autotools) infrastructure.

	$ ./configure
	$ make
	# make install


	* no kernel-source required

	* but obviously a compiler, glibc-devel and linux-kernel-headers

Configuring and compiling

./configure [options]


	The prefix to put all installed files under. It defaults to
	/usr/local, so the binaries will go into /usr/local/bin, sbin,
	manpages into /usr/local/share/man, etc.


	The path to where Xtables extensions should be installed to. It
	defaults to ${libdir}/xtables.

--enable-devel (or --disable-devel)

	This option causes development files to be installed to
	${includedir}, which is needed for building additional packages,
	such as Xtables-addons or other 3rd-party extensions.

	It is enabled by default.


	Produce additional binaries, iptables-static/ip6tables-static,
	which have all shipped extensions compiled in.


	Produce binaries that have dynamic loading of extensions disabled.
	This implies --enable-static.
	(See some details below.)


	This option causes libipq to be installed into ${libdir} and


	Xtables does not depend on kernel headers anymore, but you can
	optionally specify a search path to include anyway. This is
	probably only useful for development.

If you want to enable debugging, use

	./configure CFLAGS="-ggdb3 -O0"

(-O0 is used to turn off instruction reordering, which makes debugging
much easier.)

To show debug traces you can add -DDEBUG to CFLAGS option

Other notes

The make process will automatically build multipurpose binaries.
These have the core (iptables), -save, -restore and -xml code
compiled into one binary, but extensions remain as modules.

Static and shared

Basically there are three configuration modes defined:

 --disable-static --enable-shared (this is the default)

	Build a binary that relies upon dynamic loading of extensions.

 --enable-static --enable-shared

	Build a binary that has the shipped extensions built-in, but
	is still capable of loading additional extensions.

 --enable-static --disable-shared

	Shipped extensions are built-in, and dynamic loading is