Reply To: IPTables and "state match support"

[brianb]

Ok. I finally managed to get shorewall to start. Here are the details of what I did to build the kernel:

Much of this information was taken from the espressobin wiki
http://wiki.espressobin.net/tiki-index.php?page=Build+From+Source+-+Kernel
http://wiki.espressobin.net/tiki-index.php?page=Ubuntu+-+initial+network+configuration

1. Make a directory for the source code
sudo mkdir -p kernel/4.4.8
2. Go to the directory
cd kernel/4.4.8
3. Use git to download the source code
sudo git clone https://github.com/MarvellEmbeddedProcessors/linux-marvell .
sudo git checkout linux-4.4.8-armada-17.02-espressobin
4. Downoad the configuration file with “NETFILTER/IPTABLES/NAT features enabled”
sudo wget -O nat_config http://wiki.espressobin.net/tiki-download_file.php?fileId=86
5. Set up the necessary environment variables
export PATH=$PATH:/mnt/usb/toolchain/gcc-linaro-5.2-2015.11-2-x86_64_aarch64-linux-gnu/bin
export ARCH=arm64
export CROSS_COMPILE=aarch64-linux-gnu-
6. Generate the default configuration file
make mvebu_v8_lsp_defconfig
7. Backup the configuration file
mv .config .config.bak
8. Copy the configuration file downloaded above
cp nat_config .config
7. Edit the configuration file, including IP_NF_FILTER
vim .config

CONFIG_IP_NF_FILTER=y
8. Specify additional options using menuconfig. NOTE: all options were compiled in the kernel (*), and modules (M) were not used
make menuconfig
> Networking Support
> Networking Options
> Network Packet Filtering Framework (Netfilter)
* Network packet filtering debugging
* Advanced netfilter configuration
* Bridged IP/ARP packets filtering
* IP set support
* IP virtual server support
* Ethernet Bridge tables (ebtables) support
> Core Netfilter Configuration
Include All Items
> IP: Netfilter Configuration
Include All Items
9. Backup the configuration file
cp .config nf_config
10. Build the kernel
make -j4