Deployment:Linux:Kernel:Compile:IP Tables
From Main
OK, on my basic make menuconfig this is what I saw. It wasn't obvious that Xtables needs to be selected. I was under the impression this option would automatically get selected once I enabled IPTABLES. It's actually the other way around, you need to select this option first to see all the other iptable options.
Networking ---> Networking Options ---> Network packet filtering (replaces ipchains) ---> Core Netfilter Configuration ---> < > Netfilter netlink interface < > Netfilter Xtables support (required for ip_tables)
So selecting these two options allows us to see all the other options:
<M> Netfilter netlink interface < > Netfilter NFQUEUE over NFNETLINK interface (NEW) < > Netfilter LOG over NFNETLINK interface (NEW) <M> Netfilter Xtables support (required for ip_tables) < > "CLASSIFY" target support (NEW) < > "MARK" target support (NEW) < > "NFQUEUE" target Support (NEW) < > "comment" match support (NEW) < > "conntrack" connection tracking match support (NEW) < > "DCCP" protocol match support (NEW) │< > "ESP" match support (NEW) │ │ │ │< > "helper" match support (NEW) │ │ │ │< > "length" match support (NEW) │ │ │ │< > "limit" match support (NEW) │ │ │ │< > "mac" address match support (NEW) │ │ │ │< > "mark" match support (NEW) │ │ │ │< > IPsec "policy" match support (NEW) │ │ │ │< > Multiple port match support (NEW) │ │ │ │< > "physdev" match support (NEW) │ │ │ │< > "pkttype" packet type match support (NEW) │< > "realm" match support (NEW) │ │ │ │< > "sctp" protocol match support (NEW) │ │ │ │< > "state" match support (NEW) │ │ │ │< > "string" match support (NEW) │ │ │ │< > "tcpmss" match support (NEW)
<P>Then under:
Networking ---> Networking Options ---> Network packet filtering (replaces ipchains) ---> IP: Netfilter Configuration ***You must select <M> IP tables support (required for filtering/masq/NAT) *** in order to see the other options
<P> The following options may be of interest:
<M> IP tables support (required for filtering/masq/NAT) │ │
│ │<M> IP range match support │ │
│ │<M> TOS match support │ │
│ │<M> recent match support │ │
│ │<M> ECN match support │ │
│ │<M> DSCP match support │ │
│ │<M> AH match support │ │
│ │<M> TTL match support │ │
│ │<M> Owner match support │ │
│ │<M> address type match support
│ │<M> hashlimit match support │ │
│ │<M> Packet filtering │ │
│ │<M> REJECT target support │ │
│ │<M> LOG target support │ │
│ │<M> ULOG target support │ │
│ │<M> TCPMSS target support │ │
│ │<M> Full NAT │ │
│ │<M> MASQUERADE target support │ │
│ │<M> REDIRECT target support │ │
│ │<M> NETMAP target support
│ │<M> SAME target support │ │
│ │<M> Basic SNMP-ALG support (EXPERIMENTAL) │ │
│ │<M> Packet mangling │ │
│ │<M> TOS target support │ │
│ │<M> ECN target support │ │
│ │<M> DSCP target support │ │
│ │<M> TTL target support │ │
│ │<M> raw table support (required for NOTRACK/TRACE) │ │
│ │<M> ARP tables support │ │
│ │<M> ARP packet filtering
│<M> ARP payload mangling
