notice

当前位置: 系统之家 » Linux » 阅读正文


centos 5.4 为 iptables 加入 connlimit

2010年5月1日 | 发布: admin


点击图片查看更多内容

wget http://mirrors.163.com/centos/5. ... .18-164.el5.src.rpm
wget http://ftp.netfilter.org/pub/pat ... ng-20091010.tar.bz2

wget http://www.netfilter.org/project ... ables-1.3.8.tar.bz2
# mkdir /usr/src/redhat/
# mkdir /usr/src/redhat/SOURCES
# groupadd mockbuild
# useradd mockbuild -g mockbuild
# rpm -ivh kernel-2.6.18-164.el5.src.rpm
# yum -y install rpm-build
# yum -y install m4 gnupg redhat-rpm-config
# cd /usr/src/redhat/SPECS
# rpmbuild -bp --target=$(uname -m) ./kernel-2.6.spec
# cp -r /usr/src/redhat/BUILD/kernel-2.6.18/ /usr/src
# vi /usr/src/kernel-2.6.18/linux-2.6.18.i686/Makefile
修改 EXTRAVERSION = -164.el5
# tar jxvf iptables-1.3.8.tar.bz2
# tar jxvf patch-o-matic-ng-20091010.tar.bz2
# mv iptables-1.3.8 /usr/src/
# mv patch-o-matic-ng-20091010 /usr/src
# cd /usr/src
# export KERNEL_DIR=/usr/src/kernel-2.6.18/linux-2.6.18.i686
# export KERNEL_SRC=/usr/src/kernel-2.6.18/linux-2.6.18.i686
# export IPTABLES_SRC=/usr/src/iptables-1.3.8
# export IPTABLES_DIR=/usr/src/iptables-1.3.8
# cd /usr/src/patch-o-matic-ng-20091010
# ./runme --download
# ./runme connlimit
# yum -y install ncurses-devel
# cd /usr/src/kernel-2.6.18/linux-2.6.18.i686/
# make menuconfig
在内核配置界面选中
Networking --->
Networking options --->
Network packet filtering (replaces ipchains) --->
IP: Netfilter Configuration --->
<M> Connections/IP limit match support
# make modules_prepare
# mv net/ipv4/netfilter/Makefile net/ipv4/netfilter/Makefile.bak
新建 net/ipv4/netfilter/Makefile文件,并添加如下内容
vi net/ipv4/netfilter/Makefile

obj-m := ipt_connlimit.o
KDIR := /lib/modules/$(shell uname -r)/build
PWD := $(shell pwd)
default:
$(MAKE) -C $(KDIR) M=$(PWD) modules

最后编译内核模块
# make M=net/ipv4/netfilter/
将编译好的ipt_connlimit.ko内核模块复制到当前内核模块目录下,并加载内核模块
# cp net/ipv4/netfilter/ipt_connlimit.ko /lib/modules/2.6.18-164.el5/kernel/net/ipv4/netfilter/
为内核模块添加可执行权限
# chmod +x /lib/modules/2.6.18-164.el5/kernel/net/ipv4/netfilter/ipt_connlimit.ko
# depmod -a
# modprobe ipt_connlimit
# lsmod | grep x_tables
出现如下提示,说明内核模块加载成功
x_tables 17349 3 xt_tcpudp,xt_state,ip_tables
测试ipt_connlimit模块
# iptables -I INPUT -p tcp --dport 22 -m connlimit --connlimit-above 2 -j REJECT

请对我们的文章进行评论

标签:

版权声明:

转载时请注明文章出处,并在文章结尾表明本文链接,特此声明!

本文链接:http://www.xtgly.com/54.htm

发表评论

1 trackbacks

显示 隐藏
  1. install heat pump Trackback | 2011/12/05