![]() ![]() A number of settings are almost always needed: Or, enable only what is needed and leave the other modules unset. One can setup the IPv6 support category as modular ( ) to be safe and enable almost all Netfilter sub-categories as well. KERNEL Kernel settings for router Networking support -> raw table support (required for TRACE) Router "ipv6header" IPv6 Extension Headers Match IP6 tables support (required for filtering) raw table support (required for NOTRACK/TRACE) IP tables support (required for filtering/masq/NAT) ![]() IPv4 connection tracking support (required for NAT) ![]() "conntrack" connection tracking match support *- Netfilter Xtables support (required for ip_tables) Network packet filtering framework (Netfilter) Network packet filtering framework (Netfilter) -> TCP: MD5 Signature Option support (RFC2385) IP: IPsec BEET mode (obsolete in kernel 5.4) IP: IPsec tunnel mode (obsolete in kernel 5.4) IP: IPsec transport mode (obsolete in kernel 5.4) KERNEL Kernel settings for client Networking support -> In "Network packet filtering framework" only the tables "filter" are needed with connection tracking support and with REJECT target support. This configuration does not provide network address translation or any other high sophisticated features. Kernel configuration required by iptables depends on the intended use case.įor client computers some basic options need to be activated in the kernel. To allow adding rules based on IP filtering like black listing IP addresses based on a live feed, do not forget to add IPSet support to the kernel and merge the net-firewall/ipset package. 2.6.2 Generating firewall rules for serverįirst off, configure the kernel with netfilter support.2.6.1 Generating firewall rules for client. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |