Slackware 12 Bob's Firewall modules needed or not in installation?

bapigoo9 · 12-01-2008, 12:13 AM

From Alien Bob's Firewall for Slackware: http://www.slackware.com/~alien/efg

There are a lot of various modules added to the kernel with modprobe. For the SMP kernel for Slackware 12, a 2.6.24.x kernel, what modules are needed for the Firewall with iptables?

How does iptables react if you do not have the needed module and you have a rule that uses that netfilter? Such as, if you have rule to log and drop invalid packets, but do not have the "ipt_unclean" module?

There are some modules that are not in the installtion for Slackware 12 (full install). Such as: multiport, ipt_unclean, ...
Are these modules needed, and where do you get them from?

JazzItSelf · 12-01-2008, 10:25 PM

I believe all of the modules iptables would ever use are a part of the kernel source tree. You'd have to build and install them yourself. The process is similar to building a custom kernel.

If I remember correctly, if you don't have a required module built and installed, iptables spits up an error at you. Since each rule is entered as a separate command, one rule failing doesn't prevent other rules from being added (unless they depend on the failed rule).

bapigoo9 · 12-02-2008, 12:46 AM

This brings up another question, related to the original post. Are any of these modules built into the Slackware kernel?

H_TeXMeX_H · 12-02-2008, 01:25 AM

AFAIK, all the modules are available in the stock Slackware kernel. So the firewall will work if you just copy and paste the output of the EFG into '/etc/rc.d/rc.firewall' and make it executable.

brianL · 12-02-2008, 05:14 AM

Quote:

Originally Posted by H_TeXMeX_H

AFAIK, all the modules are available in the stock Slackware kernel. So the firewall will work if you just copy and paste the output of the EFG into '/etc/rc.d/rc.firewall' and make it executable.

Yes. That's what I did, and it works OK.

bgeddy · 12-02-2008, 07:15 AM

Quote:

Are any of these modules built into the Slackware kernel?

Just have a look ! Run this

Code:

zcat proc/config.gz > ~/myconfig

to get a copy of the running kernel to ~/myconfig. Then edit ~/myconfig and search for IPT to get to the iptables bits.

I've never needed any additional modules with my experience with iptables - but that's not extensive.

I've had a look at a firewall script generated from EFG and note it says this :

Code:

# Unless you have kernel module auto-loading disabled, you should not
# need to manually load each of these modules.  Other than ip_tables,
# ip_conntrack, and some of the optional modules, I've left these
# commented by default.  Uncomment if you have any problems or if
# you have disabled module autoload.  Note that some modules must
# be loaded by another kernel module.

As stated I believe that an error will be generated if functionality is used that either isn't in the kernel or a module doesn't exist.

Mind you, looking at the .config from the generic kernel seems to have everything relevant built so I'm sure this won't be a problem.