Installation instructions for iptables
iptables uses the well-known configure(autotools) infrastructure.
$ ./configure
$ make
# make install
* no kernel-source required
* but obviously a compiler, glibc-devel and linux-kernel-headers
Configuring and compiling
./configure [options]
The prefix to put all installed files under. It defaults to
/usr/local, so the binaries will go into /usr/local/bin, sbin,
manpages into /usr/local/share/man, etc.
The path to where Xtables extensions should be installed to. It
defaults to ${libdir}/xtables.
--enable-devel (or --disable-devel)
This option causes development files to be installed to
${includedir}, which is needed for building additional packages,
such as Xtables-addons or other 3rd-party extensions.
It is enabled by default.
Produce additional binaries, iptables-static/ip6tables-static,
which have all shipped extensions compiled in.
Produce binaries that have dynamic loading of extensions disabled.
This implies --enable-static.
(See some details below.)
This option causes libipq to be installed into ${libdir} and
Xtables does not depend on kernel headers anymore, but you can
optionally specify a search path to include anyway. This is
probably only useful for development.
If you want to enable debugging, use
./configure CFLAGS="-ggdb3 -O0"
(-O0 is used to turn off instruction reordering, which makes debugging
much easier.)
To show debug traces you can add -DDEBUG to CFLAGS option
Other notes
The make process will automatically build multipurpose binaries.
These have the core (iptables), -save, -restore and -xml code
compiled into one binary, but extensions remain as modules.
Static and shared
Basically there are three configuration modes defined:
--disable-static --enable-shared (this is the default)
Build a binary that relies upon dynamic loading of extensions.
--enable-static --enable-shared
Build a binary that has the shipped extensions built-in, but
is still capable of loading additional extensions.
--enable-static --disable-shared
Shipped extensions are built-in, and dynamic loading is