The Linux 2.6 kernel contains netfilter and iptable building blocks. Using this framework, an internet firewall can be build using on stateless and stateful packet filtering. The firewall supports masquerading for sharing internet access and implementing transparent proxies. For more info, refer to "The netfilter/iptables project" ^[21].

Download and unpack the sources.

wget -P $DL_DIR ftp://ftp.netfilter.org/pub/iptables/iptables-1.4.0.tar.bz2 # was 1.2.11, 1.3.6, 1.3.8
tar -C $PRJ_DIR/apps -xvjf $DL_DIR/iptables-1.4.0.tar.bz2
cd $PRJ_DIR/apps/iptables-1.4.0

Compile and install to rootfs.d.

make KERNEL_DIR=$LINUX_DIR clean
make NO_SHARED_LIBS=1 DO_IPV6=0 \
     CC=${TOOLCHAIN_CROSS}gcc KERNEL_DIR=$LINUX_DIR PREFIX=$ROOTFS_DIR
install -s -m 755 iptables $ROOTFS_DIR/sbin/

An example firewall configuration is presented in Section 5.3, “Firewall Configuration”.