9. Installing iptables + libiptc

To install libiptc follow these steps:

  1. Download iptables-1.2.6.tar.bz2 from http://netfilter.samba.org/.

  2. Copy the iptables tar file into /usr/local/src:

    bash# cp iptables-1.2.6.tar.bz2 /usr/local/src
  3. Unpack:

    bash# tar xjvf iptables-1.2.6.tar.bz2
  4. Go into the iptables directory:

    bash# cd iptables-1.2.6
  5. Check to see if your kernel needs some aditional patches with:

    bash# make pending-patches KERNEL_DIR=/usr/src/linux

    If your kernel source is located somewhere other than in /usr/src/linux, replace the kernel source directory in the command line above with your source directory.

    Be careful with this option. This command invokes patch-o-matic, a new patch verification utility by Rusty Russell. The utility will show you a list of new patches (some proposed, some submitted, some accepted) available for your kernel source. As Rusty himself says, "Some of these new patches have bugs", and you do not have to apply all of them.

    Read the information showed for each patch carefully and answer with y (apply the patch) or N (skip this patch). In some cases answering y will try to apply the patch, but if the patch finds some differences between your sources, it will be skipped and the next new one presented.

    I did not apply any of the proposed patches and kept my kernel in its original state before continuing to the next step.

  6. Make the iptables package with:

    bash# make KERNEL_DIR=/usr/src/linux

    Again, if your kernel source is not at /usr/src/linux, replace the kernel source directory in the command above.

    If all goes right the compiler will finish without errors.

  7. Before the next step, check to see if you have installed iptables package by typing:

    bash# rpm -q iptables

    If the iptables rpm is installed, you will see the name and version of the package, similar to:

    iptables-1.1.2-13

    In this case un-install with:

    bash# rpm -e iptables
  8. Install the new created package:

    bash# make install KERNEL_DIR=/usr/src/linux

    Again, check your kernel source directory.

    This command will install the binaries (iptables, iptables-save, iptables-restore) in /usr/local/sbin, the manuals in /usr/local/man/man8 and the modules in /usr/local/lib/iptables.

  9. Finally install the headers, development libraries and associated development man pages, with:

    bash# make install-devel

    This command will install the libiptc library in /usr/local/lib.

    I think something must be wrong with this command. It does not install all headers files properly, so you must install them yourself using:

    bash# cd /usr/local/src/iptables-1.2.6
    bash# cp include/iptables.h /usr/local/include
    bash# cp include/iptables_common.h /usr/local/include
    bash# mkdir /usr/local/include/libiptc
    bash# cp include/libiptc/libiptc.h /usr/local/include/libiptc
    bash# cp include/libiptc/ipt_kernel_headers.h /usr/local/include/libiptc
    bash# cp iptables.o /usr/local/lib

    iptables.o is needed above to compile programs to get rule information from netfilter.

    Now you are ready to create programs that can communicate directly with libiptc.