Extend modules for Iptables on CentOS 5.1

Posted On 2008年11月8日星期六 at 时间: 21:13:00 by David Lu  

wget ftp://ftp.netfilter.org/pub/patch­-o­-matic­-ng/snapshot/patch-­o­-matic­-ng­20080709.tar.bz2
wget ftp://ftp.netfilter.org/pub/iptables/iptables­1.3.5.tar.bz2
tar jxf iptables­-1.3.5.tar.bz2
tar jxf patch­-o­-matic­-ng­-20080709.tar.bz2
cd /root/patch­-o­-matic­-ng­-20080709
yum install kernel­-devel ­-y
KERNEL_DIR=/usr/src/kernels/2.6.18­53.el5­-i686 IPTABLES_DIR=/root/iptables­1.3.5 ./runme ­­--download
KERNEL_DIR=/usr/src/kernels/2.6.18­53.el5­-i686 IPTABLES_DIR=/root/iptables­1.3.5 ./runme connlimit
KERNEL_DIR=/usr/src/kernels/2.6.18­53.el5­-i686 IPTABLES_DIR=/root/iptables­1.3.5 ./runme time
KERNEL_DIR=/usr/src/kernels/2.6.18­53.el5-­i686 IPTABLES_DIR=/root/iptables­1.3.5 ./runme ipp2p
­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­
Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y
­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­
cd /usr/src/kernels/2.6.18­53.el5-­i686
make oldconfig
­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­
Connections/IP limit match support (IP_NF_MATCH_CONNLI IT) [N/m/?] (NEW) m
­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­
make modules_prepare
mv net/ipv4/netfilter/Makefile net/ipv4/netfilter/Makefile.bak
vi net/ipv4/netfilter/Makefile
obj­m := ipt_connlimit.o ipt_time.o ipt_ipp2p.o
KDIR := /lib/modules/$(shell uname ­-r)/build
PWD := $(shell pwd)
default:
$(MAKE) ­-C $(KDIR) M=$(PWD)modules

make M=net/ipv4/netfilter/
cp net/ipv4/netfilter/ipt_connlimit.ko /lib/modules/2.6.18­53.el5/kernel/net/ipv4/netfilter/
cp net/ipv4/netfilter/ipt_time.ko /lib/modules/2.6.18­53.el5/kernel/net/ipv4/netfilter/
cp net/ipv4/netfilter/ipt_ipp2p.ko /lib/modules/2.6.18­53.el5/kernel/net/ipv4/netfilter/
chmod 744 /lib/modules/2.6.18­53.el5/kernel/net/ipv4/netfilter/ipt_connlimit.ko ipt_time.ko ipt_ipp2p.ko

cd /root/iptables­-1.3.5
make KERNEL=/usr/src/kernels/2.6.18­92.el5-­i686/
make install KERNEL=/usr/src/kernels/2.6.18­92.el5­i686/ BINDIR=/sbin LIBDIR=/lib
MANDIR=/usr/share/man
depmod ­-a
modprobe ipt_connlimit
modprobe ipt_time
modprobe ipt_ipp2p

iptables ­-A INPUT ­-p tcp ­­--syn ­­--dport 22 ­-m connlimit ­­--connlimit­-above 2 -j REJECT
iptables ­-A OUTPUT ­-p tcp ­­--dport 80 ­-m time ­­--timestart 14:00 ­­--timestop 18:00 ­­-days Thu,Sun ­-j REJECT
iptables ­-A FORWARD ­-p tcp ­-m ipp2p ­­--edk ­­--bit -­j DROP

ok!

--
知行合一

Posted in 标签: |

0 评论:

发表评论

订阅: 博文评论 (Atom)