Q Thank you very much for including Gentoo 2004 with your last issue -what an amazing distribution, and what amazing documentation! I have an x86 machine connected to the net through a Draytek Vigor 2600G ADSL Modem/Router. This is also a four-port 10/100 switch with wireless capability and a firewall -quite expensive but well worth it! The ADSL service is PPP over ATM (PPPoA) and my interface is an Intel Pro/1000 MT Desktop Adaptor referenced as eth0. By the way, I statically compiled e1000 support into my kernel. In light of the fact that Gentoo also provides a separate e1000 module/package, was this a good decision? I have yet to find any issues with my setup. Safe in the knowledge that I was protected by this comprehensive firewall, I've only just begun to look at IPTables, and here's my problem.
First of all, I'm a little lost as to how to configure my kernel (linux-2.4.26-gentoo-r6) for IPTables support. There seem to be several incompatible options here that I can't fathom. Secondly, if you compare some of your previous FAQs on your help pages, such as IP security, firewalls and Linux and the Internet, with some documentation I found at http://gentoo-wiki.com/HOWTO_Iptables_for_newbies, you'll notice a little difference in the number of rules and amount of detail given. I hope you're not as lost as me upon viewing the latter! Presently, I'm fearful of tinkering before understanding things more, so please help!
A You should be able to get going with IPTables simply by running iptables -nvL from the command line. This will list the three basic 'filter' tables that you can configure to block traffic. Gentoo's kernel comes with IPTables support as default, although if you've compiled your own kernel with support for the Intel EEPro 1000 NIC, you may want to compile IPTables into the kernel rather than using modules. Generally, it's a good idea simply to compile all of the options into the kernel because it can be very frustrating to have to reboot a firewall simply to add support for a particular IPTables feature. The documentation from Gentoo contains a very complete firewall configuration, which is beyond the needs of the vast majority of users. The script is useful because it allows for easy modifications to permit access to and from specific ports, making it a great starting point for anyone building a complex firewall.