Enabling Netfilter in Your Kernel

In order to include Netfilter as a configuration item, you must enable Code maturity-level options for development and/or incomplete code/drivers. With this option enabled, proceed to Networking options. Here you will need to enable Network packet filtering (replaces ipchains). Unless you have several gigabytes of free space, I highly recommend you do not enable Network packet-filtering debugging.

Now skip down to IP: Netfilter Configuration (to enter the Netfilter modules submenu). In this submenu you'll want to select all options as modules. The modules will, for the most part, be loaded only as needed. As of this writing, four exceptions exist, and they are addressed specifically in the article.

If you want to run IPv6, you'll need to select the IPv6 protocol, then enter the IPv6: Netfilter Configuration. Again, select all options as modules.