[thirdparty/iptables.git] / INSTALL

Installation instructions for iptables
======================================

iptables uses the well-known configure(autotools) infrastructure.

	$ ./configure
	$ make
	# make install


Prerequisites
=============

	* no kernel-source required

	* but obviously a compiler, glibc-devel and linux-kernel-headers
	  (/usr/include/linux)


Configuring and compiling
=========================

./configure [options]

--prefix=

	The prefix to put all installed files under. It defaults to
	/usr/local, so the binaries will go into /usr/local/bin, sbin,
	manpages into /usr/local/share/man, etc.

--with-xtlibdir=

	The path to where Xtables extensions should be installed to. It
	defaults to ${libdir}/xtables.

--enable-devel (or --disable-devel)

	This option causes development files to be installed to
	${includedir}, which is needed for building additional packages,
	such as Xtables-addons or other 3rd-party extensions.

	It is enabled by default.

--enable-static

	Produce additional binaries, iptables-static/ip6tables-static,
	which have all shipped extensions compiled in.

--disable-shared

	Produce binaries that have dynamic loading of extensions disabled.
	This implies --enable-static.
	(See some details below.)

--enable-libipq

	This option causes libipq to be installed into ${libdir} and
	${includedir}.

--with-ksource=

	Xtables does not depend on kernel headers anymore, but you can
	optionally specify a search path to include anyway. This is
	probably only useful for development.

If you want to enable debugging, use

	./configure CFLAGS="-ggdb3 -O0"

(-O0 is used to turn off instruction reordering, which makes debugging
much easier.)

To show debug traces you can add -DDEBUG to CFLAGS option


Other notes
===========

The make process will automatically build multipurpose binaries.
These have the core (iptables), -save, -restore and -xml code
compiled into one binary, but extensions remain as modules.


Static and shared
=================

Basically there are three configuration modes defined:

 --disable-static --enable-shared (this is the default)

	Build a binary that relies upon dynamic loading of extensions.

 --enable-static --enable-shared

	Build a binary that has the shipped extensions built-in, but
	is still capable of loading additional extensions.

 --enable-static --disable-shared

	Shipped extensions are built-in, and dynamic loading is
	deactivated.
Commit	Line	Data
d31a659e JE	1	Installation instructions for iptables
d31a659e JE	2	======================================
8e3b892c	3
d31a659e	4	iptables uses the well-known configure(autotools) infrastructure.
c5a2ce48	5
d31a659e JE	6	$ ./configure
	7	$ make
	8	# make install
8e3b892c	9
8e3b892c	10
d31a659e JE	11	Prerequisites
d31a659e JE	12	=============
f82070f9	13
d31a659e	14	* no kernel-source required
f82070f9	15
d31a659e JE	16	* but obviously a compiler, glibc-devel and linux-kernel-headers
d31a659e JE	17	(/usr/include/linux)
f82070f9	18
f82070f9	19
d31a659e JE	20	Configuring and compiling
d31a659e JE	21	=========================
429eafb7	22
d31a659e	23	./configure [options]
429eafb7	24
d31a659e	25	--prefix=
7fae6faf	26
d31a659e JE	27	The prefix to put all installed files under. It defaults to
	28	/usr/local, so the binaries will go into /usr/local/bin, sbin,
	29	manpages into /usr/local/share/man, etc.
7fae6faf	30
d31a659e	31	--with-xtlibdir=
8e3b892c	32
d31a659e	33	The path to where Xtables extensions should be installed to. It
411a4e50	34	defaults to ${libdir}/xtables.
d31a659e JE	35
	36	--enable-devel (or --disable-devel)
	37
	38	This option causes development files to be installed to
	39	${includedir}, which is needed for building additional packages,
	40	such as Xtables-addons or other 3rd-party extensions.
	41
	42	It is enabled by default.
	43
b79ec690 JE	44	--enable-static
	45
	46	Produce additional binaries, iptables-static/ip6tables-static,
	47	which have all shipped extensions compiled in.
	48
	49	--disable-shared
	50
	51	Produce binaries that have dynamic loading of extensions disabled.
	52	This implies --enable-static.
	53	(See some details below.)
	54
d31a659e JE	55	--enable-libipq
	56
	57	This option causes libipq to be installed into ${libdir} and
	58	${includedir}.
	59
d31a659e JE	60	--with-ksource=
	61
	62	Xtables does not depend on kernel headers anymore, but you can
	63	optionally specify a search path to include anyway. This is
	64	probably only useful for development.
	65
	66	If you want to enable debugging, use
	67
	68	./configure CFLAGS="-ggdb3 -O0"
f82070f9	69
d31a659e JE	70	(-O0 is used to turn off instruction reordering, which makes debugging
d31a659e JE	71	much easier.)
8e3b892c	72
7c7bf4c1 AP	73	To show debug traces you can add -DDEBUG to CFLAGS option
7c7bf4c1 AP	74
3efb6ead	75
d31a659e JE	76	Other notes
d31a659e JE	77	===========
9dd4cb06	78
d31a659e JE	79	The make process will automatically build multipurpose binaries.
	80	These have the core (iptables), -save, -restore and -xml code
	81	compiled into one binary, but extensions remain as modules.
9dd4cb06	82
b79ec690 JE	83
	84	Static and shared
	85	=================
	86
	87	Basically there are three configuration modes defined:
	88
	89	--disable-static --enable-shared (this is the default)
	90
	91	Build a binary that relies upon dynamic loading of extensions.
	92
	93	--enable-static --enable-shared
	94
	95	Build a binary that has the shipped extensions built-in, but
	96	is still capable of loading additional extensions.
	97
	98	--enable-static --disable-shared
	99
	100	Shipped extensions are built-in, and dynamic loading is
	101	deactivated.