the compiler can optimize the kernel. To select your processor type, click the button to the left of the option (in Figure 5.4, this button is labeled Pentium) to generate a drop-down box with a list of processors. Click the processor type you have (or the closest one), and you're set.

Floppy, IDE, and Other Block Devices

The Floppy, IDE, and other block devices submenu lists the options you have for basic device support for IDE and floppies as well as some older drive types (for example, MFM and RLL). As the kernel evolves, these options will change slightly.

You definitely should select Yes for Normal floppy disk support because you will have no way of accessing your floppy drives without it. Don't select No for this option because you're looking for a way to secure your floppies from nonroot users; instead change the permissions on /dev/fd0 to 0600.

If you have an IDE hard drive (like the sample system does), you should select Yes for Enhanced IDE/MFM/RLL disk/cdrom/tape support. Selecting No dims all the IDE options in the rest of the submenu. Because you're using this option, the next option (Old harddisk (MFM/RLL/IDE) driver) is dimmed.

The remainder of the IDE options are for support for specific chipsets. This information varies from machine to machine. When you're in doubt, selecting Yes for these options doesn't hurt, but it will result in a larger kernel. Each driver will automatically probe the system at boot time to determine whether it should or should not be activated.

You can select Yes for Loopback device support if you have a special need to mount a file as a filesystem (for example, for testing an ISO9660 image before burning it to a CD). You should also select Yes for Loopback device support if you intend on using the Common Desktop Environment. For most people, however, this option should be tagged No.

The Multiple devices driver support option turns on a special driver that allows you to connect multiple partitions (even on different disks) together to work as one large partition. Unless you are a systems administrator configuring this item, you should set this option to No. If you plan to set up this feature, be sure to read the ./drivers/block/README.md file in the Linux source tree. The options for using Linear (append) mode and RAID-0 (striping) mode are applicable only if you plan to use Multiple devices driver support.

RAM disk support is provided in the kernel to allow you to create virtual filesystems in your system's memory. This feature is really useful only if you are creating a special kernel for use on boot disks. For most instances, select No for RAM disk support. Doing so automatically dims the Initial RAM disk (initrd) support option.

Unless you have a very old hard disk that you need to use with this machine, you should leave the XT harddisk support option tagged No. If you do need to support a very old hard disk, seriously consider making the investment in upgrading the device to something more current—if not for your performance, at least for the safety of the data.

Networking Options

Because of the rate at which network technology evolves, covering specifics is difficult because they become outdated too quickly. For this section on the Networking options, I'll cover the basics along with some security notes. For specific features, you should check the help box attached to each option on the Networking options submenu.

Before getting into details, you should have a clear idea of what sorts of networking features you expect your machine to offer. If your machine will spend a great deal of its time serving or as a user's desktop machine, you should keep the network configuration simple and not provide any elaborate services. On the other hand, if the machine is destined to become a gateway/proxy service, you should pay attention to the details.

Assuming that you do want to join the network, you must turn on two of the options. The first, of course, is TCP/IP networking. Tagging this option No dims all the other options. The other option you must turn on is IP: syn cookies. Enabling this option is especially important if you are going to be attached to the Internet in one way or another because it provides protection against SYN attacks. (For additional details on SYN attacks as well as a various other security-related issues, visit the CERT home page at http://www.cert.org.)

The essence of many of the Networking options is the ability to configure Linux to act as either a router or a firewall. To access the firewalling options, be sure to enable the Network firewall, Network aliasing, and IP: forwarding/gatewaying options. If you plan to use your Linux machine in this fashion, you will probably want to enable the IP: accounting and IP: optimize as router not host options.

If you have trouble connecting to your Linux machine via Telnet from an older DOS system, you might want to select Yes for IP: PC/TCP compatibility mode. Turning on this option allows Linux to communicate with the older (and broken) software on the DOS side. The IP: Disable Path MTU Discovery (normally enabled) option can also be a cause of problems with older systems. Normally, Linux starts by sending larger packets of data across the network. If it finds a machine that cannot handle the larger size, it brings the size down until everyone is happy. Some older DOS machines with poorly written software don't handle this technique well and need to have this option disabled. If that is the case, check Yes for this option.

The IP: Reverse ARP option is useful if machines on the network use Address Resolution Protocol (ARP) to determine the network's IP address based on its Ethernet address. (Typically,