Firestarter

Firestarter Manual

[Back to Index]

Kernel Requirements

Firestarter requires certain Linux kernel subsystems to be present in order to function properly. This is not an issue with vendor provided kernels, as all Linux distributions provide the required functionality out of the box these days. However, if you are creating your own customized kernels the following section is likely of interest to you.

Configuring the 2.6 kernel
Picture: Recommended configuration for Linux kernel version 2.6

Configuring the kernel

These instructions are meant for the Linux 2.6 kernel. Note that Firestarter 0.9.x also works with the older 2.4 kernel, in which case the basic configuration is the same but the kernel options are laid out differently in the configurator. It is assumed the user already knows how to compile a kernel, see the Kernel Build HOWTO if you require help in this regard.

All of the kernel options affecting Firestarter are located under the Device Drivers->Networking support menu. First, the option Networking support, must be enabled. Then, under the submenu Networking options->Network packet filtering, the Network packet filtering option must be enabled. Finally, the submenu IP: Netfilter configuration presents you with a long list of Netfilter modules, the exact contents of which depends on your specific kernel revision. Here you have the option of enabling the features as either modules or compiled statically into the kernel. It is recommended that you compile all of the features as modules unless you are specifically creating a kernel without module support. This way, when you are not using a particular feature it will not use any memory.

Note: Firestarter versions prior to 0.9.4 output error messages to the console if you compile the features statically into the kernel and not as modules. However, if all the required features are present in the kernel Firestarter will work fine anyway.

All of the Netfilter feature are however not required, although we recommend you enable them as modules in any case as this allows future versions of Firestarter to make use of them and there is no harm in doing so. At the very least, the Connection tracking, IP tables, Connection state match support, Connection tracking match support, Packet filtering, Full NAT and the LOG target support features must be present. Some of the other features, when detected at run time in the kernel, enable additional functionality in Firestarter. The only features we recommend you do not include are the legacy ipchains support and ipfwadm support options.

Kernel features location reference

(*) We recommend you enable everything except ipchains support and ipfwadm support as modules under this menu

[Back to Index]