Iptables

This article is based on the old wiki iptables and stateful firewall (see the end of the article) and aims to get you started with and statefull firewall wishing that it will make you jump to write, maybe your first, stateful firewall rules and why not a complicated set of rules.

First off, you will need to to configure your with netfilter support. If you want to be able to add rules based on IP filtering like black listing IP addresses based on a live feed, do not forget to add IPSet support to your kernel.

Installation
Then merge the package with the desired USE flags to get you started.

Kernel configuration
So fire up a `make nconfig' in a terminal or a virtual terminal or else a `make menuconfig' for a more graphical output in your linux source directory, usually `/usr/src/linux' if that link point to something.

One can setup IPv6 support category to  to be safe and enable almost all Netfilter sub category as the following. Or else, enable only what you need and leave the other modules unset. You certainly would want almost all IP virtual server support core components (scheduler are certainly optional), IP: Netfilter Configuration support, IPv6: Netfilter Configuration for IPv6 support, IP set support for IP filtering based on IP, MAC, ports and then pick up what you need in Core Netfilter Configuration with at least: Netfilter: NFQEUE, LOG; Connection tracking: flow, mark, events, netlink; Netfilter Xtables: NFQEUE, LOG, conn{bytes,mark,state}, state helper with Xtables match: conn{bytes,mark,state}... you get the idea.

Once done, build your kernel and install kernel modules with something like: `make -j2 && make modules_install'.

External ressources
iptables and stateful firewall source article

iptables and stateful firewall

[category:Server and Security]