轉載位址:http://www.uddtm.com/server/iptables/146.html
在核心配置檔案中要啟用一些較要的選項包括Netfilter連接配接跟蹤、日志記錄和包過濾。iptables 是通過使用由Netfilter提供的核心中的架構來建立一個政策的。
對于2.6系列的核心來說,大多數的Netfilter編譯選項都位于Networking-->Networking Options下的Network Packet Filtering Framework一節中。在Network Packet Filtering Framework中還有兩個額外的配置節--Core Netfilter Configuration(核心Netfilter配置)和IP:Netfilter Configuration (IP:Netfilter配置)。
1、核心Netfilter配置(如下的重要選項應該被啟用)
Comment match support (Comment 比對支援)
FTP support (FTP協定支援)
Length match support (資料包長度比對支援)
Limit match support (Limit比對支援)
MAC address match support (MAC位址比對支援)
MARK target support (MARK目标支援)
Netfilter connection tracking support (Netfilter連接配接跟蹤支援)
Netfilter LOG over NFNETLINK interface (Netfilter通過NFNETLINK接口記錄日志)
Netfilter netlink interface (Netfilter netlink接口)
Netfilter Xtables support (Netfilter Xtables支援)
State match support (state比對支援)
String match support (string比對支援)
2、IP:Netfilter配置(本節需要啟用的選項如下)
ECN target support (ECN目标支援)
Full NAT (完整NAT支援)
IP address range match support (IP位址範圍比對支援)
IP tables support (required for filtering/masq/NAT) (IP tables 支援,Filtering/masq/NAT需要)
IPv4 connection tracking support (required for NAT) (IPv4連接配接跟蹤支援,NAT需要)
LOG target support (LOG目标支援)
MASQUERADE target support (MASQUERADE目标支援)
Owner match support (Owner目标支援)
Packet filtering (包過濾支援)
Packet mangling (包修改支援,常用于改變包的路由)
raw table support (required for NOTRACK/TRACE) (raw表支援,NOTRACK/TRACE需要)
Recent match support (recent比對支援)
REJECT target support (REJECT目标支援)
TOS match support (TOS比對支援)
TOS target support (TOS目标支援)
TTL match support (TTL比對支援)
TTL target support (TTL目标支援)
ULOG target support (ULOG目标支援)。
![Generic P2P Architecture, Tutorial and Example - CodeProject[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)