Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 1 | Installation instructions for iptables |
| 2 | ====================================== |
Richard Gooch | 8e3b892 | 2000-04-22 00:57:38 +0000 | [diff] [blame] | 3 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 4 | iptables uses the well-known configure(autotools) infrastructure. |
Harald Welte | c5a2ce4 | 2001-09-02 14:55:36 +0000 | [diff] [blame] | 5 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 6 | $ ./configure |
Jan Engelhardt | f82070f | 2008-01-20 13:14:00 +0000 | [diff] [blame] | 7 | $ make |
| 8 | # make install |
Richard Gooch | 8e3b892 | 2000-04-22 00:57:38 +0000 | [diff] [blame] | 9 | |
Jan Engelhardt | f82070f | 2008-01-20 13:14:00 +0000 | [diff] [blame] | 10 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 11 | Prerequisites |
| 12 | ============= |
Harald Welte | 3efb6ea | 2001-08-06 18:50:21 +0000 | [diff] [blame] | 13 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 14 | * no kernel-source required |
Harald Welte | 3efb6ea | 2001-08-06 18:50:21 +0000 | [diff] [blame] | 15 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 16 | * but obviously a compiler, glibc-devel and linux-kernel-headers |
| 17 | (/usr/include/linux) |
Joszef Kadlecsik | 9dd4cb0 | 2004-06-28 08:09:19 +0000 | [diff] [blame] | 18 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 19 | |
| 20 | Configuring and compiling |
| 21 | ========================= |
| 22 | |
| 23 | ./configure [options] |
| 24 | |
| 25 | --prefix= |
| 26 | |
| 27 | The prefix to put all installed files under. It defaults to |
| 28 | /usr/local, so the binaries will go into /usr/local/bin, sbin, |
| 29 | manpages into /usr/local/share/man, etc. |
| 30 | |
| 31 | --with-xtlibdir= |
| 32 | |
| 33 | The path to where Xtables extensions should be installed to. It |
Jan Engelhardt | 411a4e5 | 2011-07-04 12:44:43 +0200 | [diff] [blame] | 34 | defaults to ${libdir}/xtables. |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 35 | |
| 36 | --enable-devel (or --disable-devel) |
| 37 | |
| 38 | This option causes development files to be installed to |
| 39 | ${includedir}, which is needed for building additional packages, |
| 40 | such as Xtables-addons or other 3rd-party extensions. |
| 41 | |
| 42 | It is enabled by default. |
| 43 | |
Jan Engelhardt | b79ec69 | 2009-07-23 17:41:21 +0200 | [diff] [blame] | 44 | --enable-static |
| 45 | |
| 46 | Produce additional binaries, iptables-static/ip6tables-static, |
| 47 | which have all shipped extensions compiled in. |
| 48 | |
| 49 | --disable-shared |
| 50 | |
| 51 | Produce binaries that have dynamic loading of extensions disabled. |
| 52 | This implies --enable-static. |
| 53 | (See some details below.) |
| 54 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 55 | --enable-libipq |
| 56 | |
| 57 | This option causes libipq to be installed into ${libdir} and |
| 58 | ${includedir}. |
| 59 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 60 | --with-ksource= |
| 61 | |
| 62 | Xtables does not depend on kernel headers anymore, but you can |
| 63 | optionally specify a search path to include anyway. This is |
| 64 | probably only useful for development. |
| 65 | |
| 66 | If you want to enable debugging, use |
| 67 | |
| 68 | ./configure CFLAGS="-ggdb3 -O0" |
| 69 | |
| 70 | (-O0 is used to turn off instruction reordering, which makes debugging |
| 71 | much easier.) |
| 72 | |
Alexey Perevalov | 7c7bf4c | 2013-07-04 11:26:17 +0400 | [diff] [blame] | 73 | To show debug traces you can add -DDEBUG to CFLAGS option |
| 74 | |
Jan Engelhardt | d31a659 | 2008-02-11 14:11:14 +0100 | [diff] [blame] | 75 | |
| 76 | Other notes |
| 77 | =========== |
| 78 | |
| 79 | The make process will automatically build multipurpose binaries. |
| 80 | These have the core (iptables), -save, -restore and -xml code |
| 81 | compiled into one binary, but extensions remain as modules. |
| 82 | |
Jan Engelhardt | b79ec69 | 2009-07-23 17:41:21 +0200 | [diff] [blame] | 83 | |
| 84 | Static and shared |
| 85 | ================= |
| 86 | |
| 87 | Basically there are three configuration modes defined: |
| 88 | |
| 89 | --disable-static --enable-shared (this is the default) |
| 90 | |
| 91 | Build a binary that relies upon dynamic loading of extensions. |
| 92 | |
| 93 | --enable-static --enable-shared |
| 94 | |
| 95 | Build a binary that has the shipped extensions built-in, but |
| 96 | is still capable of loading additional extensions. |
| 97 | |
| 98 | --enable-static --disable-shared |
| 99 | |
| 100 | Shipped extensions are built-in, and dynamic loading is |
| 101 | deactivated. |