On 2/8/07, Darcy Roberts <[EMAIL PROTECTED]> wrote: <snip>
> I've turned on the appropriate modules in the kernel and all appears correct > now. One issue is that the style of the options - everyone shows > "CONFIG_IP_NF_IPTABLES=y" but this isn't the same text as when using > menuconfig. I ended up manually editting .config (bad idea, since ugly > dependencies for options now show up). > Defintely can create issues with dependencies, use the menu based config where you can. If you select the help option for each kernel config item (i.e. ? instead of Y\N\M for make menuconfig) the help will usually tell you the config item name. What you need to have is dependant on how complex your iptables rules are going to be. For example, if your going to be using NAT, you will need some or all of the NAT options - if your never going to adjust the TCPMSS value using iptables, you don't need those option in the kernel. That said, it adds very little additional overhead to the kernel to just select every single option (m for modular, y for static [always built into kernel]) - if your iptables ruleset doesn't need a function it won't be loaded if you selected modules. Note that the latest kernel release (2.6.20) has just significantly re-arranged the netfilter options menu again, obseleting a number of items, and adding new ones. > BTW, how do I limit the size of the kern and sys logs? grab logrotate from the debian ftp mirrors. you run logrotate every so often (usually daily) in cron (you'll need to install the cron daemon too!) and the logrotate configuration files indicate after how long, what size etc to chop the logs smaller, keep x number of backup copies, compress the backups, etc. -- -- - Steve Crosby -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
