INSTALL

Installation instructions for iptables
======================================

iptables uses the well-known configure(autotools) infrastructure.

	$ ./configure
	$ make
	# make install


Prerequisites
=============

	* no kernel-source required

	* but obviously a compiler, glibc-devel and linux-kernel-headers
	  (/usr/include/linux)


Configuring and compiling
=========================

./configure [options]

--prefix=

	The prefix to put all installed files under. It defaults to
	/usr/local, so the binaries will go into /usr/local/bin, sbin,
	manpages into /usr/local/share/man, etc.

--with-xtlibdir=

	The path to where Xtables extensions should be installed to. It
	defaults to ${libdir}/xtables.

--enable-devel (or --disable-devel)

	This option causes development files to be installed to
	${includedir}, which is needed for building additional packages,
	such as Xtables-addons or other 3rd-party extensions.

	It is enabled by default.

--enable-static

	Produce additional binaries, iptables-static/ip6tables-static,
	which have all shipped extensions compiled in.

--disable-shared

	Produce binaries that have dynamic loading of extensions disabled.
	This implies --enable-static.
	(See some details below.)

--enable-libipq

	This option causes libipq to be installed into ${libdir} and
	${includedir}.

--with-ksource=

	Xtables does not depend on kernel headers anymore, but you can
	optionally specify a search path to include anyway. This is
	probably only useful for development.

If you want to enable debugging, use

	./configure CFLAGS="-ggdb3 -O0"

(-O0 is used to turn off instruction reordering, which makes debugging
much easier.)

To show debug traces you can add -DDEBUG to CFLAGS option


Other notes
===========

The make process will automatically build multipurpose binaries.
These have the core (iptables), -save, -restore and -xml code
compiled into one binary, but extensions remain as modules.


Static and shared
=================

Basically there are three configuration modes defined:

 --disable-static --enable-shared (this is the default)

	Build a binary that relies upon dynamic loading of extensions.

 --enable-static --enable-shared

	Build a binary that has the shipped extensions built-in, but
	is still capable of loading additional extensions.

 --enable-static --disable-shared

	Shipped extensions are built-in, and dynamic loading is
	deactivated.