Source compilation

Compiling the kernel source

Ebtables and bridge-netfilter are a part of the standard 2.6 kernel. Most Linux distributions enable this functionality in their custom kernels. However, if you want to build your own kernel, these steps have to be taken:
  1. With make menuconfig (or whatever) go to 'Device drivers->Networking support->Networking options'.
  2. Go to the bottom and check '802.1d Ethernet Bridging'. Check 'Network packet filtering (replaces ipchains)' and move into this directory.
  3. On a standard configuration iptables and arptables will see bridged traffic. If you don't want them to see bridged traffic, disable 'Bridged IP/ARP packets filtering'.
  4. Go to 'Bridge: Netfilter configuration' and enable the ebtables modules you want, for an explanation of what the modules do, see the help dialog inside the configuration tool or the ebtables man page.

Compiling and installing the userspace tool ebtables

If you download an official release, the steps are simple (replace XXX by the version you downloaded):

tar -xzf ebtables-vXXX.tar.gz
cd ebtables-vXXX
The above compiles the ebtables source. To install the tool, do the following:
sudo make install
If you use the CVS version, you will need to specify the directory that contains the header files. You should specify the include directory from a recent 2.6 kernel, preferrably the one that corresponds to your kernel (see cat /proc/version).
make install KERNEL_INCLUDES=<kernel_dir>/include/
There are some compile time options to specify the destination directories (you usually shouldn't care about these): LIBDIR, MANDIR, BINDIR, ETCDIR, ETHERTYPESPATH and DESTDIR. LIBDIR denotes the directory where to put the shared libraries and defaults to /usr/lib. MANDIR denotes the directory where to put the man page and defaults to /usr/local/man (the /man8 subdirectory should not be specified). BINDIR denotes the directory where to put the ebtables executable and defaults to /usr/sbin (or /sbin in earlier versions of ebtables). ETCDIR denotes the etc directory (defaults to /etc) and ETHERTYPESPATH denotes the directory where to put the ethertypes file, which contains the assigned Ethernet protocol names (defaults to ETCDIR). The DESTDIR denotes the base directory, by default it is not set. If set, all files will be copied to places relative to DESTDIR instead of / (the root directory).