[lug] RH 7.x word of caution

[D. Stimits]

kevin at scrye.com wrote:
> 
> >>>>> "DStimits" == D Stimits <stimits at idcomm.com> writes:
...
> 
> Yes, it is part of the standard kernel. It's:
> 
> CONFIG_IP_NF_COMPAT_IPCHAINS
> ipchains (2.2-style) support
> CONFIG_IP_NF_COMPAT_IPCHAINS
>   This option places ipchains (with masquerading and redirection
>   support) back into the kernel, using the new netfilter
>   infrastructure.  It is not recommended for new installations (see
>   `Packet filtering').  With this enabled, you should be able to use
>   the ipchains tool exactly as in 2.2 kernels.
> 
>   If you want to compile it as a module, say M here and read
>   Documentation/modules.txt.  If unsure, say `N'.
> 
> If you built iptables or ipfwadm into the kernel, you won't see this
> one. You can only have one at a time. You can build them all as
> modules tho...when you load the ipchains module, everything will work
> like you are on a 2.2.x kernel with ipchains.
...

I have verified that this is definitely available in the
Documentation/Configure.help, but I am trying without luck to find how
to activate this in make menuconfig. I understand what you are saying
about activation of ipchains other items causing this one to disappear,
but I have been swimming around this for quite some time (in make
menuconfig interface) and cannot find an item that actually matches
this. I am assuming the following...
Start in make menuconfig;
Go to "Networking options";
Somewhere in here...?

At this point I see:
<*> Packet socket
[ ]   Packet socket: mmapped IO
[ ] Kernel/User netlink socket
[ ] Network packet filtering (replaces ipchains)
[ ] Socket Filtering
<*> Unix domain sockets
[*] TCP/IP networking
[*]   IP: multicasting
[ ]   IP: advanced router
[ ]   IP: kernel level autoconfiguration
< >   IP: tunneling
< >   IP: GRE tunnels over IP
[ ]   IP: multicast routing
[ ]   IP: TCP Explicit Congestion Notification support
[ ]   IP: TCP syncookie support (disabled per default)
---
< > The IPX protocol
< > Appletalk protocol support
< > DECnet Support
< > 802.1d Ethernet Bridging
QoS and/or fair queueing  --->


Most interesting is the "Network packet filtering (replaces ipchains)".
I've tried with and without this, and all kinds of other possible
iptables or ipchains related items, with no success at finding the
actual item for CONFIG_IP_NF_COMPAT_IPCHAINS (checking help on each). I
do have it set to prompt for incomplete or devel, so that is not the
problem. I must be overlooking something terribly simple, staring right
at me. Under the assumption that it is set to prompt for devel or
incomplete packages, is the submenu "Networking options" not the place
to set this? Did you manually edit your .config and add this in? I keep
thinking all I need to do is bang my head on the wall a little
harder....

D. Stimits, stimits at idcomm.com