blob: 4a44989e0375aa3651a715828683e7c84a72f169 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -07001Installation instructions for iptables
2======================================
3
4iptables uses the well-known configure(autotools) infrastructure.
5
6 $ ./configure
7 $ make
8 # make install
9
10
11Prerequisites
12=============
13
14 * no kernel-source required
15
16 * but obviously a compiler, glibc-devel and linux-kernel-headers
17 (/usr/include/linux)
18
19
20Configuring and compiling
21=========================
22
23./configure [options]
24
25--prefix=
26
27 The prefix to put all installed files under. It defaults to
28 /usr/local, so the binaries will go into /usr/local/bin, sbin,
29 manpages into /usr/local/share/man, etc.
30
31--with-xtlibdir=
32
33 The path to where Xtables extensions should be installed to. It
34 defaults to ${prefix}/libexec/xtables.
35
36--enable-devel (or --disable-devel)
37
38 This option causes development files to be installed to
39 ${includedir}, which is needed for building additional packages,
40 such as Xtables-addons or other 3rd-party extensions.
41
42 It is enabled by default.
43
44--enable-libipq
45
46 This option causes libipq to be installed into ${libdir} and
47 ${includedir}.
48
49--enable-static
50
51 Enable building single standalone multipurpose binaries,
52 (iptables-static and ip6tables-static), which contain every
53 extension compiled-in (and does not support additional
54 extensions).
55
56--with-ksource=
57
58 Xtables does not depend on kernel headers anymore, but you can
59 optionally specify a search path to include anyway. This is
60 probably only useful for development.
61
62If you want to enable debugging, use
63
64 ./configure CFLAGS="-ggdb3 -O0"
65
66(-O0 is used to turn off instruction reordering, which makes debugging
67much easier.)
68
69
70Other notes
71===========
72
73The make process will automatically build multipurpose binaries.
74These have the core (iptables), -save, -restore and -xml code
75compiled into one binary, but extensions remain as modules.
76
77If you want to build a statically linked version of the iptables binary,
78without the need for loading the plugins at runtime (e.g. for an
79embedded device or router-on-a-disk), you can use the --enable-static
80configure flag.