Being a security conscious kind of guy, the first thing that bothered me about my EeePC was the lack of iptables support in the default kernel. I've read through some of the threads that discuss the requirement and whether it is needed or not, and I still would rather have a firewall than not. Since I also intended to install some things that may listen, (sshd, named, who knows what else …) I felt a good firewall would be the best idea. (Networks, and Network Security is also what I do for a living.)
With those thoughts in mind, I set out to recompile the kernel, and get the iptables support. My first attempt followed the kernel rebuild instructions on the wiki. While this produced a working kernel, none of the network drivers worked. I later discovered this is because adding iptables support also requires recompiling the network drivers as well. Long story short, I downloaded the eeepc kernel source, uvcvideo source, and atl2 source from Asus, then downloaded the patched madwifi drivers. I built the kernel on my EeePC using a modified version name (eeepc-sk) so I would not disturb the default kernel or kernel modules. I created the .config using make xconfig from another working linux computer then compiled the kernel and modules on the Eee itself. I then built the atl2 and madwifi drivers. (If you are trying to replicate this, make sure you boot to your new kernel BEFORE you build the atl2 modules, other wise you will over write the installed modules.) Then I compiled the uvcvideo driver for the webcam. Lastly, I copied the asus_acpi.ko module into my modules directory, and now, everything seems to work. (ethernet, wifi, blue fn buttons, sleep, fan, webcam, etc.)
If anyone is interested, I've made a tar file with the kernel, modules, and System.map and uploaded to my web site.
http://www.scott.knauss.com/eeepc-kernel-with-iptables.html
If you are still using the unionfs, you will need to boot to Rescue mode to install the kernel as described here:
http://wiki.eeeuser.com/howto:installrescuemode
If you have already eliminated your unionfs, and you are running with one big partition, you can just cd to / and unpack the archive, then skip down to creating the grub entry.
Be careful with this next step. If you do this wrong several times, you could fill you hard drive…
Before you reboot to Rescue mode, create a directory in your home directory (/home/user/), call it newroot. cd to newroot, and unpack the archive there. Then when you reboot to rescue mode:
mount /dev/sda1 /mnt-system mount /dev/sda2 /mnt-user cd /mnt-user/home/user/newroot cp -r * /mnt-system/''
Note: If you have a 900 model, /home/user is in /dev/sdb1 instead of /dev/sda2. You will need to adapt the above commands as follows to load USB modules to mount this flash drive:
cd /mnt-system/lib/modules/2.6.21.4-eeepc/kernel/drivers/usb/ insmod core/usbcore.ko insmod host/ehci-hcd.ko insmod host/uhci-hcd.ko insmod storage/libusual.ko insmod storage/usb-storage.ko mknod /dev/sdb1 b 8 17 mount /dev/sdb1 /mnt-user
Using vi create an entry in the /boot/grub/menu.lst file that names the new kernel, like so.
title Iptables Support
root (0x80,0)
kernel /boot/vmlinuz-2.6.21.4-eeepc-sk quiet rw vga=785 irqpoll i8042.noloop=1 root=/dev/sda1
initrd /boot/initramfs-eeepc.img
If you make this entry anything other than the very first entry, you should also comment out the line in menu.lst that starts with “hidemenu” and change the timeout vale from 0 to 2. This will cause the grub menu to show up for 2 seconds allowing you to select the desired kernel.
Once you have booted to the new kernel, you can install any of the many firewall building utilities to create a simple iptables firewall.
Another thing you may want to consider after you get you firewall running is a way to monitor the firewall. Iptables can be created to log packets to syslog. For a good way to use syslog-ng on the eee check out syslog.