extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-16 11:44:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
CVSROOT
Lrp
STABLE
documentation
_themes
images
6to4.htm
Accounting.html
CorpNetwork.htm
Documentation.htm
Documentation_Index.htm
ECN.html
FAQ.htm
FTP.html
Forum.html
GenericTunnels.html
GnuCopyright.htm
IPIP.htm
IPSEC.htm
Install.htm
MAC_Validation.html
NAT.htm
News.htm
OPENVPN.html
PPTP.htm
ProxyARP.htm
SeattleInTheSpring.html
Shorewall_Banner.htm
Shorewall_CA_html.html
Shorewall_CVS_Access.html
Shorewall_Doesnt.html
Shorewall_Squid_Usage.html
Shorewall_and_Aliased_Interfaces.html
Shorewall_index_frame.htm
Shorewall_sfindex_frame.htm
UserSets.html
VPN.htm
backup.shorewall_quickstart_guide.htm
blacklisting_support.htm
configuration_file_basics.htm
copyright.htm
dhcp.htm
download.htm
errata.htm
errata_1.htm
errata_2.htm
errata_3.html
fallback.htm
gnu_mailman.htm
index.htm
kernel.htm
mailing_list.htm
myfiles.htm
ping.html
ports.htm
quotes.htm
samba.htm
seattlefirewall_index.htm
sfindex.htm
shoreline.htm
shorewall_extension_scripts.htm
shorewall_features.htm
shorewall_firewall_structure.htm
shorewall_index.htm
shorewall_logging.html
shorewall_mailing_list_migration.htm
shorewall_mirrors.htm
shorewall_prerequisites.htm
shorewall_quickstart_guide.htm
shorewall_setup_guide.htm
shorewall_setup_guide_fr.htm
sourceforge_index.htm
spam_filters.htm
standalone.htm
standalone_fr.html
starting_and_stopping_shorewall.htm
subnet_masks.htm
support.htm
three-interface.htm
three-interface_fr.html
traffic_shaping.htm
troubleshoot.htm
two-interface.htm
two-interface_fr.html
upgrade_issues.htm
useful_links.html
whitelisting_under_shorewall.htm
COPYING
INSTALL
blacklist
changelog.txt
common.def
ecn
fallback.sh
firewall
functions
hosts
icmp.def
init
init.sh
install.sh
interfaces
maclist
masq
modules
nat
params
policy
proxyarp
releasenotes.txt
rfc1918
routestopped
rules
shorewall
shorewall.conf
shorewall.spec
start
stop
stopped
tcrules
tos
tunnel
tunnels
uninstall.sh
zones
Samples
Shorewall
Shorewall-docs
16a59e612745cda94d87d69d9c283b537abaa57c
shorewall_code/STABLE/documentation/kernel.htm
teastep dbfc838988 Shorewall 1.4.8 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@789 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-17 21:06:32 +00:00

82 lines
4.1 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<title>Shorewall Kernel Configuration</title>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>
<body>
<h1 style="text-align: center;">Kernel Configuration<br>
</h1>
<p>For information regarding configuring and building GNU/Linux
kernels, see
<a href="http://www.kernelnewbies.org">http://www.kernelnewbies.org</a>.</p>
<p>Here's a screen shot of my Network Options Configuration:</p>
<blockquote>
<p>&nbsp;<img border="0" src="images/netopts.jpg" width="609"
height="842"> </p>
</blockquote>
<p>While not all of the options that I've selected are required, they
should be sufficient for most applications. Here's an excerpt from the
corresponding .config file (Note: If you are running a kernel older
than 2.4.17, be sure to select CONFIG_NETLINK and CONFIG_RTNETLINK):</p>
<blockquote> <font size="2">
<p>#<br>
# Networking options<br>
#<br>
CONFIG_PACKET=y<br>
# CONFIG_PACKET_MMAP is not set<br>
# CONFIG_NETLINK_DEV is not set<br>
CONFIG_NETFILTER=y<br>
# CONFIG_NETFILTER_DEBUG is not set<br>
CONFIG_FILTER=y<br>
CONFIG_UNIX=y<br>
CONFIG_INET=y<br>
CONFIG_IP_MULTICAST=y<br>
CONFIG_IP_ADVANCED_ROUTER=y<br>
CONFIG_IP_MULTIPLE_TABLES=y<br>
CONFIG_IP_ROUTE_FWMARK=y<br>
CONFIG_IP_ROUTE_NAT=y<br>
CONFIG_IP_ROUTE_MULTIPATH=y<br>
CONFIG_IP_ROUTE_TOS=y<br>
CONFIG_IP_ROUTE_VERBOSE=y<br>
# CONFIG_IP_ROUTE_LARGE_TABLES is not set<br>
# CONFIG_IP_PNP is not set<br>
CONFIG_NET_IPIP=y<br>
CONFIG_NET_IPGRE=y<br>
# CONFIG_NET_IPGRE_BROADCAST is not set<br>
# CONFIG_IP_MROUTE is not set<br>
# CONFIG_ARPD is not set<br>
CONFIG_INET_ECN=y<br>
CONFIG_SYN_COOKIES=y<br>
</p>
</font> </blockquote>
<p>Here's a screen shot of my Netfilter configuration:</p>
<blockquote>
<p><img src="images/menuconfig1.jpg" alt="(Netfilter Options)"
width="589" height="849"> <br>
</p>
</blockquote>
<p>Note that I have built everything I need as modules. You can also
build
everything into your kernel but if you want to be able to deal with FTP
running
on a non-standard port then I recommend that you modularize FTP
Protocol
support.<br>
</p>
<p>Here's the corresponding part of my .config file:<br>
</p>
<blockquote>
<pre>#<br>#&nbsp;&nbsp; IP: Netfilter Configuration<br>#<br>CONFIG_IP_NF_CONNTRACK=m<br>CONFIG_IP_NF_FTP=m<br>CONFIG_IP_NF_AMANDA=m<br>CONFIG_IP_NF_TFTP=m<br># CONFIG_IP_NF_IRC is not set<br># CONFIG_IP_NF_QUEUE is not set<br>CONFIG_IP_NF_IPTABLES=m<br>CONFIG_IP_NF_MATCH_LIMIT=m<br>CONFIG_IP_NF_MATCH_MAC=m<br>CONFIG_IP_NF_MATCH_PKTTYPE=m<br>CONFIG_IP_NF_MATCH_MARK=m<br>CONFIG_IP_NF_MATCH_MULTIPORT=m<br>CONFIG_IP_NF_MATCH_TOS=m<br>CONFIG_IP_NF_MATCH_ECN=m<br>CONFIG_IP_NF_MATCH_DSCP=m<br>CONFIG_IP_NF_MATCH_AH_ESP=m<br>CONFIG_IP_NF_MATCH_LENGTH=m<br># CONFIG_IP_NF_MATCH_TTL is not set<br>CONFIG_IP_NF_MATCH_TCPMSS=m<br>CONFIG_IP_NF_MATCH_HELPER=m<br>CONFIG_IP_NF_MATCH_STATE=m<br>CONFIG_IP_NF_MATCH_CONNTRACK=m<br>CONFIG_IP_NF_MATCH_UNCLEAN=m<br># CONFIG_IP_NF_MATCH_OWNER is not set<br>CONFIG_IP_NF_FILTER=m<br>CONFIG_IP_NF_TARGET_REJECT=m<br># CONFIG_IP_NF_TARGET_MIRROR is not set<br>CONFIG_IP_NF_NAT=m<br>CONFIG_IP_NF_NAT_NEEDED=y<br>CONFIG_IP_NF_TARGET_MASQUERADE=m<br>CONFIG_IP_NF_TARGET_REDIRECT=m<br>CONFIG_IP_NF_NAT_AMANDA=m<br>CONFIG_IP_NF_NAT_LOCAL=y<br># CONFIG_IP_NF_NAT_SNMP_BASIC is not set<br>CONFIG_IP_NF_NAT_FTP=m<br>CONFIG_IP_NF_NAT_TFTP=m<br>CONFIG_IP_NF_MANGLE=m<br>CONFIG_IP_NF_TARGET_TOS=m<br>CONFIG_IP_NF_TARGET_ECN=m<br>CONFIG_IP_NF_TARGET_DSCP=m<br>CONFIG_IP_NF_TARGET_MARK=m<br>CONFIG_IP_NF_TARGET_LOG=m<br>CONFIG_IP_NF_TARGET_ULOG=m<br>CONFIG_IP_NF_TARGET_TCPMSS=m<br>CONFIG_IP_NF_ARPTABLES=m<br>CONFIG_IP_NF_ARPFILTER=m<br># CONFIG_IP_NF_COMPAT_IPCHAINS is not set<br># CONFIG_IP_NF_COMPAT_IPFWADM is not set<br></pre>
</blockquote>
<p><font size="2">Last updated 7/20/2003 - </font><font size="2"> <a
href="support.htm">Tom Eastep</a></font> </p>
<a href="copyright.htm"><font size="2">Copyright</font> <20> <font
size="2">2001-2003,&nbsp; Thomas M. Eastep.</font></a><br>
<br>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink