On Saturday 05 January 2008, [EMAIL PROTECTED] wrote: > Configuring a new kernel is a dreaded task here. It seems I walk > through a bewildering array of stuff that when pressing F1 on them I > get more bewildering information I barely understand a word of.
Ah yes. It's that way 'cause it was designed that way :-) [snip] > And of course the kicker is that I'd like to learn this without weeks > and weeks of pounding away at it. Unfortunately and in my experience, there's no easy shortcut to getting a sane minimal kernel config. You really do need to have at least a high-level understanding of what the various chunks of the kernel do so that you can decide to enable them or not. You need to understand what the various bits of hardware are - if you have never heard of iSCSI you will have no idea if you need it or not. It's not enough to generally just say "If you don't know what it is, you don't need it" as you might run into SCSI, and know for a fact you do not have any SCSI hardware. But, without it, all kinds of stuff break (like usb storage) I know how I got my current level of knowledge - years and years of pounding away at it, reading thousands of howtos and web pages, only to have tons of it become redundant every six months. I strongly suspect you may have to do something similar. > My current quest involved getting a kernel with full barrel iptables > and conn_track settings in place. The usual problem is that the > howtos are dealing with a much older (in kernel devel time) kernel > that actually has different or not all the setting currently > available. trial-and-error is probably your best bet. Get it working with a full genkernel setup. Note which modules get used in real life, start removing them in batches and make notes when stuff breaks > Can someone steer me to a more `in depth' tutorial? Or to something > they've found to really throw some light the chore? Not necessarily > about iptables but just the general chore of configuring a kernel > wisely. I've yet to find a single resource for this. As I said above it does seem to be a collection of knowledge gathered from many places over a long period. There's a reason for the existence of genkernel - it's so that you don't have to go through all this pain and suffering, and can instead remove stuff a bit at a time with reasonable confidence it won;t blow up in your face :-) alan -- Alan McKinnon alan dot mckinnon at gmail dot com -- [EMAIL PROTECTED] mailing list
