LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Slackware 12 Bob's Firewall modules needed or not in installation? (http://www.linuxquestions.org/questions/slackware-14/slackware-12-bobs-firewall-modules-needed-or-not-in-installation-687364/)

bapigoo9 12-01-2008 01:13 AM

Slackware 12 Bob's Firewall modules needed or not in installation?
 
From Alien Bob's Firewall for Slackware: http://www.slackware.com/~alien/efg

There are a lot of various modules added to the kernel with modprobe. For the SMP kernel for Slackware 12, a 2.6.24.x kernel, what modules are needed for the Firewall with iptables?

How does iptables react if you do not have the needed module and you have a rule that uses that netfilter? Such as, if you have rule to log and drop invalid packets, but do not have the "ipt_unclean" module?

There are some modules that are not in the installtion for Slackware 12 (full install). Such as: multiport, ipt_unclean, ...
Are these modules needed, and where do you get them from?

JazzItSelf 12-01-2008 11:25 PM

I believe all of the modules iptables would ever use are a part of the kernel source tree. You'd have to build and install them yourself. The process is similar to building a custom kernel.

If I remember correctly, if you don't have a required module built and installed, iptables spits up an error at you. Since each rule is entered as a separate command, one rule failing doesn't prevent other rules from being added (unless they depend on the failed rule).

bapigoo9 12-02-2008 01:46 AM

This brings up another question, related to the original post. Are any of these modules built into the Slackware kernel?

H_TeXMeX_H 12-02-2008 02:25 AM

AFAIK, all the modules are available in the stock Slackware kernel. So the firewall will work if you just copy and paste the output of the EFG into '/etc/rc.d/rc.firewall' and make it executable.

brianL 12-02-2008 06:14 AM

Quote:

Originally Posted by H_TeXMeX_H (Post 3361417)
AFAIK, all the modules are available in the stock Slackware kernel. So the firewall will work if you just copy and paste the output of the EFG into '/etc/rc.d/rc.firewall' and make it executable.

Yes. That's what I did, and it works OK.

bgeddy 12-02-2008 08:15 AM

Quote:

Are any of these modules built into the Slackware kernel?
Just have a look ! Run this
Code:

zcat proc/config.gz > ~/myconfig
to get a copy of the running kernel to ~/myconfig. Then edit ~/myconfig and search for IPT to get to the iptables bits.

I've never needed any additional modules with my experience with iptables - but that's not extensive.

I've had a look at a firewall script generated from EFG and note it says this :
Code:

# Unless you have kernel module auto-loading disabled, you should not
# need to manually load each of these modules.  Other than ip_tables,
# ip_conntrack, and some of the optional modules, I've left these
# commented by default.  Uncomment if you have any problems or if
# you have disabled module autoload.  Note that some modules must
# be loaded by another kernel module.

As stated I believe that an error will be generated if functionality is used that either isn't in the kernel or a module doesn't exist.

Mind you, looking at the .config from the generic kernel seems to have everything relevant built so I'm sure this won't be a problem.


All times are GMT -5. The time now is 05:11 AM.