![]() KERNEL Kernel settings for router Networking support -> raw table support (required for TRACE) Router "ipv6header" IPv6 Extension Headers Match IP6 tables support (required for filtering) raw table support (required for NOTRACK/TRACE) ![]() IP tables support (required for filtering/masq/NAT) IPv4 connection tracking support (required for NAT) "conntrack" connection tracking match support *- Netfilter Xtables support (required for ip_tables) Network packet filtering framework (Netfilter) Network packet filtering framework (Netfilter) -> TCP: MD5 Signature Option support (RFC2385) IP: IPsec BEET mode (obsolete in kernel 5.4) IP: IPsec tunnel mode (obsolete in kernel 5.4) IP: IPsec transport mode (obsolete in kernel 5.4) KERNEL Kernel settings for client Networking support -> In "Network packet filtering framework" only the tables "filter" are needed with connection tracking support and with REJECT target support. This configuration does not provide network address translation or any other high sophisticated features. Kernel configuration required by iptables depends on the intended use case.įor client computers some basic options need to be activated in the kernel. ![]() To allow adding rules based on IP filtering like black listing IP addresses based on a live feed, do not forget to add IPSet support to the kernel and merge the net-firewall/ipset package.
0 Comments
Leave a Reply. |