HLFS and iptables policy match support

Sebastian Faulborn sfaulborn at web.de
Fri Jun 30 06:39:19 PDT 2006

>On Thu, 29 Jun 2006 13:51:57 -0500
>Robert Baker <bobb at netslyder.net> wrote:

>> I can get linux- to compile ok with a patch-o-matic from a
>> while ago for Policy match. The kernel boots, and seems to function
>> properly. However when building iptables following BLFS directions
>> the policy match support does not seem to get compiled in. When
>> changing the make command to include KERNEL_DIR=... I promplty
>> recieve a compile error.
>This e-mail reminded me of something I noticed recently when I compiled
>iptables, so I figured it would be useful to point out.
>When I had built iptables, I had forgotten to unpack my kernel source,
>I did not feel like waiting and decided to test this.
>I compiled iptables with the KERNEL_DIR= pointing to where I installed
>my linux-headers (aka linux-libc-headers).
>It seems to have compile properly, but I still wonder if something may
>be missing.
>So, does iptables actually need ONLY the linux-headers, if so perhaps
>we should link to those headers instead of having the actual kernel
>source.  Seems to feel like better practice, as whatever the
>linux-libc-headers is, it is considered to be more stable than directly
>using the actual kernel source.

I always have compiled iptables according to the instructions in BLFS
and have never had any problems. They say that you must NOT have any
unpacked kernel sources - especially not in /usr/src/linux. There is
no need to use KERNEL_DIR=.

Sebastian Faulborn
Homepage: http://www.secure-slinux.org

More information about the hlfs-dev mailing list