LJ 71: An Introduction to Using Linux as a Multipurpose Firewall

Listing 2. Required Settings to Support the Firewall Functionality in the Linux Kernel.

# Code maturity level options
CONFIG_EXPERIMENTAL=y
# Loadable module support
CONFIG_MODULES=y
CONFIG_MODVERSIONS=y
# General setup
CONFIG_NET=y
CONFIG_SYSVIPC=y
CONFIG_SYSCTL=y
CONFIG_BINFMT_AOUT=y
CONFIG_BINFMT_ELF=y
CONFIG_BINFMT_MISC=y
# Block devices
CONFIG_BLK_DEV_FD=y
CONFIG_BLK_DEV_IDE=y
# Networking options
CONFIG_PACKET=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_FIREWALL=y
CONFIG_FILTER=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_MASQUERADE=y
# Protocol-specific masquerading support will be 
built as modules.
CONFIG_IP_MASQUERADE_ICMP=y
# Protocol-specific masquerading support will be 
built as modules.
CONFIG_IP_MASQUERADE_MOD=y
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_IPPORTFW=y
CONFIG_IP_MASQUERADE_MFW=y
CONFIG_IP_ROUTER=y
CONFIG_IP_MROUTE=y
CONFIG_SYN_COOKIES=y
# Network device support
CONFIG_NETDEVICES=y
CONFIG_DUMMY=y
CONFIG_NET_ETHERNET=y
# PICK YOUR NETWORK CARD(S) OUT OF THE LIST ON THE
# MENU IF YOU ARE NOT SURE WHAT CARD DRIVER YOU 
# NEED, READ THE HELP FOR EACH DRIVER YOU THINK 
# MIGHT BE FOR YOUR CARD TO LEARN MORE.
CONFIG_NET_ISA=y
#IE: to support NE2000 clone cards
CONFIG_NE2000=y
# Character devices
CONFIG_VT=y
CONFIG_VT_CONSOLE=y
CONFIG_SERIAL=y
CONFIG_SERIAL_CONSOLE=y