If your kernel version is before 2.1.102; you need the ipfwchains
patch to the 2.1.x or 2.0.x kernel series.
You need to be running a kernel compiled with CONFIG_IP_FIREWALL (for
2.1.102 and above) or CONFIG_IP_FIREWALL_CHAINS set to `y'. You can
tell that your current kernel is compiled with this by looking for
`/proc/net/ip_fwchains' - if it exists, then your kernel is ready for
the ipchains utility.
You should be able to simply type "make all", then (as root) "make
install"; this will put the ipchains binary in /sbin/ipchains, and the
man pages in /usr/man/man4/ipfw.4 and /usr/man/man8/ipchains.8. Set
SBIN and MANDIR repectively (by specifying SBIN=xxx and/or MANDIR=xxx
on "make install" command line, or editing the Makefile).
See the HOWTO details. Included is an
excellent quick reference card by Scott Bronson, in PostScript (best
printed double-side). This was written in WordPerfect 8 on Linux;
you can get the WordPerfect source from
The concept and chunks of the implementation were grabbed from ipfwadm
2.3; the name has been changed to avoid confusion, as `ipfwadm' will
NOT work with kernels with the new firewall code. Also, I took the
opportunity to rationalize the command line parameters, making it
perhaps more difficult for ipfwadm users (not necessarily a bad thing,
as it highlights the differences) but hopefully making things more
sane in the long run.
In recognition of the fantastic work done by Jos Vos, without whom I
would have had no code or concepts to guide me, here is the original
copyright notice from many of the files. (Do NOT contact Jos with
problems in these utilities; they are almost certainly things I
wrecked, and complaining to him would be unfair and unrewarding).
Copyright (c) 1995,1996 by X/OS Experts in Open Systems BV.
All rights reserved.
Author: Jos Vos <email@example.com>
X/OS Experts in Open Systems BV
1098 VA Amsterdam
Paul ``Rusty'' Russell & Michael Neuling.