# Configuring iptables: menuconfig

## tsferreira

I am trying to install iptables which I used already under a different distribution. I am completely new to Gentoo and I know very little about  Linux modules etc, so that I followed the document "HOWTO Iptables for newbies" (Quick start) at:

http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A//gentoo-wiki.com/HOWTO_Iptables_for_newbies&ei=VFW9Q7KXNaDc4QGoh7TRDg&sig2=hahDI2qhiVtQVyl-v3THqQ

According to this document, when I execute "make menuconfig", I should find:

         Network Packet Filtering (replace Ipchains)--->

               Netfilter Configuration

and enable all options as modules. However what I found is:

         [  ] Network Packet Filtering (replace Ipchains)--->

                  DCCP Configuration (EXPERIMENTAL) --->

                  SCTP Configuration (EXPERIMENTAL) --->

Each of these two possible configurations can be as a module, or "[  ]Network Packet Filtering (replace Ipchains)" can be marked as "built-in". 

What is the right (or best) choice?

-- tsf

----------

## desultory

Highlight 'Network Packet Filtering (replace Ipchains)--->', press Enter.  You should be able to figure out the rest.

----------

## tsferreira

I did highlight  'Network Packet Filtering (replace Ipchains)--->' and pressed Enter, and then I got the two configuration choices I mentioned and about which I don't know what to do   :Sad: .

-- tsf

----------

## desultory

Select 'Network Packet Filtering (replace Ipchains)--->' press space, an asterisk will appear between the square brackets, then press Enter.

----------

## tsferreira

OK, now I get a huge number of choices to be made, and I don't know anything about them. Isn't there a simple way of saying I want the basic iptables?

----------

## pjp

Moved from Other Things Gentoo

----------

## desultory

What do you mean by 'basic iptables'?

Lacking matching modules (builtin or not) you will not really have that much at your disposal.  Unless you know what you are doing, it may well be best to just select everything that is not marked as experimental, find some package you can use to manage your iptables for you and just let it use what you happen to need at the time.

Edit: typo fix.Last edited by desultory on Fri Jan 06, 2006 6:40 pm; edited 1 time in total

----------

## kpep01

Once you've said "yes" to Network Packet Filtering, hit enter (which I think you've already done). While there are a few things that I've selected in this next menu that I probably don't need, what I do know that I need to do is to scroll down and select IP: Netfilter Configuration. You'll be greeted with an even longer menu of things that need to be compiled into the kernel to get anything worthwhile out of IPTables.

Myself, I selected almost everything (only two items in this menu were not selected). Some of the stuff I still need to learn to use, but, other things are needed to get the most out of IPTables.

Once you've finished this, compiled the new kernel, etc. (and of course, rebooted the box using the new kernel configuration) you'll be able to start playing with IPTables.

There really is no such thing as a "basic IPTables." Just because the kernel is configured and IPTables emerged doesn't mean that you don't still have to set your firewall rules. With no firewall rules set, you'll have no firewall under IPTables.

I'm a newbie myself, but, IPTables was one of the first things I tackled learning. Though it's a bit out of date, one of the best sources for learning how to set up Netfilter rules (in my own estimation) is found at http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutorial/iptables-tutorial.html.

I'm reasonably sure I have decent firewall rules, since I never find anything weird when reviewing tripwire reports, nor any of the other various logs I have available to insure security. Someday, though, it would be fun to have someone more knowledgable than myself take a look at my rules so that I can perhaps find out what I'm missing and where I've left myself exposed.

Configuring the kernal for Netfilter is the easy part. Setting the firewall rules takes some time and some study.

In the interim, you might want to consider emerging a decent "boxed" firewall to insure that you have some protection. Also, a good integrity checker such as Tripwire will add some measure of protectioning your system against poorly written rules (self-configured or otherwise).

There are many different ways under different systems to save you firewall rules. Under Gentoo, the following works perfectly:

```
/etc/init.d/iptables save

/etc/init.d/iptables [start, stop, restart]  # depending upon if it's a first start, or if you've rewritten your rules, etc.
```

I hope this is helpful in getting yourself going. Tis a task to learn this stuff, but, the enjoyment of having the best computer in the 'hood more than makes up for the (most enjoyable) learning process required.

----------

## tsferreira

Thanks for your very comprehensive reply -- I will try to follow your suggestions. My main problem so far was to make the iptables modules work. I have some experience with the firewall rules which I used under a Fedora distribution.

-- tsf

----------

## kpep01

Es Nada. Though still a rank newbie, that which i can do is within the spirit of the OS.

----------

