Author: bdubbs
Date: 2010-03-06 17:34:03 -0700 (Sat, 06 Mar 2010)
New Revision: 8300
Modified:
trunk/BOOK/postlfs/config/devices.xml
trunk/BOOK/postlfs/security/iptables.xml
Log:
Fix iptables install locations
Modified: trunk/BOOK/postlfs/config/devices.xml
===================================================================
--- trunk/BOOK/postlfs/config/devices.xml 2010-03-06 23:57:09 UTC (rev
8299)
+++ trunk/BOOK/postlfs/config/devices.xml 2010-03-07 00:34:03 UTC (rev
8300)
@@ -78,7 +78,7 @@
installed by SANE change permissions for known scanners, but not printers.
If a package maintainer forgot to write a rule for your device,
report a bug to both BLFS (if the package is there) and upstream, and
- you will need ot write your own rule.</para>
+ you will need to write your own rule.</para>
<para>There is one situation when such fine-grained access control with
pre-generated udev rules doesn't work. Namely, PC emulators such as KVM,
Modified: trunk/BOOK/postlfs/security/iptables.xml
===================================================================
--- trunk/BOOK/postlfs/security/iptables.xml 2010-03-06 23:57:09 UTC (rev
8299)
+++ trunk/BOOK/postlfs/security/iptables.xml 2010-03-07 00:34:03 UTC (rev
8300)
@@ -108,7 +108,13 @@
<para>Install <application>iptables</application> by running the following
commands:</para>
-<screen><userinput>./configure --prefix=/usr &&
+<screen><userinput>
+./configure --prefix=/usr \
+ --bindir=/sbin \
+ --sbindir=/sbin \
+ --libdir=/lib \
+ --libexecdir=/lib \
+ --with-pkgconfigdir=/usr/lib/pkgconfig &&
make</userinput></screen>
<para>This package does not come with a test suite.</para>
@@ -118,31 +124,23 @@
<screen role="root"><userinput>make install</userinput></screen>
</sect2>
-<!--
+
<sect2 role="commands">
<title>Command Explanations</title>
- <para><command>sed -i 's/name="$node/name="node/' iptables.xslt</command>:
- This corrects a syntax error in the XSLT stylesheet for use with
- <command>iptables-xml</command>.</para>
+ <para><parameter>--bindir=/sbin</parameter>,
+ <parameter>--sbindir=/sbin</parameter>: Ensure all the executables go
+ in <filename class="directory">/sbin</filename>.</para>
- <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>:
- Compiles and installs <application>iptables</application> modules
- into <filename class="directory">/lib</filename>, binaries into
- <filename class="directory">/sbin</filename> and the remainder into
- the <filename class="directory">/usr</filename> hierarchy instead of
- <filename class="directory">/usr/local</filename>. Firewalls are
- generally activated during the boot process and
- <filename class="directory">/usr</filename> may not be mounted at
- that time.</para>
+ <para><parameter>--libdir=/lib</parameter>,
+ <parameter>--libexecdir=/lib</parameter>: Ensure all the libraries are
+ in the <filename class="directory">/lib</filename> directory tree.</para>
- <para><parameter>KERNEL_DIR=/usr</parameter>: This parameter is used to
- point at the sanitized kernel headers in
- <filename class='directory'>/usr</filename> and not use the raw kernel
- headers in <filename class='directory'>/usr/src/linux</filename>.</para>
+ <para><parameter>--with-pkgconfigdir=/usr/lib/pkgconfig</parameter>:
+ Ensure all the pkgconfig files are in the standard location.</para>
</sect2>
--->
+
<sect2 role="configuration">
<title>Configuring Iptables</title>
@@ -179,8 +177,8 @@
iptables-multi, ip6tables, ip6tables-restore, ip6tables-save,
and ip6tables-multii</seg>
<seg>libip4tc.so, libip6tc.so, libiptc.so, libxtables.so,
- and numerous modules in /usr/libexec/xtables/</seg>
- <seg>/usr/libexec/xtables and /usr/include/libiptc</seg>
+ and numerous modules in /lib/xtables/</seg>
+ <seg>/lib/xtables/xtables and /usr/include/libiptc</seg>
</seglistitem>
</segmentedlist>
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
